CVE-2024-41228
https://notcve.org/view.php?id=CVE-2024-41228
A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files. • https://gist.github.com/cafan/68ed2d065a4b9c1c37c70a18077ad27b • CWE-269: Improper Privilege Management •
CVE-2024-40441
https://notcve.org/view.php?id=CVE-2024-40441
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter. • https://github.com/doccano/doccano/releases/tag/v1.8.4 https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23 https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40441 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-34331
https://notcve.org/view.php?id=CVE-2024-34331
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. • https://kb.parallels.com/129860 https://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html • CWE-269: Improper Privilege Management •
CVE-2024-40442
https://notcve.org/view.php?id=CVE-2024-40442
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. • https://github.com/doccano/doccano/releases/tag/v1.8.4 https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23 https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40442 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-39842 – Centreon updateContactHostCommands_MC SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39842
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3809 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •