CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52799 – Argo Workflows Chart: Excessive Privileges in Workflow Role
https://notcve.org/view.php?id=CVE-2024-52799
Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. • https://github.com/argoproj/argo-helm/security/advisories/GHSA-fgrf-2886-4q7m https://github.com/argoproj/argo-helm/commit/81dc44c4a5ccd42c799469a78eb96a68048a4987 • CWE-250: Execution with Unnecessary Privileges CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-11587 – idcCMS classProvCity.php GetCityOptionJs cross site scripting
https://notcve.org/view.php?id=CVE-2024-11587
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?id.285657 https://vuldb.com/?ctiid.285657 https://vuldb.com/?submit.442071 https://github.com/Hebing123/cve/issues/75 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11320 – Command Injection leading to RCE via LDAP Misconfiguration
https://notcve.org/view.php?id=CVE-2024-11320
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-48747
https://notcve.org/view.php?id=CVE-2024-48747
An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. • https://github.com/6pc1/BugHub/blob/main/alist-tvbox%20command%20execution%20vulnerability.pdf •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49529 – InDesign Desktop | Out-of-bounds Read (CWE-125)
https://notcve.org/view.php?id=CVE-2024-49529
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://helpx.adobe.com/security/products/indesign/apsb24-91.html • CWE-125: Out-of-bounds Read •