CVE-2024-6908 – Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request
https://notcve.org/view.php?id=CVE-2024-6908
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data. • https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662 https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb • CWE-269: Improper Privilege Management •
CVE-2024-41602
https://notcve.org/view.php?id=CVE-2024-41602
Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL Vulnerabilidad de falsificación de solicitudes entre sitios en Spina CMS v.2.18.0 y anteriores permite a un atacante remoto escalar privilegios a través de una URL manipulada • https://github.com/topsky979/Security-Collections/tree/main/CVE-2024-41602 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-30473
https://notcve.org/view.php?id=CVE-2024-30473
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. • https://www.dell.com/support/kbdoc/en-us/000227051/dsa-2024-239-security-update-dell-ecs-3-8-1-1-for-multiple-security-vulnerabilities • CWE-269: Improper Privilege Management •
CVE-2024-34013
https://notcve.org/view.php?id=CVE-2024-34013
Local privilege escalation due to OS command injection vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7035 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-21164 – Oracle VirtualBox EHCI USB Controller Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21164
An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2024.html •