CWE:
 

Topic
Date
Author
Med.
Wondershare Dr Fone 12.9.6 Weak Permissions / Privilege Escalation
14.03.2023
Thurein Soe
High
CipherMail Community Virtual Appliance 4.6.2 Code Execution
10.06.2020
Core Security Technolo...
High
Opsview Monitor 5.x Command Execution
05.09.2018
Core Security Technolo...
High
Quest DR Series Disk Backup Software 4.0.3 Code Execution
01.06.2018
Core Security Technolo...
High
NetEx HyperIP 6.1.0 Post-Auth Command Execution
11.02.2018
Matt Bergin
High
TP-LINK TL-SC3171 Authentication Bypass
13.06.2013
Eliezer Varad Lopez, ...


CVEMAP Search Results

CVE
Details
Description
2024-07-09
Waiting for details
CVE-2024-35154

Updating...
 

 
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.

 
2024-07-02
Waiting for details
CVE-2024-32853

Updating...
 

 
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

 
2024-06-27
Waiting for details
CVE-2023-30997

Updating...
 

 
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.

 
2024-06-21
Waiting for details
CVE-2024-31890

Updating...
 

 
IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171.

 
2024-05-31
Waiting for details
CVE-2024-35142

Updating...
 

 
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418.

 
2024-05-17
Waiting for details
CVE-2024-5042

Updating...
 

 
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

 
2024-05-16
Waiting for details
CVE-2024-27260

Updating...
 

 
IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.

 
2024-05-14
Waiting for details
CVE-2024-25967

Updating...
 

 
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

 
2024-04-16
Waiting for details
CVE-2024-1626

Updating...
 

 
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly referencing the project's ID in the PATCH request to the '/v1/projects/:projectId' endpoint. This issue arises because the endpoint does not verify if the provided project ID belongs to the currently authenticated user, enabling unauthorized modifications across different organizational projects.

 
2024-01-03
Waiting for details
CVE-2023-30617

Updating...
 

 
Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top