CVE-2024-8247 – Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-8247
This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. • https://plugins.trac.wordpress.org/browser/newsletters-lite/tags/4.9.9.1/wp-mailinglist.php#L3279 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3146287%40newsletters-lite&new=3146287%40newsletters-lite&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/2577102f-6355-4483-bd3d-1948497cb843?source=cve • CWE-269: Improper Privilege Management •
CVE-2024-45173 – C-MOR Video Surveillance 5.2401 / 6.00PL01 Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-45173
Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. ... These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges. • https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-027.txt https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030 • CWE-269: Improper Privilege Management •
CVE-2024-6260 – Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6260
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.malwarebytes.com/secure/cves https://www.zerodayinitiative.com/advisories/ZDI-24-1195 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-45075 – IBM webMethods Integration privilege escalation
https://notcve.org/view.php?id=CVE-2024-45075
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. • https://www.ibm.com/support/pages/node/7167245 • CWE-308: Use of Single-factor Authentication •
CVE-2024-7834 – Local privilege escalation in Overwolf
https://notcve.org/view.php?id=CVE-2024-7834
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location. • https://www.cirosec.de/sa/sa-2024-004 • CWE-427: Uncontrolled Search Path Element •