Page 14 of 3490 results (0.027 seconds)

CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0

A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files. • https://gist.github.com/cafan/68ed2d065a4b9c1c37c70a18077ad27b • CWE-269: Improper Privilege Management •

CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter. • https://github.com/doccano/doccano/releases/tag/v1.8.4 https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23 https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40441 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. • https://kb.parallels.com/129860 https://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html • CWE-269: Improper Privilege Management •

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. • https://github.com/doccano/doccano/releases/tag/v1.8.4 https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23 https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40442 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3809 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •