CVE-2024-35880 – io_uring/kbuf: hold io_buffer_list reference over mmap
https://notcve.org/view.php?id=CVE-2024-35880
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/09f7520048eaaee9709091cd2787966f807da7c5 https://git.kernel.org/stable/c/5cf4f52e6d8aa2d3b7728f568abbf9d42a3af252 https://git.kernel.org/stable/c/65938e81df2197203bda4b9a0c477e7987218d66 https://git.kernel.org/stable/c/5fd8e2359498043e0b5329a05f02d10a9eb91eb9 https://git.kernel.org/stable/c/561e4f9451d65fc2f7eef564e0064373e3019793 https://access.redhat.com/security/cve/CVE-2024-35880 https://bugzilla.redhat.com/show_bug.cgi?id=2281713 •
CVE-2024-3291 – Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-3291
This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2024-09 • CWE-281: Improper Preservation of Permissions •
CVE-2024-3289
https://notcve.org/view.php?id=CVE-2024-3289
This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2024-08 • CWE-281: Improper Preservation of Permissions •
CVE-2023-51636 – Avira Prime Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51636
Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-469 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-35102
https://notcve.org/view.php?id=CVE-2024-35102
Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script. • https://vuln2you.blogspot.com/2024/05/avediaserver-unauthorised-api-access.html •