1849 matches found
X.Org Server ProcXIChangeProperty Numeric Truncation Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling...
Enlightenment 0.25.3 Privilege Escalation
Title: Enlightenment Version: 0.25.3 LPE Author: nu11secur1ty Date: 12.26.2022 Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 Description: The Enlightenment Version: 0.25.3 is...
PT-2022-6583 · D Link · D-Link Dir-2640
Name of the Vulnerable Software and Affected Versions: D-Link DIR-2640 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this issu...
SentinelOne sentinelagent 22.3.2.5 Privilege Escalation Vulnerability
SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep. Exploit Title: SentinelOne sentinelagent linux root Privilege Escalation zero day vulnerability Exploit Author: ouchthishurts Vendor...
VMware vCenter vScalation Priv Esc
This module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This module was...
CVE-2022-36786 DLINK - DSL-224 Post-auth RCE.
DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers Network Time Protocol via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router...
CVE-2022-45461
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...
GSD-2022-1007675 nilfs2: fix use-after-free bug of struct nilfs_root
nilfs2: fix use-after-free bug of struct nilfsroot This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.331 by commit...
CVE-2022-31253
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior ...
Design/Logic Flaw
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior ...
D-Link DIR-1935 SetIPv4FirewallSettings IPv4FirewallRule Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...
CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'...
Privilege escalation
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'...
CVE-2022-41578
The CVE-2022-41578 issue concerns Huawei HarmonyOS: the MPTCP module contains an out-of-bounds write/read vulnerability in the MPTCP component, with the described impact being root privilege escalation by modifying program information. Exploitation status is not detailed in the provided records; ...
pfSense plugin pfBlockerNG unauthenticated RCE as root
pfBlockerNG is a popular pfSense plugin that is not installed by default. It's generally used to block inbound connections from whole countries or IP ranges. Versions 2.1.426 and below are affected by an unauthenticated RCE vulnerability that results in root access. Note that version 3.x is...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
PT-2022-26517 · Hashicorp · Hashicorp Packer +1
Name of the Vulnerable Software and Affected Versions: Hashicorp Packer versions prior to 2.3.1 Description: An issue was discovered in the recommended sudoers configuration for Vagrant on Linux, which is insecure. Non-privileged users on the host can leverage a wildcard in the sudoers...
Debian: Security Advisory (DSA-5233-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5233-1] e17 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5233-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 21, 2022 https://www.debian.org/security/faq -...
kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nftablesapi.c. This flaw allows a local attacker with user access to cause a privilege escalation issue...