CVE-2024-10251
https://notcve.org/view.php?id=CVE-2024-10251
Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Security-Controls-iSec-CVE-2024-10251 • CWE-276: Incorrect Default Permissions •
CVE-2024-49138 – Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138 • CWE-122: Heap-based Buffer Overflow •
CVE-2024-48839 – Remote Code Execution, RCE
https://notcve.org/view.php?id=CVE-2024-48839
An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. • https://packetstorm.news/files/id/183294 https://packetstorm.news/files/id/183027 https://packetstorm.news/files/id/183028 https://packetstorm.news/files/id/183032 https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-11872 – Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-11872
Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://trello.com/c/tcS6Jcfy/578-epic-games-launcher-1720 https://www.zerodayinitiative.com/advisories/ZDI-24-1646 • CWE-276: Incorrect Default Permissions •
CVE-2024-54131 – Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)
https://notcve.org/view.php?id=CVE-2024-54131
An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. • https://github.com/kolide/launcher/pull/1510 https://github.com/kolide/launcher/security/advisories/GHSA-66q9-2rvx-qfj5 • CWE-276: Incorrect Default Permissions CWE-456: Missing Initialization of a Variable •