CVSS: 7.8EPSS: %CPEs: -EXPL: 1CVE-2024-31771
https://notcve.org/view.php?id=CVE-2024-31771
14 May 2024 — Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file La vulnerabilidad de permiso inseguro en TotalAV v.6.0.740 permite a un atacante local escalar privilegios a través de un archivo manipulado • https://github.com/restdone/CVE-2024-31771 • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2024-28285
https://notcve.org/view.php?id=CVE-2024-28285
14 May 2024 — A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges. • https://gist.github.com/liang-junkai/3e91f58070812ea76c1b8c126c3e28c7 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-285: Improper Authorization •
CVSS: 7.8EPSS: %CPEs: -EXPL: 1CVE-2024-22774
https://notcve.org/view.php?id=CVE-2024-22774
14 May 2024 — An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component. Un problema en Panoramic Corporation Digital Imaging Software v.9.1.2.7600 permite a un atacante local escalar privilegios a través del componente ccsservice.exe. • https://github.com/Gray-0men/CVE-2024-22774 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22270 – VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22270
14 May 2024 — A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. ... The issue ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22269 – VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22269
14 May 2024 — A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. ... An attacke... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22267 – VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-22267
14 May 2024 — A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. ... This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. ... An... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28137 – PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series
https://notcve.org/view.php?id=CVE-2024-28137
14 May 2024 — A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. Un atacante local con privilegios bajos puede realizar una escalada de privilegios con un script de inicio debido a una vulnerabilidad de TOCTOU. This vulnerability allows local attackers to escalate ... • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28133 – PHOENIX CONTACT: Privilege escalation in CHARX Series
https://notcve.org/view.php?id=CVE-2024-28133
14 May 2024 — A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. Un atacante local con pocos privilegios puede utilizar una ruta de búsqueda que no sea de confianza en una utilidad del sistema CHARX para obtener privilegios de root. This vulnerability allows local attackers to escalate privileges on... • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-426: Untrusted Search Path •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2020-18305
https://notcve.org/view.php?id=CVE-2020-18305
14 May 2024 — Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. • https://gist.github.com/yasinyilmaz/1fe3fe58dd275edb77dcbe890fce2f2c • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4712 – Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler
https://notcve.org/view.php?id=CVE-2024-4712
14 May 2024 — This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). ... This can lead to local privilege escalation. This can lead to local privilege escalation. ... This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbi... • https://www.papercut.com/kb/Main/security-bulletin-may-2024 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •