CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-36883 – net: fix out-of-bounds access in ops_init
https://notcve.org/view.php?id=CVE-2024-36883
This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/stable/c/073862ba5d249c20bd5c49fc6d904ff0e1f6a672 https://git.kernel.org/stable/c/561331eae0a03d0c4cf60f3cf485aa3e8aa5ab48 https://git.kernel.org/stable/c/a2c82f7bee1ffa9eafa1fb0bd886a7eea8c9e497 https://git.kernel.org/stable/c/3cdc34d76c4f777579e28ad373979d36c030cfd3 https://git.kernel.org/stable/c/7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f https://git.kernel.org/stable/c/0c3248bc708a7797be573214065cf908ff1f54c7 https://git.kernel.org/stable/c/9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030 https://git.kernel.org/stable/c/2d60ff5874aefd006717ca5e22ac1e25e • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30369 – A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-30369
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369 https://www.zerodayinitiative.com/advisories/ZDI-24-525 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31510
https://notcve.org/view.php?id=CVE-2024-31510
An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component. • https://gist.github.com/liang-junkai/a9fc693f8bdf176e9d9f56773bf20703 https://github.com/liang-junkai/Fault-injection-of-ML-DSA https://github.com/open-quantum-safe/liboqs • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5292 – D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5292
D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-443 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35224 – Stored Cross-Site Scripting (XSS) in OpenProject
https://notcve.org/view.php?id=CVE-2024-35224
A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. • https://community.openproject.org/projects/openproject/work_packages/55198/relations https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •