Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5042 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster. | |||||
| CVE-2024-45034 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability. | |||||
| CVE-2024-3498 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-3330 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction from a person other than the attacker., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitrary code as the account running the Web player process, In the case of Automation Services: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code via Automation Services..This issue affects Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0 through 14.0.2; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0 through 14.0.3, from 14.2.0 through 14.3.0; Spotfire for AWS Marketplace: from 14.0 before 14.3.0. | |||||
| CVE-2024-35154 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 7.2 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641. | |||||
| CVE-2024-34477 | 2024-11-21 | N/A | 7.8 HIGH | ||
| configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file. | |||||
| CVE-2024-32853 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 4.4 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | |||||
| CVE-2024-31890 | 2024-11-21 | N/A | 7.8 HIGH | ||
| IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171. | |||||
| CVE-2024-27260 | 2024-11-21 | N/A | 8.4 HIGH | ||
| IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. | |||||
| CVE-2024-27147 | 2024-11-21 | N/A | 7.4 HIGH | ||
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27146 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27143 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27110 | 2024-11-21 | N/A | 8.4 HIGH | ||
| Elevation of privilege vulnerability in GE HealthCare EchoPAC products | |||||
| CVE-2024-25421 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. | |||||
| CVE-2024-24245 | 2024-11-21 | N/A | 7.8 HIGH | ||
| An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. | |||||
| CVE-2024-23743 | 2 Apple, Notion | 2 Macos, Notion | 2024-11-21 | N/A | 3.3 LOW |
| Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment." | |||||
| CVE-2024-23299 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 8.6 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox. | |||||
| CVE-2024-22017 | 2024-11-21 | N/A | 7.3 HIGH | ||
| setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21. | |||||
| CVE-2024-21184 | 1 Oracle | 1 Database Server | 2024-11-21 | N/A | 7.2 HIGH |
| Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having Execute on SYS.XS_DIAG privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks of this vulnerability can result in takeover of Oracle Database RDBMS Security. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2024-20435 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials. | |||||