CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-9525 – Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9525
09 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48806
https://notcve.org/view.php?id=CVE-2024-48806
09 Jan 2025 — Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field • https://support.neat.no/article/devices-running-microsoft-teams-allow-for-buffer-overflow-vulnerability • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12429 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12429
07 Jan 2025 — ABB AC500v3 versions 3.7.0.569 and below suffer from privilege escalation and directory traversal vulnerabilities. • https://packetstorm.news/files/id/188713 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12430 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12430
07 Jan 2025 — After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. • https://packetstorm.news/files/id/188713 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22395
https://notcve.org/view.php?id=CVE-2025-22395
07 Jan 2025 — Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. ... Un atacante local con poco nivel de privilegios podría aprovechar esta vulnerabilidad, lo que provocaría la ejecución de scripts remotos arbitrarios en el servidor. • https://www.dell.com/support/kbdoc/en-us/000269079/dsa-2025-034-security-update-for-dell-update-package-dup-framework-vulnerability • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-50659
https://notcve.org/view.php?id=CVE-2024-50659
07 Jan 2025 — Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html. • http://adportal.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20151
https://notcve.org/view.php?id=CVE-2024-20151
06 Jan 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/January-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20105
https://notcve.org/view.php?id=CVE-2024-20105
06 Jan 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/January-2025 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20145
https://notcve.org/view.php?id=CVE-2024-20145
06 Jan 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/January-2025 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20144
https://notcve.org/view.php?id=CVE-2024-20144
06 Jan 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/January-2025 • CWE-787: Out-of-bounds Write •