CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34332
https://notcve.org/view.php?id=CVE-2024-34332
An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. • https://belong2yourself.github.io/vulnerabilities/docs/SANDRA/Elevation-of-Privileges/readme • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7261 – Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-7261
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) La implementación inadecuada en Google Updatetor anterior a la versión 1.3.36.351 en Google Chrome permitió a un atacante local realizar una escalada de privilegios a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) This vulnerability allows local attackers to escalate privileges on affected installations of Google Chrome. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://issues.chromium.org/issues/40064602 • CWE-233: Improper Handling of Parameters •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-3110 – Stored XSS leading to admin account takeover in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3110
The attacker can then use this token to perform unauthorized actions, escalate privileges to admin, or directly take over the admin account. • https://github.com/mintplex-labs/anything-llm/commit/49f30e051c9f6e28977d57d0e5f49c1294094e41 https://huntr.com/bounties/c2895978-364d-412d-8825-c806606bcb85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3152 – Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3152
An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. • https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc https://huntr.com/bounties/46034fa0-d623-49f8-8ee8-390390181373 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36303 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36303
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36302. Una vulnerabilidad de validación de origen en el agente de seguridad Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 https://www.zerodayinitiative.com/advisories/ZDI-24-570 •