CVE-2023-52628 – netfilter: nftables: exthdr: fix 4-byte stack OOB write
https://notcve.org/view.php?id=CVE-2023-52628
This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/stable/c/49499c3e6e18b7677a63316f3ff54a16533dc28f https://git.kernel.org/stable/c/28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a https://git.kernel.org/stable/c/cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb https://git.kernel.org/stable/c/a7d86a77c33ba1c357a7504341172cc1507f0698 https://git.kernel.org/stable/c/1ad7b189cc1411048434e8595ffcbe7873b71082 https://git.kernel.org/stable/c/d9ebfc0f21377690837ebbd119e679243e0099cc https://git.kernel.org/stable/c/c8f292322ff16b9a2272a67de396c09a50e09dce https://git.kernel.org/stable/c/fd94d9dadee58e09b49075240fe83423e • CWE-787: Out-of-bounds Write •
CVE-2024-23482 – ZScalerService Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-23482
The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2024 • CWE-20: Improper Input Validation •
CVE-2024-25420
https://notcve.org/view.php?id=CVE-2024-25420
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. • https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421 https://www.igniterealtime.org/projects/openfire • CWE-273: Improper Check for Dropped Privileges •
CVE-2024-25421
https://notcve.org/view.php?id=CVE-2024-25421
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. • https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421 https://www.igniterealtime.org/projects/openfire • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-24892 – Unauthorized RCE in migration-tools
https://notcve.org/view.php?id=CVE-2024-24892
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. • https://gitee.com/src-openeuler/migration-tools/pulls/12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-269: Improper Privilege Management •