CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6141 – Windscribe Directory Traversal Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6141
Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/Windscribe/Desktop-App/blob/90a5cc3c1f50f6545f83969c2ace6b4ac2c91c4e/client/common/changelog.txt#L23 https://www.zerodayinitiative.com/advisories/ZDI-24-820 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 4CVE-2024-37081
https://notcve.org/view.php?id=CVE-2024-37081
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance. vCenter Server contiene múltiples vulnerabilidades de escalada de privilegios locales debido a una mala configuración de sudo. • https://github.com/mbadanoiu/CVE-2024-37081 https://github.com/Mr-r00t11/CVE-2024-37081 https://github.com/CERTologists/Modified-CVE-2024-37081-POC https://github.com/CERTologists/-CVE-2024-37081-POC https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 • CWE-556: ASP.NET Misconfiguration: Use of Identity Impersonation •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6147 – Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6147
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-802 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6154 – Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6154
Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. ... This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. • https://www.zerodayinitiative.com/advisories/ZDI-24-804 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6153 – Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability
https://notcve.org/view.php?id=CVE-2024-6153
An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-803 • CWE-693: Protection Mechanism Failure •