CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23483 – Local Privilege Escalation via lack of input validation
https://notcve.org/view.php?id=CVE-2024-23483
06 Aug 2024 — An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23458 – Local Privilege Escalation on Zscaler Client Connector on Windows
https://notcve.org/view.php?id=CVE-2024-23458
06 Aug 2024 — While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190 • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-38879 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38879
02 Aug 2024 — Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://packetstorm.news/files/id/182667 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2024-38878 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38878
02 Aug 2024 — The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://packetstorm.news/files/id/182667 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2024-38877 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38877
02 Aug 2024 — Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://packetstorm.news/files/id/182667 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 1CVE-2024-38876 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38876
02 Aug 2024 — This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://packetstorm.news/files/id/182667 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7253 – NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7253
01 Aug 2024 — NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYS... • https://kb.nomachine.com/TR07V11184 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6197
https://notcve.org/view.php?id=CVE-2019-6197
31 Jul 2024 — A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. • https://iknow.lenovo.com.cn/detail/186945.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6198
https://notcve.org/view.php?id=CVE-2019-6198
31 Jul 2024 — A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. • https://iknow.lenovo.com.cn/detail/186945.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6975 – Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
https://notcve.org/view.php?id=CVE-2024-6975
31 Jul 2024 — Untrusted Search Path vulnerability in Cato Networks SDP Client on Windows allows Privilege Escalation.This issue affects SDP Client: before 5.10.34. Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34. Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. • https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file • CWE-426: Untrusted Search Path •