CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9845
https://notcve.org/view.php?id=CVE-2024-9845
11 Dec 2024 — Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Automation-CVE-2024-9845 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10251
https://notcve.org/view.php?id=CVE-2024-10251
11 Dec 2024 — Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Security-Controls-iSec-CVE-2024-10251 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3CVE-2024-49138 – Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-49138
10 Dec 2024 — Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges. • https://github.com/MrAle98/CVE-2024-49138-POC • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.4EPSS: 40%CPEs: -EXPL: 0CVE-2024-55550 – Mitel MiCollab Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-55550
10 Dec 2024 — Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. ... This vulnerability does not allow file modification or privilege escalation. Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. • https://www.mitel.com/support/security-advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50627
https://notcve.org/view.php?id=CVE-2024-50627
09 Dec 2024 — A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to unauthorized system access. • https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11220 – Open Automation Software Incorrect Execution-Assigned Permissions
https://notcve.org/view.php?id=CVE-2024-11220
06 Dec 2024 — A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. • https://openautomationsoftware.com/downloads • CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9391
https://notcve.org/view.php?id=CVE-2018-9391
05 Dec 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9390
https://notcve.org/view.php?id=CVE-2018-9390
05 Dec 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9386
https://notcve.org/view.php?id=CVE-2018-9386
05 Dec 2024 — This could lead to local escalation of privilege with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13308
https://notcve.org/view.php?id=CVE-2017-13308
05 Dec 2024 — This could lead to a local escalation of privilege with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •