CVE-2024-26507
https://notcve.org/view.php?id=CVE-2024-26507
An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components. • https://belong2yourself.github.io/vulnerabilities/docs/AIDA/Elevation-of-Privileges/readme • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVE-2023-7261 – Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-7261
(Severidad de seguridad de Chrome: alta) This vulnerability allows local attackers to escalate privileges on affected installations of Google Chrome. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://issues.chromium.org/issues/40064602 • CWE-233: Improper Handling of Parameters •
CVE-2024-3110 – Stored XSS leading to admin account takeover in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3110
The attacker can then use this token to perform unauthorized actions, escalate privileges to admin, or directly take over the admin account. • https://github.com/mintplex-labs/anything-llm/commit/49f30e051c9f6e28977d57d0e5f49c1294094e41 https://huntr.com/bounties/c2895978-364d-412d-8825-c806606bcb85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-3152 – Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3152
An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. • https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc https://huntr.com/bounties/46034fa0-d623-49f8-8ee8-390390181373 • CWE-20: Improper Input Validation •
CVE-2024-36359 – Trend Micro InterScan Web Security Virtual Appliance Cross-Site Scripting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36359
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro InterScan Web Security Virtual Appliance. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/dcx/s/solution/000298065 https://www.zerodayinitiative.com/advisories/ZDI-24-574 •