CVE-2024-7387 – Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
https://notcve.org/view.php?id=CVE-2024-7387
An attacker running code in a privileged container could escalate their permissions on the node running the container. • https://access.redhat.com/security/cve/CVE-2024-7387 https://bugzilla.redhat.com/show_bug.cgi?id=2302259 https://access.redhat.com/errata/RHSA-2024:6685 https://access.redhat.com/errata/RHSA-2024:6687 https://access.redhat.com/errata/RHSA-2024:6689 https://access.redhat.com/errata/RHSA-2024:6691 https://access.redhat.com/errata/RHSA-2024:6705 https://stuxxn.github.io/advisory/2024/10/02/openshift-build-docker-priv-esc.html • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-8766
https://notcve.org/view.php?id=CVE-2024-8766
Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7218 • CWE-427: Uncontrolled Search Path Element •
CVE-2024-34016
https://notcve.org/view.php?id=CVE-2024-34016
Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7188 • CWE-427: Uncontrolled Search Path Element •
CVE-2024-7756
https://notcve.org/view.php?id=CVE-2024-7756
A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-489: Active Debug Code •
CVE-2024-42025
https://notcve.org/view.php?id=CVE-2024-42025
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. • https://community.ui.com/releases/Security-Advisory-Bulletin-042-042/c4f68b56-cdc4-4128-b2cb-5870209d1704 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •