CVE-2024-30084 – Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30084
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador en modo kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30084 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2024-35250 – Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-35250
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del controlador en modo kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... The issue results from improper handling of privilege context transitions. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/varwara/CVE-2024-35250 https://github.com/0xjiefeng/CVE-2024-35250-BOF https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVE-2024-30082 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30082
Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30082 • CWE-416: Use After Free •
CVE-2024-37130
https://notcve.org/view.php?id=CVE-2024-37130
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. ... Un usuario malintencionado local con pocos privilegios podría explotar esta vulnerabilidad y escalar sus privilegios al usuario administrador y obtener el control total de la máquina. • https://www.dell.com/support/kbdoc/en-us/000225914/dsa-2024-264-dell-openmanage-server-administrator-omsa-security-update-for-local-privilege-escalation-via-xsl-hijacking-vulnerability • CWE-427: Uncontrolled Search Path Element •
CVE-2024-36821
https://notcve.org/view.php?id=CVE-2024-36821
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Permisos inseguros en Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 permite a los atacantes escalar privilegios de Invitado a raíz a través de un directory traversal. • https://github.com/IvanGlinkin/CVE-2024-36821 https://downloads.linksys.com/support/assets/releasenotes/WHW01_VLP01_1.1.13.202617_Customer_Release_Notes.txt • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •