CVE-2023-48171
https://notcve.org/view.php?id=CVE-2023-48171
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. • https://gccybermonks.com/posts/defectdojo • CWE-269: Improper Privilege Management •
CVE-2024-7553 – Accessing Untrusted Directory May Allow Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-7553
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. • https://jira.mongodb.org/browse/CDRIVER-5650 https://jira.mongodb.org/browse/PHPC-2369 https://jira.mongodb.org/browse/SERVER-93211 • CWE-284: Improper Access Control •
CVE-2024-5290
https://notcve.org/view.php?id=CVE-2024-5290
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. • https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613 https://ubuntu.com/security/notices/USN-6945-1 https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation • CWE-427: Uncontrolled Search Path Element •
CVE-2024-23483 – Local Privilege Escalation via lack of input validation
https://notcve.org/view.php?id=CVE-2024-23483
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-20: Improper Input Validation •
CVE-2024-23458 – Local Privilege Escalation on Zscaler Client Connector on Windows
https://notcve.org/view.php?id=CVE-2024-23458
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190 • CWE-346: Origin Validation Error •