CVE-2024-52976

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-829
View all →

Vulnerability Description

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations.

Related Vulnerabilities

CVE-2022-31156

MEDIUM
CVSS:4.4(Medium)

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptograph...

CWE-8292022

CVE-2019-4263

MEDIUM
CVSS:4.3(Medium)

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.

CWE-8292019

CVE-2020-13977

MEDIUM
CVSS:4.9(Medium)

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of th...

CWE-8292020

CVE-2019-16951

MEDIUM
CVSS:5.3(Medium)

A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST ...

CWE-8292019

CVE-2021-29777

MEDIUM
CVSS:5.3(Medium)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could a...

CWE-8292021

CVE-2022-24329

MEDIUM
CVSS:5.3(Medium)

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

CWE-8292022