CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30033
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Search service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-27842
https://notcve.org/view.php?id=CVE-2024-27842
An app may be able to execute arbitrary code with kernel privileges. • http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214106 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-27804
https://notcve.org/view.php?id=CVE-2024-27804
An app may be able to execute arbitrary code with kernel privileges. • https://github.com/R00tkitSMM/CVE-2024-27804 http://seclists.org/fulldisclosure/2024/May/10 http://seclists.org/fulldisclosure/2024/May/12 http://seclists.org/fulldisclosure/2024/May/16 http://seclists.org/fulldisclosure/2024/May/17 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214101 https://support.apple.com/kb/ • CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-27829 – Apple macOS VideoToolbox Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27829
Processing a file may lead to unexpected app termination or arbitrary code execution. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214106 • CWE-788: Access of Memory Location After End of Buffer •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-27813
https://notcve.org/view.php?id=CVE-2024-27813
An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. • http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214106 •