CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 2CVE-2024-49039 – Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-49039
12 Nov 2024 — Windows Task Scheduler Elevation of Privilege Vulnerability Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions. • https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039 • CWE-287: Improper Authentication •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10945 – FactoryTalk® Updater Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-10945
12 Nov 2024 — A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7571 – Ivanti Secure Access Client Pulse Secure Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7571
12 Nov 2024 — Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Secure Access Client. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47906
https://notcve.org/view.php?id=CVE-2024-47906
12 Nov 2024 — Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges. Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33658 – Buffer Overflow Vulnerability In OFBD
https://notcve.org/view.php?id=CVE-2024-33658
12 Nov 2024 — APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29119
https://notcve.org/view.php?id=CVE-2024-29119
12 Nov 2024 — The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-616032.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47595 – Local Privilege Escalation in SAP Host Agent
https://notcve.org/view.php?id=CVE-2024-47595
12 Nov 2024 — An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. • https://me.sap.com/notes/3509619 • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-51093
https://notcve.org/view.php?id=CVE-2024-51093
12 Nov 2024 — Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files. ... This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system. • https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6871 – G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6871
12 Nov 2024 — G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute a... • https://www.zerodayinitiative.com/advisories/ZDI-24-1486 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51094
https://notcve.org/view.php?id=CVE-2024-51094
12 Nov 2024 — An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the file /account/profile of the component "Name" field value under "Edit Your Profile". • https://gist.githubusercontent.com/Tommywarren/b3a6c6ae5a93dd67c863313f71f53a76/raw/ddff8cbbab5179f680ba3f5e94fc080575ad8913/CVE-2024-51094 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •