CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-40441
https://notcve.org/view.php?id=CVE-2024-40441
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter. • https://github.com/doccano/doccano/releases/tag/v1.8.4 https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23 https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40441 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34331
https://notcve.org/view.php?id=CVE-2024-34331
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. • https://kb.parallels.com/129860 https://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-40442
https://notcve.org/view.php?id=CVE-2024-40442
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. • https://github.com/doccano/doccano/releases/tag/v1.8.4 https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23 https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40442 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2023-47480
https://notcve.org/view.php?id=CVE-2023-47480
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function. • https://puredata.info https://github.com/pure-data/pure-data/issues/2063 https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d • CWE-252: Unchecked Return Value •
CVSS: 7.2EPSS: 1%CPEs: 2EXPL: 0CVE-2024-8957 – PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-8957
PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. • https://ptzoptics.com/firmware-changelog https://vulncheck.com/advisories/ptzoptics-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •