CVE-2024-5292 – D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5292
D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-443 • CWE-427: Uncontrolled Search Path Element •
CVE-2024-35224 – Stored Cross-Site Scripting (XSS) in OpenProject
https://notcve.org/view.php?id=CVE-2024-35224
A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. • https://community.openproject.org/projects/openproject/work_packages/55198/relations https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-29853
https://notcve.org/view.php?id=CVE-2024-29853
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. • https://veeam.com/kb4582 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2024-22026
https://notcve.org/view.php?id=CVE-2024-22026
A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. • https://github.com/securekomodo/CVE-2024-22026 https://forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US •
CVE-2024-33228
https://notcve.org/view.php?id=CVE-2024-33228
An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33228 • CWE-94: Improper Control of Generation of Code ('Code Injection') •