CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-36821
https://notcve.org/view.php?id=CVE-2024-36821
11 Jun 2024 — Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. • https://github.com/IvanGlinkin/CVE-2024-36821 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26507
https://notcve.org/view.php?id=CVE-2024-26507
10 Jun 2024 — An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components. • https://belong2yourself.github.io/vulnerabilities/docs/AIDA/Elevation-of-Privileges/readme • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34332
https://notcve.org/view.php?id=CVE-2024-34332
10 Jun 2024 — An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. • https://belong2yourself.github.io/vulnerabilities/docs/SANDRA/Elevation-of-Privileges/readme • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7261 – Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-7261
07 Jun 2024 — (Severidad de seguridad de Chrome: alta) This vulnerability allows local attackers to escalate privileges on affected installations of Google Chrome. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/zerozenxlabs/CVE-2023-7261 • CWE-233: Improper Handling of Parameters •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-3110 – Stored XSS leading to admin account takeover in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3110
06 Jun 2024 — The attacker can then use this token to perform unauthorized actions, escalate privileges to admin, or directly take over the admin account. • https://github.com/mintplex-labs/anything-llm/commit/49f30e051c9f6e28977d57d0e5f49c1294094e41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3152 – Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3152
06 Jun 2024 — An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. • https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32849 – Trend Micro Maximum Security coreServiceShell Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-32849
06 Jun 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-19175 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36302 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36302
06 Jun 2024 — An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36303 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36303
06 Jun 2024 — An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36304 – Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36304
06 Jun 2024 — A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •