CVE-2024-2003 – Local Privilege Escalation in Quarantine of ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-2003
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/ca8674 • CWE-269: Improper Privilege Management •
CVE-2024-39350 – Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39350
This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. ... This vulnerability allows local attackers to escalate privileges on affected installations of Synology BC500 cameras. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-36532
https://notcve.org/view.php?id=CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/43488e1d41110a5610146b87b2e88a02 • CWE-281: Improper Preservation of Permissions •
CVE-2024-5930 – VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5930
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.vipre.com/en_US/home-windows-release-notes/home-windows-release-notes-20240227 https://www.zerodayinitiative.com/advisories/ZDI-24-819 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-6141 – Windscribe Directory Traversal Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6141
Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/Windscribe/Desktop-App/blob/90a5cc3c1f50f6545f83969c2ace6b4ac2c91c4e/client/common/changelog.txt#L23 https://www.zerodayinitiative.com/advisories/ZDI-24-820 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •