How severe is CVE-2024-35179?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-35179?

This is classified as CWE-271, which is a common weakness in software security.

CVE-2024-35179

MEDIUM Year: 2024

CVSS v3 Score

6.8

Medium

Weakness Type

CWE-271

View all →

Vulnerability Description

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who handed out admin credentials to the mail server but expect these to only grant access according to the `RUN_AS_USER` and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. Version 0.8.0 contains a patch for the issue.

CVE-2022-3569

HIGH

CVSS:7.8(High)

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively c...

CWE-2712022

CVE-2025-23395

HIGH

CVSS:7.8(High)

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root...

CWE-2712025

CVE-2024-0985

HIGH

CVSS:8.0(High)

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions ...

CWE-2712024

CVE-2020-35513

MEDIUM

CVSS:4.9(Medium)

A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if bo...

CWE-2712020

CVE-2023-22648

HIGH

CVSS:8.8(High)

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to ...

CWE-2712023

CVE-2024-0985

HIGH

CVSS:8.0(High)

CWE-2712024

CVE-2024-35179

Vulnerability Description

Related Vulnerabilities

CVE-2022-3569

CVE-2025-23395

CVE-2024-0985

CVE-2020-35513

CVE-2023-22648

CVE-2024-0985