CVE-2024-4944 – Mobile VPN with SSL Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4944
A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00010 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-37999
https://notcve.org/view.php?id=CVE-2024-37999
The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges. • https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-501799 • CWE-282: Improper Ownership Management •
CVE-2024-37769
https://notcve.org/view.php?id=CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. • https://github.com/b1ackc4t/14Finger/issues/12 • CWE-278: Insecure Preserved Inherited Permissions •
CVE-2024-27717
https://notcve.org/view.php?id=CVE-2024-27717
Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27717-cross-site-request-forgery-csrf-in-eskooly-web-product-less-than-v3.0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-27711
https://notcve.org/view.php?id=CVE-2024-27711
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27711-user-enumeration-via-sign-up-process-in-eskooly-web-product-less-than-v3.0 • CWE-269: Improper Privilege Management •