CVE-2024-3037 – Arbitrary File Deletion in PaperCut NG/MF Web Print
https://notcve.org/view.php?id=CVE-2024-3037
This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). ... Esta vulnerabilidad requiere acceso a la consola o inicio de sesión local al servidor PaperCut NG/MF (por ejemplo, miembro de un grupo de administración de dominio). ... To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which typically restricts local login access to Administrators only. ... This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.papercut.com/kb/Main/security-bulletin-may-2024 https://www.papercut.com/kb/Main/Security-Bulletin-May-2024 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30033
Windows Search Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de búsqueda de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-23708
https://notcve.org/view.php?id=CVE-2024-23708
This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://github.com/uthrasri/CVE-2024-23708 https://android.googlesource.com/platform/frameworks/base/+/0c095c365ede36257e829769194f9596a598e560 https://source.android.com/security/bulletin/2024-05-01 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVE-2024-23707
https://notcve.org/view.php?id=CVE-2024-23707
This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/packages/apps/Settings/+/f1d0079c91734168c150f839168544f407b17b06 https://source.android.com/security/bulletin/2024-05-01 • CWE-20: Improper Input Validation •
CVE-2024-23706
https://notcve.org/view.php?id=CVE-2024-23706
This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/packages/modules/HealthFitness/+/6e6896c3fd8139779ff8d51a99ee06667e849d87 https://source.android.com/security/bulletin/2024-05-01 • CWE-20: Improper Input Validation •