CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36536
https://notcve.org/view.php?id=CVE-2024-36536
Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/381f100f2ba82a8ada03994aac5bb2e8 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-36539
https://notcve.org/view.php?id=CVE-2024-36539
Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://github.com/Abdurahmon3236/CVE-2024-36539 https://gist.github.com/HouqiyuA/c92f9ec979653dceeea947afd0b47a80 • CWE-277: Insecure Inherited Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1575
https://notcve.org/view.php?id=CVE-2024-1575
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6121 – NI SystemLink Server Ships Out of Date Redis Version
https://notcve.org/view.php?id=CVE-2024-6121
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/ni-systemlink-server-ships-out-of-date-redis-version.html • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6908 – Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request
https://notcve.org/view.php?id=CVE-2024-6908
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data. • https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662 https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb • CWE-269: Improper Privilege Management •