7.3
CVE-2024-54131 - Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)
The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher starβ¦
4.7
CVE-2024-53672 - Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Mβ¦
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
4.8
CVE-2024-51773 - Authenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Weβ¦
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized tβ¦
6.4
CVE-2024-51772 - Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interfβ¦
An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
7.2
CVE-2024-51771 - Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-β¦
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating sysβ¦
8.8
CVE-2024-12053 -
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
6.7
CVE-2024-52548 - Lorex 2K Indoor Wi-Fi Security Camera - Code signing bypass
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
7.2
CVE-2024-52547 - Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
5.3
CVE-2024-52546 - Lorex 2K Indoor Wi-Fi Security Camera - Null pointer dereference
An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
6.5
CVE-2024-52545 - Lorex 2K Indoor Wi-Fi Security Camera - Out of bounds heap read
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.