Search criteria
12 vulnerabilities
CVE-2024-1244 (GCVE-0-2024-1244)
Vulnerability from cvelistv5 – Published: 2025-06-11 02:59 – Updated: 2025-06-11 13:31
VLAI?
Summary
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSSEC | OSSEC-HIDS Agent |
Affected:
3.8.0
|
Credits
Rilke Petrosky of Pentraze Cybersecurity
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:31:14.027838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:31:20.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "OSSEC-HIDS Agent",
"vendor": "OSSEC",
"versions": [
{
"status": "affected",
"version": "3.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rilke Petrosky of Pentraze Cybersecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent\u0027s key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks."
}
],
"value": "Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent\u0027s key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-644",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-644 Use of Captured Hashes (Pass The Hash)"
}
]
},
{
"capecId": "CAPEC-73",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-73 User-Controlled Filename"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T02:59:06.240Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://pentraze.com/"
},
{
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-1244",
"datePublished": "2025-06-11T02:59:06.240Z",
"dateReserved": "2024-02-06T00:37:58.090Z",
"dateUpdated": "2025-06-11T13:31:20.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1243 (GCVE-0-2024-1243)
Vulnerability from cvelistv5 – Published: 2025-06-11 01:15 – Updated: 2025-06-11 14:25
VLAI?
Summary
Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wazuh | Wazuh Agent |
Affected:
< 4.8.0
|
Credits
Rilke Petrosky of Pentraze Cybersecurity
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1243",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:24:10.821662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:25:37.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Wazuh Agent",
"vendor": "Wazuh",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rilke Petrosky of Pentraze Cybersecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks."
}
],
"value": "Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-644",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-644 Use of Captured Hashes (Pass The Hash)"
}
]
},
{
"capecId": "CAPEC-73",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-73 User-Controlled Filename"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T01:15:13.116Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://pentraze.com/"
},
{
"url": "https://pentraze.com/vulnerability-reports/CVE-2024-1243/"
},
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-1243",
"datePublished": "2025-06-11T01:15:13.116Z",
"dateReserved": "2024-02-06T00:37:55.742Z",
"dateUpdated": "2025-06-11T14:25:37.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9062 (GCVE-0-2024-9062)
Vulnerability from cvelistv5 – Published: 2025-06-10 23:25 – Updated: 2025-06-11 13:41
VLAI?
Summary
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitrary file deletion and file permission changes—to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.
Severity ?
7.8 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Credits
Carlos Garrido of Pentraze Cybersecurity
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:41:01.210655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:41:12.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com.oct4pie.archifyhelper",
"platforms": [
"MacOS"
],
"product": "Archify",
"repo": "https://github.com/Oct4Pie/archify",
"vendor": "Archify",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Carlos Garrido of Pentraze Cybersecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the \"factored applications\" model, delegating privileged operations\u2014such as arbitrary file deletion and file permission changes\u2014to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges."
}
],
"value": "The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the \"factored applications\" model, delegating privileged operations\u2014such as arbitrary file deletion and file permission changes\u2014to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T23:25:30.420Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://pentraze.com/"
},
{
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "macOS Archify: Local Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-9062",
"datePublished": "2025-06-10T23:25:30.420Z",
"dateReserved": "2024-09-20T21:49:17.091Z",
"dateUpdated": "2025-06-11T13:41:12.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1055 (GCVE-0-2025-1055)
Vulnerability from cvelistv5 – Published: 2025-06-10 23:23 – Updated: 2025-06-11 13:48
VLAI?
Summary
A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.
Severity ?
5.6 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| K7 Security | K7 Security Anti-Malware |
Affected:
0 , < 23.0.0.10
(custom)
|
Credits
Carlos Garrido of Pentraze Cybersecurity
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:47:53.999907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:48:09.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "K7RKScan.sys",
"platforms": [
"Windows"
],
"product": "K7 Security Anti-Malware",
"vendor": "K7 Security",
"versions": [
{
"lessThan": "23.0.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Carlos Garrido of Pentraze Cybersecurity"
}
],
"datePublic": "2025-06-10T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the \u003ccode\u003eK7RKScan.sys\u003c/code\u003e driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver\u0027s IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications."
}
],
"value": "A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver\u0027s IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T23:24:09.533Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://pentraze.com/"
},
{
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2025-1055",
"datePublished": "2025-06-10T23:23:19.887Z",
"dateReserved": "2025-02-05T03:32:56.937Z",
"dateUpdated": "2025-06-11T13:48:09.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8270 (GCVE-0-2024-8270)
Vulnerability from cvelistv5 – Published: 2025-06-10 23:22 – Updated: 2025-06-11 13:49
VLAI?
Summary
The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, camera, automation, network client). Since Rocket.Chat was not signed with the Hardened Runtime nor set to enforce Library Validation, it is vulnerable to DYLIB injection attacks, which can lead to unauthorized actions or escalation of permissions. Consequently, an attacker gains capabilities that are not permitted by default under the Sandbox and its application profile.
Severity ?
5.5 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rocket.Chat | Rocket.Chat Desktop |
Affected:
0 , ≤ 4.1.2
(semver)
|
Credits
Carlos Garrido of Pentraze Cybersecurity
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:49:28.144567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:49:40.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"/Applications/Rocket.Chat.app/Contents/MacOS/Rocket.Chat"
],
"packageName": "chat.rocket",
"platforms": [
"MacOS"
],
"product": "Rocket.Chat Desktop",
"repo": "https://github.com/RocketChat/Rocket.Chat.Electron",
"vendor": "Rocket.Chat",
"versions": [
{
"lessThanOrEqual": "4.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Carlos Garrido of Pentraze Cybersecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, camera, automation, network client). Since Rocket.Chat was not signed with the Hardened Runtime nor set to enforce Library Validation, it is vulnerable to DYLIB injection attacks, which can lead to unauthorized actions or escalation of permissions. Consequently, an attacker gains capabilities that are not permitted by default under the Sandbox and its application profile."
}
],
"value": "The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, camera, automation, network client). Since Rocket.Chat was not signed with the Hardened Runtime nor set to enforce Library Validation, it is vulnerable to DYLIB injection attacks, which can lead to unauthorized actions or escalation of permissions. Consequently, an attacker gains capabilities that are not permitted by default under the Sandbox and its application profile."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T23:22:10.307Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://pentraze.com/"
},
{
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "macOS Rocket.Chat: TCC Policy Bypass via Dylib Injection Due to Missing Code Signing Flags and Dangerous Entitlements",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-8270",
"datePublished": "2025-06-10T23:22:10.307Z",
"dateReserved": "2024-08-28T17:36:56.657Z",
"dateUpdated": "2025-06-11T13:49:40.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7457 (GCVE-0-2024-7457)
Vulnerability from cvelistv5 – Published: 2025-06-10 23:19 – Updated: 2025-06-11 13:52
VLAI?
Summary
The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privileged context (root), effectively authorizing itself rather than the client. As a result, it grants the system.preferences.admin right internally, regardless of the requesting client's privileges. This flawed logic allows unprivileged clients to invoke privileged operations via XPC, including unauthorized changes to system-wide network preferences such as SOCKS, HTTP, and HTTPS proxy settings. The absence of proper code-signing checks further enables arbitrary processes to exploit this flaw, leading to man-in-the-middle (MITM) attacks through traffic redirection.
Severity ?
7.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Carlos Garrido of Pentraze Cybersecurity
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:52:10.272705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:52:22.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://stash.ws/",
"defaultStatus": "unaffected",
"packageName": "ws.stash.app.mac.daemon.helper",
"platforms": [
"MacOS"
],
"product": "Stash",
"vendor": "Stash",
"versions": [
{
"lessThanOrEqual": "build 303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Carlos Garrido of Pentraze Cybersecurity"
}
],
"datePublic": "2025-06-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe \u003ccode\u003ews.stash.app.mac.daemon.helper\u003c/code\u003e tool contains a vulnerability caused by an incorrect use of macOS\u2019s authorization model. Instead of validating the client\u0027s authorization reference, the helper invokes \u003ccode\u003eAuthorizationCopyRights()\u003c/code\u003e using its own privileged context (\u003ccode\u003eroot\u003c/code\u003e), effectively authorizing itself rather than the client. As a result, it grants the \u003ccode\u003esystem.preferences.admin\u003c/code\u003e right internally, regardless of the requesting client\u0027s privileges. This flawed logic allows unprivileged clients to invoke privileged operations via XPC, including unauthorized changes to system-wide network preferences such as SOCKS, HTTP, and HTTPS proxy settings. The absence of proper code-signing checks further enables arbitrary processes to exploit this flaw, leading to man-in-the-middle (MITM) attacks through traffic redirection.\n\n\u003c/p\u003e"
}
],
"value": "The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS\u2019s authorization model. Instead of validating the client\u0027s authorization reference, the helper invokes AuthorizationCopyRights() using its own privileged context (root), effectively authorizing itself rather than the client. As a result, it grants the system.preferences.admin right internally, regardless of the requesting client\u0027s privileges. This flawed logic allows unprivileged clients to invoke privileged operations via XPC, including unauthorized changes to system-wide network preferences such as SOCKS, HTTP, and HTTPS proxy settings. The absence of proper code-signing checks further enables arbitrary processes to exploit this flaw, leading to man-in-the-middle (MITM) attacks through traffic redirection."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T23:19:47.186Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://pentraze.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-7457",
"datePublished": "2025-06-10T23:19:47.186Z",
"dateReserved": "2024-08-04T02:47:51.335Z",
"dateUpdated": "2025-06-11T13:52:22.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8272 (GCVE-0-2024-8272)
Vulnerability from cvelistv5 – Published: 2024-11-25 17:52 – Updated: 2024-11-25 18:42
VLAI?
Summary
The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root.
Severity ?
7.8 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Universal Audio | UAConnect |
Affected:
0 , ≤ 2.7.0
(semver)
|
Credits
Carlos Garrido of Pentraze Cybersecurity
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:universal_audio:uaconnect:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "uaconnect",
"vendor": "universal_audio",
"versions": [
{
"lessThanOrEqual": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:40:43.231674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T18:42:00.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.uaudio.com",
"defaultStatus": "unaffected",
"modules": [
"com.uaudio.bsd.helper"
],
"packageName": "UAConnect",
"platforms": [
"MacOS"
],
"product": "UAConnect",
"vendor": "Universal Audio",
"versions": [
{
"lessThanOrEqual": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Carlos Garrido of Pentraze Cybersecurity"
}
],
"datePublic": "2024-11-25T17:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The \u003cb\u003ecom.uaudio.bsd.helper\u003c/b\u003e\u0026nbsp;service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service\u0027s methods and escalate privileges to \u003cb\u003eroot\u003c/b\u003e.\u003cbr\u003e"
}
],
"value": "The com.uaudio.bsd.helper\u00a0service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service\u0027s methods and escalate privileges to root."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:52:14.805Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://pentraze.com/vulnerability-reports"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "macOS Universal Audio (UAConnect) \u003c= 2.7.0 - Local Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-8272",
"datePublished": "2024-11-25T17:52:14.805Z",
"dateReserved": "2024-08-28T17:48:16.683Z",
"dateUpdated": "2024-11-25T18:42:00.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7915 (GCVE-0-2024-7915)
Vulnerability from cvelistv5 – Published: 2024-11-25 17:45 – Updated: 2024-11-25 18:43
VLAI?
Summary
The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extensions, among other actions.
The vulnerable module org.cindori.SenseiHelper can be contacted via XPC. While the module performs client validation, it relies on the client's PID obtained through the public processIdentifier property of the NSXPCConnection class. This approach makes the module susceptible to a PID Reuse Attack, enabling an attacker to impersonate a legitimate client and send crafted XPC messages to invoke arbitrary methods exposed by the HelperProtocol interface.
Severity ?
7.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sensei | Sensei Mac Cleaner |
Affected:
0 , ≤ 1.5.10 (110)
(semver)
|
Credits
Carlos Garrido of Pentraze Cybersecurity
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sensei:sensei_mac_cleaner:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sensei_mac_cleaner",
"vendor": "sensei",
"versions": [
{
"lessThanOrEqual": "2.5.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:42:50.497923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T18:43:52.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cindori.com/sensei",
"defaultStatus": "unaffected",
"modules": [
"org.cindori.SenseiHelper"
],
"packageName": "Sensei Mac Cleaner",
"platforms": [
"MacOS"
],
"product": "Sensei Mac Cleaner",
"vendor": "Sensei",
"versions": [
{
"lessThanOrEqual": "1.5.10 (110)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Carlos Garrido of Pentraze Cybersecurity"
}
],
"datePublic": "2024-11-25T17:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctt\u003e\n\n\u003cdiv\u003e\u003cdiv\u003eThe application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root\u0026nbsp;user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extensions, among other actions.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eThe vulnerable module\u0026nbsp;\u003cb\u003eorg.cindori.SenseiHelper\u003c/b\u003e\u0026nbsp;can be contacted via XPC. While the module performs client validation, it relies on the client\u0027s \u003cb\u003ePID\u003c/b\u003e\u0026nbsp;obtained through the public \u003cb\u003eprocessIdentifier\u003c/b\u003e\u0026nbsp;property of the \u003cb\u003eNSXPCConnection\u003c/b\u003e\u0026nbsp;class. This approach makes the module susceptible to a PID Reuse Attack, enabling an attacker to impersonate a legitimate client and send crafted XPC messages to invoke arbitrary methods exposed by the \u003cb\u003eHelperProtocol\u003c/b\u003e\u0026nbsp;interface.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e\u003c/tt\u003e"
}
],
"value": "The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root\u00a0user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extensions, among other actions.\n\n\nThe vulnerable module\u00a0org.cindori.SenseiHelper\u00a0can be contacted via XPC. While the module performs client validation, it relies on the client\u0027s PID\u00a0obtained through the public processIdentifier\u00a0property of the NSXPCConnection\u00a0class. This approach makes the module susceptible to a PID Reuse Attack, enabling an attacker to impersonate a legitimate client and send crafted XPC messages to invoke arbitrary methods exposed by the HelperProtocol\u00a0interface."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:45:39.978Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://pentraze.com/vulnerability-reports"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-7915",
"datePublished": "2024-11-25T17:45:39.978Z",
"dateReserved": "2024-08-18T02:59:02.835Z",
"dateUpdated": "2024-11-25T18:43:52.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7062 (GCVE-0-2024-7062)
Vulnerability from cvelistv5 – Published: 2024-07-26 11:26 – Updated: 2024-08-01 21:52
VLAI?
Summary
Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations.
Severity ?
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nimble Commander | Nimble Commander |
Affected:
0 , ≤ v1.6.0, Build 4087
(custom)
|
Credits
Carlos Garrido of Pentraze Cybersecurity
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:michaelkazakov:nimble_commander:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nimble_commander",
"vendor": "michaelkazakov",
"versions": [
{
"lessThanOrEqual": "1.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7062",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:36:36.537617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T13:40:37.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:30.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pentraze.com/vulnerability-reports/CVE-2024-7062/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"info.filesmanager.Files.PrivilegedIOHelperV2"
],
"platforms": [
"MacOS"
],
"product": "Nimble Commander",
"programFiles": [
"Source/RoutedIO/source/PrivilegedIOHelper.cpp"
],
"repo": "https://github.com/mikekazakov/nimble-commander",
"vendor": "Nimble Commander",
"versions": [
{
"lessThanOrEqual": "v1.6.0, Build 4087",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Carlos Garrido of Pentraze Cybersecurity"
}
],
"datePublic": "2024-07-24T11:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client\u2019s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client\u2019s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T11:26:31.720Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://pentraze.com/vulnerability-reports/CVE-2024-7062/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation in Nimble Commander \u003c= v1.6.0, Build 4087",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-7062",
"datePublished": "2024-07-26T11:26:31.720Z",
"dateReserved": "2024-07-23T22:18:58.485Z",
"dateUpdated": "2024-08-01T21:52:30.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0916 (GCVE-0-2024-0916)
Vulnerability from cvelistv5 – Published: 2024-04-25 23:02 – Updated: 2024-08-06 18:40
VLAI?
Summary
Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
Severity ?
10 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Webkul Software | UvDesk Community |
Affected:
1.0.0 , ≤ 1.1.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:19.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/uvdesk/core-framework/pull/706"
},
{
"tags": [
"x_transferred"
],
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webkul:uvdesk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uvdesk",
"vendor": "webkul",
"versions": [
{
"lessThanOrEqual": "1.1.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T18:38:04.028039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:40:07.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "UvDesk Community",
"vendor": "Webkul Software",
"versions": [
{
"lessThanOrEqual": "1.1.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-25T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthenticated\u003c/span\u003e\u0026nbsp;file upload allows remote code execution.\u003cbr\u003e\u003cp\u003eThis issue affects UvDesk Community: from 1.0.0 through 1.1.3.\u003c/p\u003e"
}
],
"value": "Unauthenticated\u00a0file upload allows remote code execution.\nThis issue affects UvDesk Community: from 1.0.0 through 1.1.3.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-25T23:02:20.232Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://github.com/uvdesk/core-framework/pull/706"
},
{
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply the patch in this pull request:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/uvdesk/core-framework/pull/706\"\u003ehttps://github.com/uvdesk/core-framework/pull/706\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Apply the patch in this pull request:\n\n https://github.com/uvdesk/core-framework/pull/706 \n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Code Execution in UvDesk Community",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-0916",
"datePublished": "2024-04-25T23:02:20.232Z",
"dateReserved": "2024-01-26T03:47:59.144Z",
"dateUpdated": "2024-08-06T18:40:07.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3120 (GCVE-0-2024-3120)
Vulnerability from cvelistv5 – Published: 2024-04-09 23:55 – Updated: 2025-02-21 17:07
VLAI?
Summary
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.
Severity ?
9 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:irontec:sngrep:1.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sngrep",
"vendor": "irontec",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "1.4.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:09:06.528600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T17:07:41.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "sngrep",
"vendor": "irontec",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "1.4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-09T23:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying \u0027Content-Length\u0027 and \u0027Warning\u0027 headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP\u0026nbsp;messages."
}
],
"value": "A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying \u0027Content-Length\u0027 and \u0027Warning\u0027 headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP\u00a0messages."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T23:55:57.410Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6"
},
{
"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"
},
{
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to sngrep version 1.8.1"
}
],
"value": "Upgrade to sngrep version 1.8.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-Buffer Overflow in \u0027Content-Length\u0027 and \u0027Warning\u0027 Header Processing in sngrep",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-3120",
"datePublished": "2024-04-09T23:55:57.410Z",
"dateReserved": "2024-03-31T17:10:14.906Z",
"dateUpdated": "2025-02-21T17:07:41.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3119 (GCVE-0-2024-3119)
Vulnerability from cvelistv5 – Published: 2024-04-09 23:55 – Updated: 2024-08-08 21:20
VLAI?
Summary
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.
Severity ?
9 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:irontec:sngrep:0.4.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sngrep",
"vendor": "irontec",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0.4.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:23:53.437651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T21:20:41.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "sngrep",
"vendor": "irontec",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0.4.2",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-09T23:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of \u0027Call-ID\u0027 and \u0027X-Call-ID\u0027 SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.\u003cbr\u003e"
}
],
"value": "A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of \u0027Call-ID\u0027 and \u0027X-Call-ID\u0027 SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T23:55:43.501Z",
"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"shortName": "Pentraze"
},
"references": [
{
"url": "https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f"
},
{
"url": "https://github.com/irontec/sngrep/releases/tag/v1.8.1"
},
{
"url": "https://pentraze.com/vulnerability-reports/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to sngrep version 1.8.1"
}
],
"value": "Upgrade to sngrep version 1.8.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-Buffer Overflow in \u0027Call-ID\u0027 and \u0027X-Call-ID\u0027 SIP Header Processing in sngrep",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
"assignerShortName": "Pentraze",
"cveId": "CVE-2024-3119",
"datePublished": "2024-04-09T23:55:43.501Z",
"dateReserved": "2024-03-31T17:10:09.267Z",
"dateUpdated": "2024-08-08T21:20:41.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}