CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-36534
https://notcve.org/view.php?id=CVE-2024-36534
Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/0de688e6b874e480ddc1154350368450 • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36535
https://notcve.org/view.php?id=CVE-2024-36535
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/2950c3993cdeff23afcbd73ba7a33879 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36540
https://notcve.org/view.php?id=CVE-2024-36540
Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1575
https://notcve.org/view.php?id=CVE-2024-1575
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6121 – NI SystemLink Server Ships Out of Date Redis Version
https://notcve.org/view.php?id=CVE-2024-6121
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/ni-systemlink-server-ships-out-of-date-redis-version.html • CWE-1395: Dependency on Vulnerable Third-Party Component •