CVE-2024-40442
https://notcve.org/view.php?id=CVE-2024-40442
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. • https://github.com/doccano/doccano/releases/tag/v1.8.4 https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23 https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40442 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-47480
https://notcve.org/view.php?id=CVE-2023-47480
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function. • https://puredata.info https://github.com/pure-data/pure-data/issues/2063 https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d • CWE-252: Unchecked Return Value •
CVE-2024-8957 – PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-8957
PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. • https://ptzoptics.com/firmware-changelog https://vulncheck.com/advisories/ptzoptics-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-38813 – Privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-38813
A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 • CWE-250: Execution with Unnecessary Privileges CWE-273: Improper Check for Dropped Privileges •
CVE-2024-45496 – Openshift-controller-manager: elevated build pods can lead to node compromise in openshift
https://notcve.org/view.php?id=CVE-2024-45496
This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. ... An attacker running code in a privileged container could escalate their permissions on the node running the container. • https://access.redhat.com/security/cve/CVE-2024-45496 https://bugzilla.redhat.com/show_bug.cgi?id=2308661 https://access.redhat.com/errata/RHSA-2024:6685 https://access.redhat.com/errata/RHSA-2024:6687 https://access.redhat.com/errata/RHSA-2024:6689 https://access.redhat.com/errata/RHSA-2024:6691 https://access.redhat.com/errata/RHSA-2024:6705 • CWE-269: Improper Privilege Management •