CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-40442
https://notcve.org/view.php?id=CVE-2024-40442
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. • https://github.com/doccano/doccano/releases/tag/v1.8.4 https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23 https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40442 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2023-47480
https://notcve.org/view.php?id=CVE-2023-47480
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function. • https://puredata.info https://github.com/pure-data/pure-data/issues/2063 https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d • CWE-252: Unchecked Return Value •
CVSS: 7.2EPSS: 1%CPEs: 2EXPL: 0CVE-2024-8957 – PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-8957
PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. • https://ptzoptics.com/firmware-changelog https://vulncheck.com/advisories/ptzoptics-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-38813 – VMware vCenter Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-38813
A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 • CWE-250: Execution with Unnecessary Privileges CWE-273: Improper Check for Dropped Privileges •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-45496 – Openshift-controller-manager: elevated build pods can lead to node compromise in openshift
https://notcve.org/view.php?id=CVE-2024-45496
This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. ... An attacker running code in a privileged container could escalate their permissions on the node running the container. • https://access.redhat.com/security/cve/CVE-2024-45496 https://bugzilla.redhat.com/show_bug.cgi?id=2308661 https://access.redhat.com/errata/RHSA-2024:6685 https://access.redhat.com/errata/RHSA-2024:6687 https://access.redhat.com/errata/RHSA-2024:6689 https://access.redhat.com/errata/RHSA-2024:6691 https://access.redhat.com/errata/RHSA-2024:6705 • CWE-269: Improper Privilege Management •