CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 7CVE-2024-30088 – Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2024-30088
11 Jun 2024 — Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability... • https://packetstorm.news/files/id/179642 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-30087 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30087
11 Jun 2024 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30087 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-30086 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30086
11 Jun 2024 — Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del subsistema kernel de Windows Win32 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30086 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2024-30085 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30085
11 Jun 2024 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador del minifiltro de archivos en la nube de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/Adamkadaban/CVE-2024-30085 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-30084 – Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30084
11 Jun 2024 — Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador en modo kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30084 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 6CVE-2024-35250 – Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
https://notcve.org/view.php?id=CVE-2024-35250
11 Jun 2024 — Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador en modo kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... The issue results from improper handling of privilege context transitions. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context... • https://packetstorm.news/files/id/182984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-30082 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30082
11 Jun 2024 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30082 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37130
https://notcve.org/view.php?id=CVE-2024-37130
11 Jun 2024 — Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. ... Un usuario malintencionado local con pocos privilegios podría explotar esta vulnerabilidad y escalar sus privilegios al usuario administrador y obtener el contr... • https://www.dell.com/support/kbdoc/en-us/000225914/dsa-2024-264-dell-openmanage-server-administrator-omsa-security-update-for-local-privilege-escalation-via-xsl-hijacking-vulnerability • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-36821
https://notcve.org/view.php?id=CVE-2024-36821
11 Jun 2024 — Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Permisos inseguros en Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 permite a los atacantes escalar privilegios de Invitado a raíz a través de un directory traversal. • https://github.com/IvanGlinkin/CVE-2024-36821 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26507
https://notcve.org/view.php?id=CVE-2024-26507
10 Jun 2024 — An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components. Un problema en FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 y anteriores permite a un atacante local escalar privilegios a través de la... • https://belong2yourself.github.io/vulnerabilities/docs/AIDA/Elevation-of-Privileges/readme • CWE-1286: Improper Validation of Syntactic Correctness of Input •