
CVE-2024-37758
https://notcve.org/view.php?id=CVE-2024-37758
20 Dec 2024 — Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges. • https://medium.com/@hamzanadeem1337/unauthorized-full-vertical-privilege-escalation-in-digiteam-sales-gamification-portal-version-4-21-0-c3e3282e9053 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2024-12786 – X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management
https://notcve.org/view.php?id=CVE-2024-12786
19 Dec 2024 — The manipulation leads to improper privilege management. ... Durch das Manipulieren mit unbekannten Daten kann eine improper privilege management-Schwachstelle ausgenutzt werden. • https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •

CVE-2024-45819 – libxl leaks data to PVH guests via ACPI tables
https://notcve.org/view.php?id=CVE-2024-45819
19 Dec 2024 — The construction involves building the tables in local memory, which are then copied into guest memory. The construction involves building the tables in local memory, which are then copied into guest memory. ... The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents. Multiple vulnerabilities ha... • https://xenbits.xenproject.org/xsa/advisory-464.html • CWE-276: Incorrect Default Permissions •

CVE-2024-12831 – Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12831
19 Dec 2024 — Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. ... An attacker can leverage this to escalate privileges to resources normally protected from the user. ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1720 • CWE-863: Incorrect Authorization •

CVE-2024-47040 – Use After Free in the android.hardware.radio.sap.ISap/slot2 service
https://notcve.org/view.php?id=CVE-2024-47040
18 Dec 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-11-01 • CWE-416: Use After Free •

CVE-2024-55505
https://notcve.org/view.php?id=CVE-2024-55505
18 Dec 2024 — An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. • https://github.com/CV1523/CVEs/blob/main/CVE-2024-55505.md •

CVE-2024-4762
https://notcve.org/view.php?id=CVE-2024-4762
16 Dec 2024 — An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. • https://support.lenovo.co/us/en/product_security/LEN-174319 • CWE-295: Improper Certificate Validation •

CVE-2024-31891 – IBM Storage Scale privilege escalation
https://notcve.org/view.php?id=CVE-2024-31891
14 Dec 2024 — IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. • https://www.ibm.com/support/pages/node/7178098 • CWE-250: Execution with Unnecessary Privileges •

CVE-2024-12552 – Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12552
12 Dec 2024 — Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the conte... • https://cdn.wacom.com/u/productsupport/drivers/win/professional/releasenotes/Windows_6.4.8-2.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2024-11598
https://notcve.org/view.php?id=CVE-2024-11598
11 Dec 2024 — Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Application-Control-CVE-2024-11598 • CWE-276: Incorrect Default Permissions •