CVE-2024-22106
https://notcve.org/view.php?id=CVE-2024-22106
Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). • https://jungo.com/windriver/versions https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf • CWE-269: Improper Privilege Management •
CVE-2024-39251
https://notcve.org/view.php?id=CVE-2024-39251
An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests. • https://github.com/Souhardya/Exploit-PoCs/tree/main/ThundeRobot_Control_center • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVE-2024-31912 – IBM MQ privilege escalation
https://notcve.org/view.php?id=CVE-2024-31912
IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. • https://exchange.xforce.ibmcloud.com/vulnerabilities/289894 https://www.ibm.com/support/pages/node/7158072 • CWE-266: Incorrect Privilege Assignment •
CVE-2024-4395 – Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-4395
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. • https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html https://trusted.jamf.com/docs/establishing-compliance-baselines#support • CWE-269: Improper Privilege Management •
CVE-2023-7270 – Local Privilege Escalation via MSI installer
https://notcve.org/view.php?id=CVE-2023-7270
This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user. ... SoftMaker Office and FreeOffice suffer from a local privilege escalation vulnerability via the MSI installer. • http://seclists.org/fulldisclosure/2024/Jul/5 https://r.sec-consult.com/softmaker https://softmaker.de/download/servicepacks https://www.freeoffice.com/de/download/servicepacks • CWE-266: Incorrect Privilege Assignment •