CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-24912 – Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file
https://notcve.org/view.php?id=CVE-2024-24912
A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. Se ha identificado una vulnerabilidad de escalada de privilegios local en Harmony Endpoint Security Client para las versiones E88.10 y anteriores de Windows. Para aprovechar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar código privilegiado local en el sistema de destino. • https://support.checkpoint.com/results/sk/sk182244 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-22830
https://notcve.org/view.php?id=CVE-2024-22830
This allows a local attacker to escalate privileges from regular user to System or PPL level. ... Esto permite a un atacante local escalar privilegios desde el nivel de usuario normal al nivel de Sistema o PPL. • http://anti-cheat.com https://intl.anticheatexpert.com/#/tool-center https://www.defencetech.it/wp-content/uploads/2024/04/Report-CVE-2024-22830.pdf • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-33775
https://notcve.org/view.php?id=CVE-2024-33775
An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. • https://github.com/Neo-XeD/CVE-2024-33775 https://www.nagios.com/changelog/#nagios-xi • CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 1CVE-2024-2378
https://notcve.org/view.php?id=CVE-2024-2378
If exploited an attacker could escalate privileges on af-fected installations. • https://github.com/HazardLab-IO/CVE-2024-23780 https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33465
https://notcve.org/view.php?id=CVE-2024-33465
Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. • https://hbzms.github.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •