CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-20079
https://notcve.org/view.php?id=CVE-2024-20079
This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://corp.mediatek.com/product-security-bulletin/July-2024 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20078
https://notcve.org/view.php?id=CVE-2024-20078
This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://corp.mediatek.com/product-security-bulletin/July-2024 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39251
https://notcve.org/view.php?id=CVE-2024-39251
An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests. • https://github.com/Souhardya/Exploit-PoCs/tree/main/ThundeRobot_Control_center • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4395 – Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-4395
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. • https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html https://trusted.jamf.com/docs/establishing-compliance-baselines#support • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2023-7270 – Local Privilege Escalation via MSI installer
https://notcve.org/view.php?id=CVE-2023-7270
This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user. ... Se descubrió que los archivos de instalación de SoftMaker Office y FreeOffice MSI producían una ventana visible de conhost.exe ejecutándose como el usuario de SYSTEM cuando se utiliza la función de reparación de msiexec.exe.Esto permite a un atacante local con pocos privilegios utilizar una cadena de acciones para abrir un cmd.exe completamente funcional con los privilegios del usuario de SYSTEM. SoftMaker Office and FreeOffice suffer from a local privilege escalation vulnerability via the MSI installer. • http://seclists.org/fulldisclosure/2024/Jul/5 https://r.sec-consult.com/softmaker https://softmaker.de/download/servicepacks https://www.freeoffice.com/de/download/servicepacks • CWE-266: Incorrect Privilege Assignment •