Category: Privilege escalation
-
Red Hat OpenShift Container Platform vulnerability (CVE-2024-45496)
CVE-2024-45496 is a critical security vulnerability affecting Red Hat’s OpenShift Container Platform, with a CVSS score of 9.9. The vulnerability stems from improper privilege management during the build process, specifically in the git-clone container. This container is run with elevated privileges, allowing an attacker with developer-level access to insert a malicious .gitconfig file during the…
-
VMware ESXi Authentication Bypass Vulnerability (CVE-2024-37085)
CVE-2024-37085 is an authentication bypass vulnerability in VMware ESXi. It allows a malicious actor with sufficient Active Directory (AD) permissions to gain full administrative access to an ESXi host. This vulnerability occurs when an attacker re-creates or renames an AD group to match the default ESXi group name (“ESXi Admins”), enabling unauthorized access. The group…
-
Redundant Prefix Issue (CVE-2023-23583)
Redundant Prefix Issue is a security vulnerability in some Intel Processors may allow Privilege Escalation and/or Denial of Service and/or Information Disclosure via local access. (see INTEL-SA-00950 and CVE-2023-23583 for details)
-
Privilege escalation
Privilege escalation in cybersecurity refers to the act of an unauthorized user or process gaining higher-level privileges or permissions than they initially had within a computer system or network. This typically involves elevating one’s access rights to perform actions or access resources that are restricted to privileged or administrative users. There are two primary types…