PT-2024-17702 · Iobit · Iobit Advanced Systemcare Ultimate +1

Name of the Vulnerable Software and Affected Versions: IObit Advanced SystemCare Ultimate versions up to 17.0.0 Description: A vulnerability was found in the function 0x8001E024 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference...

PT-2024-17701 · Iobit · Iobit Advanced Systemcare Ultimate +1

Name of the Vulnerable Software and Affected Versions: IObit Advanced SystemCare Ultimate versions up to 17.0.0 Description: A vulnerability was found in the function 0x8001E018 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference...

CVE-2024-12552

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

CVE-2024-11872

CVE-2024-11872 : Epic Games Launcher contains an incorrect default permission issue in its product installer, enabling a local attacker with low privileges to escalate to SYSTEM by exploiting mis‑configured permissions on a sensitive folder. Existence and impact are supported by the ZDI advisory ...

CVE-2024-11598

Ivanti Application Control is affected by CVE-2024-11598 due to insecure permissions that enable local privilege escalation for a local authenticated attacker. Affected versions are pre-2024.3 HF1, pre-2024.1 HF2, and pre-2023.3 HF3. Mitigation: upgrade to 2024.3 HF1, 2024.1 HF4, or 2023.3 HF3, r...

CVE-2024-53292

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed...

CVE-2024-53290

Dell ThinOS 2408 is affected by a local, unauthenticated Command Injection due to improper neutralization of special elements. The CVE-2024-53290 entry documents allow command execution with high impact (C/H, I/H, A/H) and a local attack vector; no exploitation or patch details are confirmed in t...

CVE-2024-52051

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 All versions, SIMATIC S7-PLCSIM V18 All versions, SIMATIC STEP 7 Safety V17 All versions V17 Update 9, SIMATIC STEP 7 Safety V18 All versions, SIMATIC STEP 7 Safety V19 All versions V19 Update 4, SIMATIC STEP 7 V17 All versions V17 Upda...

CVE-2024-12354

A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. T...

CVE-2024-12355

A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper input validation. The attack needs to be approached...

CVE-2024-12354 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow

A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. T...

CVE-2024-12353 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation

A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking...

CVE-2024-12353

CVE-2024-12353 affects SourceCodester Phone Contact Manager System 1.0, specifically the User Menu component’s UserInterface::MenuDisplayStart function. The vulnerability arises from improper input validation caused by manipulating the name argument, enabling a local attack. Public exploit detail...

CVE-2024-12185

A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be...

CVE-2024-12185

CVE-2024-12185 affects Code-Projects Hotel Management System 1.0 in the Administrator Login Password Handler. The vulnerability is a stack-based buffer overflow triggered by manipulating the Str2 argument, with a local attack required. Public exploit information has been disclosed. Related adviso...

Cisco Unified Computing System Unrestricted Upload of File with Dangerous Type (CVE-2017-12332)

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

CVE-2024-8357

Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this...

CVE-2024-7227

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system ...

CVE-2024-30377 G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability

G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target...

xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability

A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org serv...