CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47033
https://notcve.org/view.php?id=CVE-2024-47033
25 Oct 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47027
https://notcve.org/view.php?id=CVE-2024-47027
25 Oct 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47024
https://notcve.org/view.php?id=CVE-2024-47024
25 Oct 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47017
https://notcve.org/view.php?id=CVE-2024-47017
25 Oct 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47016
https://notcve.org/view.php?id=CVE-2024-47016
25 Oct 2024 — there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47013
https://notcve.org/view.php?id=CVE-2024-47013
25 Oct 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47012
https://notcve.org/view.php?id=CVE-2024-47012
25 Oct 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44098
https://notcve.org/view.php?id=CVE-2024-44098
25 Oct 2024 — In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45261
https://notcve.org/view.php?id=CVE-2024-45261
24 Oct 2024 — Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control. • https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-9050 – Networkmanager-libreswan: local privilege escalation via leftupdown
https://notcve.org/view.php?id=CVE-2024-9050
22 Oct 2024 — A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. ... As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. ... Issues addressed inclu... • https://access.redhat.com/errata/RHSA-2024:8312 • CWE-94: Improper Control of Generation of Code ('Code Injection') •