CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-5803 – Local privelage escalation via COM hijacking
https://notcve.org/view.php?id=CVE-2024-5803
The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 1CVE-2024-44193 – iTunes For Windows 12.13.2.3 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-44193
A local attacker may be able to elevate their privileges. • https://github.com/mbog14/CVE-2024-44193 https://support.apple.com/en-us/121328 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8885
https://notcve.org/view.php?id=CVE-2024-8885
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241002-cde-lpe • CWE-502: Deserialization of Untrusted Data CWE-1104: Use of Unmaintained Third Party Components •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35288 – Nitro PDF Pro Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-35288
Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. • https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-nitro-pdf-pro https://seclists.org/fulldisclosure/2024/Sep/59 https://www.gonitro.com/support/downloads#securityUpdates •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6654 – Denial of Service vulnerability in ESET products for macOS
https://notcve.org/view.php?id=CVE-2024-6654
Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. Los productos para macOS permiten que un usuario conectado al sistema realice un ataque de denegación de servicio, que podría usarse indebidamente para deshabilitar la protección del producto de seguridad de ESET y provocar una ralentización general del sistema. • https://support.eset.com/en/ca8725-local-privilege-escalation-vulnerability-in-eset-products-for-macos-fixed https://support.eset.com/en/ca8725-denial-of-service-vulnerability-in-eset-products-for-macos-fixed • CWE-377: Insecure Temporary File •