CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42051
https://notcve.org/view.php?id=CVE-2024-42051
28 Jul 2024 — A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/3.md • CWE-1391: Use of Weak Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42052
https://notcve.org/view.php?id=CVE-2024-42052
28 Jul 2024 — A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/1.md •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42053
https://notcve.org/view.php?id=CVE-2024-42053
28 Jul 2024 — A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/2.md • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7062 – Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087
https://notcve.org/view.php?id=CVE-2024-7062
26 Jul 2024 — Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. • https://pentraze.com/vulnerability-reports/CVE-2024-7062 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40433
https://notcve.org/view.php?id=CVE-2024-40433
26 Jul 2024 — Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component. • https://github.com/yikaikkk/CookieShareInWebView/blob/master/README.md • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27357
https://notcve.org/view.php?id=CVE-2024-27357
26 Jul 2024 — Local Privilege Escalation can occur during installations or updates by admins. • https://www.withsecure.com/en/support/security-advisories/cve-2024-27357 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36542
https://notcve.org/view.php?id=CVE-2024-36542
25 Jul 2024 — Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/e1685843b6f42b47dbf97e2e92e63428 •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36534
https://notcve.org/view.php?id=CVE-2024-36534
24 Jul 2024 — Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/0de688e6b874e480ddc1154350368450 • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36541
https://notcve.org/view.php?id=CVE-2024-36541
24 Jul 2024 — Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/f972d1c152f3b8127af01206f7c2af0d • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36533
https://notcve.org/view.php?id=CVE-2024-36533
24 Jul 2024 — Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/a0e05a26ecc80bd970ac4649faecc930 • CWE-1259: Improper Restriction of Security Token Assignment •