Free Trial

CVE-2024-52522 : RCLONE UP TO 1.68.1 PERMISSIONS

Description

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with –links and –metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.

References

https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv

https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2024-52522 : RCLONE UP TO 1.68.1 PERMISSIONS
CVE-2024-52522 : RCLONE UP TO 1.68.1 PERMISSIONS

Contact us to get started

CVE-2024-49592 : MCAFEE TRIAL INSTALLER 16.0.53 ACCESS CONTROL

CVE-2024-49592 : MCAFEE TRIAL INSTALLER 16.0.53 ACCESS CONTROL

Description McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges. References https://www.mcafee.com/support/s/article/000002516?language=en_US For More

Learn more
CVE-2024-10934 : OPENBSD UP TO 7.4 ERRATA 020/7.5 ERRATA 007 NFS CLIENT/NFS SERVER DOUBLE FREE

CVE-2024-10934 : OPENBSD UP TO 7.4 ERRATA 020/7.5 ERRATA 007 NFS CLIENT/NFS SERVER DOUBLE FREE

Description In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS

Learn more
CVE-2024-40638 : GLPI UP TO 10.0.16 SQL INJECTION

CVE-2024-40638 : GLPI UP TO 10.0.16 SQL INJECTION

Description GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities.

Learn more