CVE-2024-7062 : NIMBLE COMMANDER UP TO 1.6.0 BUILD 4087 ON MACOS INFO.FILESMANAGER.FILES.PRIVILEGEDIOHELPERV2 AUTHORIZATION

Description

Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations.

References

https://pentraze.com/vulnerability-reports/CVE-2024-7062/

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

Description In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC)

CVE-2024-48956 : SERVICEWARE PROCESSES UP TO 7.3 HTTP REQUEST IMPROPER AUTHENTICATION

CVE-2024-48956 : SERVICEWARE PROCESSES UP TO 7.3 HTTP REQUEST IMPROPER AUTHENTICATION

Description Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a

CVE-2024-12369 : RED HAT KEYCLOAK/JBOSS ENTERPRISE APPLICATION PLATFORM WILDFLY-ELYTRON-OIDC-CLIENT-SUBSYSTEM CODE INJECTION

CVE-2024-12369 : RED HAT KEYCLOAK/JBOSS ENTERPRISE APPLICATION PLATFORM WILDFLY-ELYTRON-OIDC-CLIENT-SUBSYSTEM CODE INJECTION

Description A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using