CVE-2024-25088
https://notcve.org/view.php?id=CVE-2024-25088
Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf • CWE-269: Improper Privilege Management •
CVE-2024-39251
https://notcve.org/view.php?id=CVE-2024-39251
An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests. • https://github.com/Souhardya/Exploit-PoCs/tree/main/ThundeRobot_Control_center • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVE-2024-4395 – Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-4395
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. • https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html https://trusted.jamf.com/docs/establishing-compliance-baselines#support • CWE-269: Improper Privilege Management •
CVE-2023-7270 – Local Privilege Escalation via MSI installer
https://notcve.org/view.php?id=CVE-2023-7270
SoftMaker Office and FreeOffice suffer from a local privilege escalation vulnerability via the MSI installer. • http://seclists.org/fulldisclosure/2024/Jul/5 https://r.sec-consult.com/softmaker https://softmaker.de/download/servicepacks https://www.freeoffice.com/de/download/servicepacks • CWE-266: Incorrect Privilege Assignment •
CVE-2024-39708
https://notcve.org/view.php?id=CVE-2024-39708
An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. • https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.1-combined.htm https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability •