CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-36539
https://notcve.org/view.php?id=CVE-2024-36539
24 Jul 2024 — Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://github.com/Abdurahmon3236/CVE-2024-36539 • CWE-277: Insecure Inherited Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36536
https://notcve.org/view.php?id=CVE-2024-36536
24 Jul 2024 — Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/381f100f2ba82a8ada03994aac5bb2e8 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36540
https://notcve.org/view.php?id=CVE-2024-36540
24 Jul 2024 — Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36535
https://notcve.org/view.php?id=CVE-2024-36535
24 Jul 2024 — Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/2950c3993cdeff23afcbd73ba7a33879 • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36537
https://notcve.org/view.php?id=CVE-2024-36537
24 Jul 2024 — Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/27879a6366a65fcd5f6c6fcbcf68d8e3 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36538
https://notcve.org/view.php?id=CVE-2024-36538
24 Jul 2024 — Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/f06d1fa07b5287b862c1e0b288f301e5 • CWE-278: Insecure Preserved Inherited Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6714 – Ubuntu Security Notice USN-6912-1
https://notcve.org/view.php?id=CVE-2024-6714
23 Jul 2024 — An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege. Se descubrió un problema en provd anterior a la versión 0.1.5 con un binario setuid, que permite a un atacante local escalar sus privilegios. ... A local attacker could possibly use this issue to run arbitrary programs and escalate privileges. • https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574 • CWE-73: External Control of File Name or Path •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1575
https://notcve.org/view.php?id=CVE-2024-1575
23 Jul 2024 — The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6121 – NI SystemLink Server Ships Out of Date Redis Version
https://notcve.org/view.php?id=CVE-2024-6121
22 Jul 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/ni-systemlink-server-ships-out-of-date-redis-version.html • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6908 – Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request
https://notcve.org/view.php?id=CVE-2024-6908
19 Jul 2024 — Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data. • https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662 • CWE-269: Improper Privilege Management •