CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-5245 – NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5245
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004 https://www.zerodayinitiative.com/advisories/ZDI-24-496 • CWE-1392: Use of Default Credentials •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4454 – WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4454
WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31756
https://notcve.org/view.php?id=CVE-2024-31756
An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component. • https://northwave-cybersecurity.com/vulnerability-notice-hardware-access-driver-marvintest-solutions • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31757
https://notcve.org/view.php?id=CVE-2024-31757
An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component. • https://www.terabyteunlimited.com/image-for-windows • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36076
https://notcve.org/view.php?id=CVE-2024-36076
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session. • https://github.com/Syslifters/sysreptor/releases/tag/2024.40 https://github.com/Syslifters/sysreptor/security/advisories/GHSA-2vfc-3h43-vghh • CWE-352: Cross-Site Request Forgery (CSRF) •