CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42052
https://notcve.org/view.php?id=CVE-2024-42052
A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/1.md https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/15813655496603-Splashtop-Streamer-version-v3-5-8-0-for-Windows-released •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42051
https://notcve.org/view.php?id=CVE-2024-42051
A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/3.md https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/20716875636763-Splashtop-Streamer-version-v3-6-2-0-for-Windows-released • CWE-1391: Use of Weak Credentials •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42053
https://notcve.org/view.php?id=CVE-2024-42053
A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/2.md https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/18223802896539-Splashtop-Streamer-version-v3-6-0-0-for-Windows-released • CWE-276: Incorrect Default Permissions •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-42050
https://notcve.org/view.php?id=CVE-2024-42050
A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/4.md https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/25584410412571--Splashtop-Streamer-version-v3-7-0-0-for-Windows-released • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7062 – Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087
https://notcve.org/view.php?id=CVE-2024-7062
Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations. Nimble Commander sufre una vulnerabilidad de escalada de privilegios debido a que el servidor (info.filesmanager.Files.PrivilegedIOHelperV2) realiza una validación incorrecta o insuficiente de la autorización de un cliente antes de ejecutar una operación. En consecuencia, es posible ejecutar comandos a nivel de sistema como usuario root, como cambiar permisos y propiedad, obtener un identificador (descriptor de archivo) de un archivo arbitrario y finalizar procesos, entre otras operaciones. • https://pentraze.com/vulnerability-reports/CVE-2024-7062 • CWE-863: Incorrect Authorization •