CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48827
https://notcve.org/view.php?id=CVE-2024-48827
11 Oct 2024 — An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. • https://github.com/sbondCo/Watcharr • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45316 – SonicWALL Connect Tunnel Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-45316
11 Oct 2024 — The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL Connect Tunnel. ... An attacker can leverage this vulnerability ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38818
https://notcve.org/view.php?id=CVE-2024-38818
09 Oct 2024 — VMware NSX contains a local privilege escalation vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2024-9473 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-9473
09 Oct 2024 — A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability. • https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-palo-alto-networks-globalprotect • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2024-39438
https://notcve.org/view.php?id=CVE-2024-39438
09 Oct 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2024-39437
https://notcve.org/view.php?id=CVE-2024-39437
09 Oct 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2024-39436
https://notcve.org/view.php?id=CVE-2024-39436
09 Oct 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9167
https://notcve.org/view.php?id=CVE-2024-9167
08 Oct 2024 — Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/Security-Advisory-Velocity-License-Server-CVE-2024-9167 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47196
https://notcve.org/view.php?id=CVE-2024-47196
08 Oct 2024 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-426509.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47195
https://notcve.org/view.php?id=CVE-2024-47195
08 Oct 2024 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-426509.html • CWE-427: Uncontrolled Search Path Element •