CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-10526 – Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service
https://notcve.org/view.php?id=CVE-2024-10526
Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. This issue is fixed in version 0.73.3. Las versiones del instalador MSI de Rapid7 Velociraptor anteriores a la 0.73.3 sufren una vulnerabilidad que crea el directorio de instalación con el permiso WRITE_DACL para el grupo BUILTIN\\Users. • https://docs.velociraptor.app/announcements/2024-cves • CWE-552: Files or Directories Accessible to External Parties CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47255
https://notcve.org/view.php?id=CVE-2024-47255
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions. • https://www.2n.com/en-GB/about-2n/cybersecurity https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47254
https://notcve.org/view.php?id=CVE-2024-47254
In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system. • https://www.2n.com/en-GB/about-2n/cybersecurity https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48336
https://notcve.org/view.php?id=CVE-2024-48336
The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. • https://github.com/canyie/MagiskEoP https://github.com/topjohnwu/Magisk/commit/c2eb6039579b8a2fb1e11a753cea7662c07bec02 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-27524
https://notcve.org/view.php?id=CVE-2024-27524
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. • https://github.com/chamilo/chamilo-lms/commit/53275c152275958b33a1f87a21843daa52fb543a https://www.less-secure.com/2024/10/chamilo-lms-cve-2024-27524-cve-2024.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •