CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30033
14 May 2024 — Windows Search Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de búsqueda de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30802
https://notcve.org/view.php?id=CVE-2024-30802
10 May 2024 — An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component. • https://github.com/WarmBrew/web_vul/blob/main/TTX.md • CWE-1393: Use of Default Password •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29210
https://notcve.org/view.php?id=CVE-2024-29210
07 May 2024 — A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. ... Se ha identificado una vulnerabilidad de escalada de privilegios locales (LPE) en Phish Alert Button for Outlook (PAB), e... • https://support.knowbe4.com/hc/en-us/articles/28959854203923-CVE-2024-29210 • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3576 – NPort 5100A Series Store XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-3576
06 May 2024 — Malicious users may use the vulnerability to get sensitive information and escalate privileges. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-246328-nport-5100a-series-store-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27453
https://notcve.org/view.php?id=CVE-2024-27453
03 May 2024 — In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI). • https://extreme-networks.my.site.com/ExtrArticleDetail?an=000118266 • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29417
https://notcve.org/view.php?id=CVE-2024-29417
03 May 2024 — Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function. • https://blog.pridesec.com.br/en/horacius-unauthenticated-privilege-escalation • CWE-277: Insecure Inherited Permissions •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7241 – Webroot Antivirus COM-Hijacking LPE
https://notcve.org/view.php?id=CVE-2023-7241
01 May 2024 — Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on Windows64 bit and 32 bit allows malicious software to abuse WRSA.EXE to delete arbitrary and protected files. La escalada de privilegios en WRSA.EXE en Webroot Antivirus 8.0.1X-9.0.35.12 en Windows de 64 y 32 bits permite que software malicioso abuse de WRSA.EXE para eliminar archivos arbitrarios y protegidos. Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on Windows64 bit and 32 bit allows malicious software... • https://answers.webroot.com/Webroot/ukp.aspx?&app=vw&vw=1&login=1&solutionid=4258 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24912 – Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file
https://notcve.org/view.php?id=CVE-2024-24912
01 May 2024 — A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. • https://support.checkpoint.com/results/sk/sk182244 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-33775
https://notcve.org/view.php?id=CVE-2024-33775
01 May 2024 — An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. • https://github.com/Neo-XeD/CVE-2024-33775 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22830
https://notcve.org/view.php?id=CVE-2024-22830
01 May 2024 — This allows a local attacker to escalate privileges from regular user to System or PPL level. • http://anti-cheat.com • CWE-284: Improper Access Control •