CVE-2024-47595 – Local Privilege Escalation in SAP Host Agent
https://notcve.org/view.php?id=CVE-2024-47595
An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3509619 https://url.sap/sapsecuritypatchday • CWE-266: Incorrect Privilege Assignment •
CVE-2024-51094
https://notcve.org/view.php?id=CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the file /account/profile of the component "Name" field value under "Edit Your Profile". • https://gist.githubusercontent.com/Tommywarren/b3a6c6ae5a93dd67c863313f71f53a76/raw/ddff8cbbab5179f680ba3f5e94fc080575ad8913/CVE-2024-51094 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2024-51093
https://notcve.org/view.php?id=CVE-2024-51093
Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files. • https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-6871 – G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6871
G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-1486 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-50592 – Local Privilege Escalation via Race Condition
https://notcve.org/view.php?id=CVE-2024-50592
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. ... HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. • https://hasomed.de/produkte/elefant https://r.sec-consult.com/hasomed • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •