CVSS: 7.0EPSS: %CPEs: -EXPL: 0CVE-2024-6260 – Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6260
This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2024-20506 – ClamAV Privilege Handling Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20506
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. • https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7834 – Local privilege escalation in Overwolf
https://notcve.org/view.php?id=CVE-2024-7834
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. • https://www.cirosec.de/sa/sa-2024-004 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38456
https://notcve.org/view.php?id=CVE-2024-38456
A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. • https://www.schutzwerk.com/blog/schutzwerk-sa-2024-001 https://www.vivavis.com/en/solution/scada-en/high-leit https://www.vivavis.com/en/vivavis-high-leit-rce-vulnerability-cve-2024-38456 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20087
https://notcve.org/view.php?id=CVE-2024-20087
This could lead to local escalation of privilege with System execution privileges needed. ... Esto podría provocar una escalada local de privilegios, siendo necesarios los privilegios de ejecución de System. • https://corp.mediatek.com/product-security-bulletin/September-2024 • CWE-787: Out-of-bounds Write •