CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 2CVE-2024-7479 – Improper signature verification of VPN driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7479
25 Sep 2024 — Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escalate<... • https://packetstorm.news/files/id/182012 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2024-7481 – Improper signature verification of Printer driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7481
25 Sep 2024 — Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escal... • https://packetstorm.news/files/id/182012 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41708
https://notcve.org/view.php?id=CVE-2024-41708
25 Sep 2024 — An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. • https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40441
https://notcve.org/view.php?id=CVE-2024-40441
23 Sep 2024 — An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter. • https://github.com/doccano/doccano/releases/tag/v1.8.4 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40442
https://notcve.org/view.php?id=CVE-2024-40442
23 Sep 2024 — An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. • https://github.com/doccano/doccano/releases/tag/v1.8.4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39843 – Centreon updateAccessGroupLinks_MC SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39843
23 Sep 2024 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34331
https://notcve.org/view.php?id=CVE-2024-34331
23 Sep 2024 — A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. • https://kb.parallels.com/129860 • CWE-269: Improper Privilege Management •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41228
https://notcve.org/view.php?id=CVE-2024-41228
23 Sep 2024 — A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files. • https://gist.github.com/cafan/68ed2d065a4b9c1c37c70a18077ad27b • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39842 – Centreon updateContactHostCommands_MC SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39842
23 Sep 2024 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47480
https://notcve.org/view.php?id=CVE-2023-47480
20 Sep 2024 — An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function. • https://puredata.info • CWE-252: Unchecked Return Value •