CVE-2024-27715
https://notcve.org/view.php?id=CVE-2024-27715
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0 • CWE-620: Unverified Password Change •
CVE-2024-27712
https://notcve.org/view.php?id=CVE-2024-27712
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27712-user-enumeration-via-account-settings-in-eskooly-web-product-less-than-v3.0 •
CVE-2024-39934
https://notcve.org/view.php?id=CVE-2024-39934
Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment. Robotmk anterior a 2.0.1 permite a un usuario local escalar privilegios (por ejemplo, a SYSTEM) si la configuración automatizada del entorno Python está habilitada, porque la función "uso de holoárbol compartido" permite a cualquier usuario editar cualquier entorno Python. • https://checkmk.com/werk/16434 https://github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715e https://github.com/elabit/robotmk/compare/v2.0.0...v2.0.1 https://github.com/elabit/robotmk/releases/tag/v2.0.1 • CWE-284: Improper Access Control •
CVE-2024-37726
https://notcve.org/view.php?id=CVE-2024-37726
., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe • https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation https://github.com/NextGenPentesters/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation • CWE-269: Improper Privilege Management •
CVE-2024-25086
https://notcve.org/view.php?id=CVE-2024-25086
Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-269: Improper Privilege Management •