CVE-2024-40712
https://notcve.org/view.php?id=CVE-2024-40712
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). • https://www.veeam.com/kb4649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-6260 – Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6260
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.malwarebytes.com/secure/cves https://www.zerodayinitiative.com/advisories/ZDI-24-1195 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-7834 – Local privilege escalation in Overwolf
https://notcve.org/view.php?id=CVE-2024-7834
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. • https://www.cirosec.de/sa/sa-2024-004 • CWE-427: Uncontrolled Search Path Element •
CVE-2024-38456
https://notcve.org/view.php?id=CVE-2024-38456
A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. • https://www.schutzwerk.com/blog/schutzwerk-sa-2024-001 https://www.vivavis.com/en/solution/scada-en/high-leit https://www.vivavis.com/en/vivavis-high-leit-rce-vulnerability-cve-2024-38456 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-8356 – Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8356
Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to escalate privileges execute arbitrary code in the context of the VIP MCU. ... This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. ... An attacker can leverage this vulnerability to escalate privileges execute arbitrary code in the context of the VIP MCU. • https://www.zerodayinitiative.com/advisories/ZDI-24-1188 • CWE-345: Insufficient Verification of Data Authenticity •