CVE-2024-8012 – Ivanti Workspace Control RES Exposed Dangerous Method Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8012
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Workspace Control. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2024-38249 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38249
Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38249 • CWE-416: Use After Free •
CVE-2024-41171
https://notcve.org/view.php?id=CVE-2024-41171
Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system. • https://cert-portal.siemens.com/productcert/html/ssa-342438.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-44893
https://notcve.org/view.php?id=CVE-2024-44893
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. • https://github.com/jeecgboot/JimuReport/issues/2904 • CWE-269: Improper Privilege Management •
CVE-2024-42759
https://notcve.org/view.php?id=CVE-2024-42759
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. • https://csflabs.github.io/cve/2024/09/06/cve-2024-42759-approval-of-your-own-ticket-with-BFLA.html https://ellevo.com • CWE-592: DEPRECATED: Authentication Bypass Issues •