CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2024-31510
https://notcve.org/view.php?id=CVE-2024-31510
An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component. • https://gist.github.com/liang-junkai/a9fc693f8bdf176e9d9f56773bf20703 https://github.com/liang-junkai/Fault-injection-of-ML-DSA https://github.com/open-quantum-safe/liboqs • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5292 – D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5292
D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-443 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29853
https://notcve.org/view.php?id=CVE-2024-29853
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. • https://veeam.com/kb4582 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22026
https://notcve.org/view.php?id=CVE-2024-22026
A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. • https://github.com/securekomodo/CVE-2024-22026 https://forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-33228
https://notcve.org/view.php?id=CVE-2024-33228
An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33228 • CWE-94: Improper Control of Generation of Code ('Code Injection') •