CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3037 – Arbitrary File Deletion in PaperCut NG/MF Web Print
https://notcve.org/view.php?id=CVE-2024-3037
However, this vulnerability could pose a risk to customers who allow non-administrative users to log in to the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split into two separate CVEs (CVE-2024-3037 and CVE-2024-8404) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard users on the host server. This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.papercut.com/kb/Main/security-bulletin-may-2024 https://www.papercut.com/kb/Main/Security-Bulletin-May-2024 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30033
Windows Search Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de búsqueda de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27397 – netfilter: nf_tables: use timestamp to check for set element timeout
https://notcve.org/view.php?id=CVE-2024-27397
This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/stable/c/c3e1b005ed1cc068fc9d454a6e745830d55d251d https://git.kernel.org/stable/c/f8dfda798650241c1692058713ca4fef8e429061 https://git.kernel.org/stable/c/eaf1a29ea5d7dba8e84e9e9f3b3f47d0cd540bfe https://git.kernel.org/stable/c/7b17de2a71e56c10335b565cc7ad238e6d984379 https://git.kernel.org/stable/c/0d40e8cb1d1f56a994cdd2e015af622fdca9ed4d https://git.kernel.org/stable/c/b45176b869673417ace338b87cf9cdb66e2eeb01 https://git.kernel.org/stable/c/383182db8d58c4237772ba0764cded4938a235c3 https://git.kernel.org/stable/c/7395dfacfff65e9938ac0889dafa1ab01 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4605 – Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-4605
As a result they can escalate their privileges or execute arbitrary code. • https://breakdance.com/breakdance-1-7-2-now-available-security-update https://www.wordfence.com/threat-intel/vulnerabilities/id/095b23b7-71ab-41eb-b666-73df2e1a7eb4?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29210
https://notcve.org/view.php?id=CVE-2024-29210
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. ... If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. ... Se ha identificado una vulnerabilidad de escalada de privilegios locales (LPE) en Phish Alert Button for Outlook (PAB), específicamente dentro de sus funcionalidades de gestión de configuración. • https://support.knowbe4.com/hc/en-us/articles/28959854203923-CVE-2024-29210 • CWE-269: Improper Privilege Management •