CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7062 – Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087
https://notcve.org/view.php?id=CVE-2024-7062
Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations. Nimble Commander sufre una vulnerabilidad de escalada de privilegios debido a que el servidor (info.filesmanager.Files.PrivilegedIOHelperV2) realiza una validación incorrecta o insuficiente de la autorización de un cliente antes de ejecutar una operación. En consecuencia, es posible ejecutar comandos a nivel de sistema como usuario root, como cambiar permisos y propiedad, obtener un identificador (descriptor de archivo) de un archivo arbitrario y finalizar procesos, entre otras operaciones. • https://pentraze.com/vulnerability-reports/CVE-2024-7062 • CWE-863: Incorrect Authorization •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27357
https://notcve.org/view.php?id=CVE-2024-27357
Local Privilege Escalation can occur during installations or updates by admins. • https://www.withsecure.com/en/support/security-advisories/cve-2024-27357 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40433
https://notcve.org/view.php?id=CVE-2024-40433
Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component. • https://github.com/yikaikkk/CookieShareInWebView/blob/master/README.md • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36542
https://notcve.org/view.php?id=CVE-2024-36542
Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/e1685843b6f42b47dbf97e2e92e63428 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36536
https://notcve.org/view.php?id=CVE-2024-36536
Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/381f100f2ba82a8ada03994aac5bb2e8 • CWE-863: Incorrect Authorization •