CVE-2024-5742 – Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
https://notcve.org/view.php?id=CVE-2024-5742
If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. • https://access.redhat.com/security/cve/CVE-2024-5742 https://bugzilla.redhat.com/show_bug.cgi?id=2278574 https://lists.debian.org/debian-lts-announce/2024/06/msg00006.html https://access.redhat.com/errata/RHSA-2024:6986 https://access.redhat.com/errata/RHSA-2024:9430 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVE-2024-37665
https://notcve.org/view.php?id=CVE-2024-37665
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. • https://github.com/648540858/wvp-GB28181-pro https://github.com/guipi01/WVP-GB28181 • CWE-269: Improper Privilege Management •
CVE-2024-30089 – Microsoft Streaming Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30089
Microsoft Streaming Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de transmisión de Microsoft This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30089 • CWE-416: Use After Free •
CVE-2024-30088 – Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/exploits-forsale/collateral-damage https://github.com/tykawaii98/CVE-2024-30088 https://github.com/Zombie-Kaiser/CVE-2024-30088-Windows-poc https://github.com/Admin9961/CVE-2024-30088 https://github.com/NextGenPentesters/CVE-2024-30088- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30088 - • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2024-30087 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30087
Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30087 • CWE-20: Improper Input Validation •