EulerOS 2.0 SP5 : docker (EulerOS-SA-2022-2265)

According to the versions of the docker package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2240)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...

CVE-2022-36306

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still...

PT-2022-4406 · Mcafee · Mcafee Security Scan Plus

Name of the Vulnerable Software and Affected Versions: McAfee Security Scan Plus versions prior to 4.1.262.1 Description: The issue is related to improper privilege management, which could allow a local user to modify a configuration file. This modification can lead to a Living off the Land LOLBi...

Zimbra zmslapd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...

Zimbra zmslapd Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which...

NVIDIA Linux GPU Display Driver (Aug 2022)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities: - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause...

CVE-2022-37030

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...

Code injection

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...

CVE-2022-37030

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...

CVE-2022-37030

CVE-2022-37030 affects Grommunio Gromox: versions 0.5 through 1.x before 1.28. The issue is weak permissions on the PAM module’s configuration file, enabling a local unprivileged user in the gromox group to cause the PAM stack to execute arbitrary code when loading the module. Impact is local cod...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : NVIDIA graphics drivers vulnerabilities (USN-5547-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5547-1 advisory. Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user coul...

CVE-2022-31608

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data...

WordPress plugin Project Source Code Download 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2021-22648

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file...

CVE-2021-22648 Ovarro TBox Incorrect Permission Assignment for Critical Resource

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file...

Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted

HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file jenkins.plugins.httprequest.HttpRequest.xml on the Jenkins controller as part of its configuration when using deprecated Basic/Digest Authentication. These passwords can be viewed by...

PT-2022-9261 · Ovarro · Ovarro Tbox

Name of the Vulnerable Software and Affected Versions: Ovarro TBox affected versions not specified Description: The issue allows attackers to read, alter, or delete the configuration file through Ovarro TBox proprietary Modbus file access functions. Recommendations: At the moment, there is no...

CVE-2022-36901

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...