CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2024-28285
https://notcve.org/view.php?id=CVE-2024-28285
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges. • https://gist.github.com/liang-junkai/3e91f58070812ea76c1b8c126c3e28c7 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-285: Improper Authorization •
CVSS: 7.8EPSS: %CPEs: -EXPL: 1CVE-2024-22774
https://notcve.org/view.php?id=CVE-2024-22774
An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component. • https://github.com/Gray-0men/CVE-2024-22774 https://blueteamalpha.com/blog/new-vulnerability-discovered-in-panoramic-x-ray-software https://pancorp.com/index.html https://pancorp.com/pdf/Panoramic-Dental-Imaging-%28GLAN%29-Windows-10x64-Setup-Rev3.pdf https://pancorp.com/software/files/PANCORP_DENTAL_IMAGING_9.1.2.7600.exe • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-22270 – VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22270
A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. ... The issue results from the lack of proper initialization of memory prior to accessing it.An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-22269 – VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22269
A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-22267 – VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-22267
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. ... This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 •