CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41708
https://notcve.org/view.php?id=CVE-2024-41708
25 Sep 2024 — An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. • https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34331
https://notcve.org/view.php?id=CVE-2024-34331
23 Sep 2024 — A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. • https://kb.parallels.com/129860 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39842 – Centreon updateContactHostCommands_MC SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39842
23 Sep 2024 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39843 – Centreon updateAccessGroupLinks_MC SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39843
23 Sep 2024 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40441
https://notcve.org/view.php?id=CVE-2024-40441
23 Sep 2024 — An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter. • https://github.com/doccano/doccano/releases/tag/v1.8.4 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40442
https://notcve.org/view.php?id=CVE-2024-40442
23 Sep 2024 — An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. • https://github.com/doccano/doccano/releases/tag/v1.8.4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41228
https://notcve.org/view.php?id=CVE-2024-41228
23 Sep 2024 — A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files. • https://gist.github.com/cafan/68ed2d065a4b9c1c37c70a18077ad27b • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47480
https://notcve.org/view.php?id=CVE-2023-47480
20 Sep 2024 — An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function. • https://puredata.info • CWE-252: Unchecked Return Value •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-8957 – PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-8957
17 Sep 2024 — PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. • https://ptzoptics.com/firmware-changelog • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38813 – VMware vCenter Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-38813
17 Sep 2024 — A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 • CWE-250: Execution with Unnecessary Privileges CWE-273: Improper Check for Dropped Privileges •