CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-32359
https://notcve.org/view.php?id=CVE-2024-32359
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster. • http://carina.com https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906 https://github.com/HouqiyuA/k8s-rbac-poc https://github.com/carina-io/carina • CWE-285: Improper Authorization •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-33396
https://notcve.org/view.php?id=CVE-2024-33396
An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. • https://gist.github.com/HouqiyuA/2b56a893c06553013982836abb77ba50 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49606
https://notcve.org/view.php?id=CVE-2023-49606
A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. • https://github.com/d0rb/CVE-2023-49606 http://www.openwall.com/lists/oss-security/2024/05/07/1 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33512
https://notcve.org/view.php?id=CVE-2024-33512
There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33511
https://notcve.org/view.php?id=CVE-2024-33511
There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt • CWE-121: Stack-based Buffer Overflow •