CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-33218
https://notcve.org/view.php?id=CVE-2024-33218
22 May 2024 — An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33218 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4454 – WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4454
22 May 2024 — WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. ... An attacker can leverage this vulnerability to escalate <... • https://www.zerodayinitiative.com/advisories/ZDI-24-491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5245 – NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5245
22 May 2024 — NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. ... An attacker can leverage this vulnerability to esc... • https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004 • CWE-1392: Use of Default Credentials •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31756
https://notcve.org/view.php?id=CVE-2024-31756
21 May 2024 — An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component. Un problema en MarvinTest Solutions Hardware Access Driver v.5.0.3.0 y anteriores y solucionado en v.5.0.4.0 permite a un atacante local escalar privilegios a través del componente Hw65.sys. • https://northwave-cybersecurity.com/vulnerability-notice-hardware-access-driver-marvintest-solutions • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31757
https://notcve.org/view.php?id=CVE-2024-31757
21 May 2024 — An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component. Un problema en TeraByte Unlimited Image para Windows v.3.64.0.0 y anteriores y solucionado en v.4.0.0.0 permite a un atacante local escalar privilegios a través del componente TBOFLHelper64.sys y TBOFLHelper.sys. • https://www.terabyteunlimited.com/image-for-windows • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34724 – PowerVR _UnrefAndMaybeDestroy() Use-After-Free
https://notcve.org/view.php?id=CVE-2024-34724
21 May 2024 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios en el kernel sin necesidad de permisos de ejecución adicionales. • https://packetstorm.news/files/id/178647 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31335 – PowerVR DevmemIntChangeSparse2() Dangling Page Table Entry
https://notcve.org/view.php?id=CVE-2024-31335
21 May 2024 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios en el kernel sin necesidad de permisos de ejecución adicionales. • https://packetstorm.news/files/id/178648 • CWE-783: Operator Precedence Logic Error •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36076
https://notcve.org/view.php?id=CVE-2024-36076
19 May 2024 — Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session. • https://github.com/Syslifters/sysreptor/releases/tag/2024.40 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35880 – io_uring/kbuf: hold io_buffer_list reference over mmap
https://notcve.org/view.php?id=CVE-2024-35880
19 May 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. ... A privileged local attacker could use this to cause a denial of service. • https://git.kernel.org/stable/c/09f7520048eaaee9709091cd2787966f807da7c5 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3291 – Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-3291
17 May 2024 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2024-09 • CWE-281: Improper Preservation of Permissions •