CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3291 – Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-3291
17 May 2024 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2024-09 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3289
https://notcve.org/view.php?id=CVE-2024-3289
17 May 2024 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2024-08 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51636 – Avira Prime Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51636
17 May 2024 — Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and... • https://www.zerodayinitiative.com/advisories/ZDI-24-469 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35102
https://notcve.org/view.php?id=CVE-2024-35102
15 May 2024 — Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script. • https://vuln2you.blogspot.com/2024/05/avediaserver-unauthorised-api-access.html •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2024-30037 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30037
14 May 2024 — Windows Common Log File System Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del sistema de archivos de registro común de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30037 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35050
https://notcve.org/view.php?id=CVE-2024-35050
14 May 2024 — An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. • https://github.com/javahuang/SurveyKing/issues/57 • CWE-613: Insufficient Session Expiration •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-31954
https://notcve.org/view.php?id=CVE-2024-31954
14 May 2024 — Because it is possible to tamper with the directory and DLL files used during the installation process, an attacker can escalate privileges through arbitrary code execution. • https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31954 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31953
https://notcve.org/view.php?id=CVE-2024-31953
14 May 2024 — Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. • https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31953 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-31952
https://notcve.org/view.php?id=CVE-2024-31952
14 May 2024 — Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. • https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31952 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-31771
https://notcve.org/view.php?id=CVE-2024-31771
14 May 2024 — Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file La vulnerabilidad de permiso inseguro en TotalAV v.6.0.740 permite a un atacante local escalar privilegios a través de un archivo manipulado • https://github.com/restdone/CVE-2024-31771 • CWE-266: Incorrect Privilege Assignment •