CVE-2024-5290
https://notcve.org/view.php?id=CVE-2024-5290
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. • https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613 https://ubuntu.com/security/notices/USN-6945-1 https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation • CWE-427: Uncontrolled Search Path Element •
CVE-2024-23483 – Local Privilege Escalation via lack of input validation
https://notcve.org/view.php?id=CVE-2024-23483
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-20: Improper Input Validation •
CVE-2024-23458 – Local Privilege Escalation on Zscaler Client Connector on Windows
https://notcve.org/view.php?id=CVE-2024-23458
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190 • CWE-346: Origin Validation Error •
CVE-2024-38879 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38879
Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-20: Improper Input Validation •
CVE-2024-38878 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38878
Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •