CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-33218
https://notcve.org/view.php?id=CVE-2024-33218
22 May 2024 — An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33218 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-33219
https://notcve.org/view.php?id=CVE-2024-33219
22 May 2024 — An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33219 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 9.7EPSS: %CPEs: -EXPL: 0CVE-2024-33220
https://notcve.org/view.php?id=CVE-2024-33220
22 May 2024 — An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33220 •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-33221
https://notcve.org/view.php?id=CVE-2024-33221
22 May 2024 — An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33221 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4454 – WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4454
22 May 2024 — WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of S... • https://www.zerodayinitiative.com/advisories/ZDI-24-491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5245 – NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5245
22 May 2024 — NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the c... • https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004 • CWE-1392: Use of Default Credentials •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31756
https://notcve.org/view.php?id=CVE-2024-31756
21 May 2024 — An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component. • https://northwave-cybersecurity.com/vulnerability-notice-hardware-access-driver-marvintest-solutions • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31757
https://notcve.org/view.php?id=CVE-2024-31757
21 May 2024 — An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component. • https://www.terabyteunlimited.com/image-for-windows • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36076
https://notcve.org/view.php?id=CVE-2024-36076
19 May 2024 — Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session. • https://github.com/Syslifters/sysreptor/releases/tag/2024.40 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35880 – io_uring/kbuf: hold io_buffer_list reference over mmap
https://notcve.org/view.php?id=CVE-2024-35880
19 May 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/09f7520048eaaee9709091cd2787966f807da7c5 •