CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2024-49138 – Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-55550
https://notcve.org/view.php?id=CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. ... This vulnerability does not allow file modification or privilege escalation. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50627
https://notcve.org/view.php?id=CVE-2024-50627
A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to unauthorized system access. • https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf https://www.digi.com/resources/security • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-11220 – Open Automation Software Incorrect Execution-Assigned Permissions
https://notcve.org/view.php?id=CVE-2024-11220
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. • https://openautomationsoftware.com/downloads https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-03 • CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9391
https://notcve.org/view.php?id=CVE-2018-9391
This could lead to local escalation of privilege with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-787: Out-of-bounds Write •