CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8975 – Grafana Alloy on Windows Unquoted service path
https://notcve.org/view.php?id=CVE-2024-8975
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1. • https://github.com/grafana/alloy/releases/tag/v1.4.0 https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996 https://grafana.com/security/security-advisories/cve-2024-8975 https://github.com/grafana/alloy/releases/tag/v1.4.1 https://github.com/grafana/alloy/releases/tag/v1.3.4 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2024-7479 – Improper signature verification of VPN driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7479
Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481 https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1006 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2024-7481 – Improper signature verification of Printer driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7481
Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481 https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1006 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-41708
https://notcve.org/view.php?id=CVE-2024-41708
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. • https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf https://github.com/AdaCore/aws • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-41228
https://notcve.org/view.php?id=CVE-2024-41228
A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files. • https://gist.github.com/cafan/68ed2d065a4b9c1c37c70a18077ad27b • CWE-269: Improper Privilege Management •