Parallels Access Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the...

Debian: Security Advisory (DLA-3061-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Algo 8028 Control Panel - Remote Code Execution (Authenticated) Exploit

Exploit Title: Algo 8028 Control Panel - Remote Code Execution RCE Authenticated Google Dork: intitle:"Algo 8028 Control Panel" Shodan: title:"Algo 8028 Control Panel" Exploit Author: Filip Carlsson Vendor Homepage: https://www.algosolutions.com/ Software Link:...

NVIDIA Data Center GPU Manager Remote Memory Corruption Exploit

NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopback interface, but can also listen on the network for requests coming in on port 5555 remote mgmt. A native client named DCGMI allows users to make...

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

Checkmk < 1.6.0p29, 2.0.x < 2.0.0p25 Privilege Escalation Vulnerability

Checkmk is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'...

Privilege escalation

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'...

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'...

Hardcoded credentials

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample...

Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3...

GHSA-GX69-6CP4-HXRJ RubyGems Link Following vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

D-Link DIR-816 A2 Command Injection Vulnerability (CNVD-2022-45933)

D-Link DIR-816 A2 is a wireless router from D-Link, Taiwan, China.A command injection vulnerability exists in D-Link DIR-816 A2, which stems from the failure to properly filter the admuser and admpass parameters in /goform/setSysAdm to construct command special characters, commands, etc. The...

CVE-2022-1537

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2022-1614)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-29943

Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity XXE processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201...

CVE-2021-45840

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending specifically crafted input to /tos/index.php?app/appstartstop...

Cisco IOS XE Elevation of Privilege Vulnerability (CNVD-2022-55149)

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices.Cisco IOS XE has an elevation of privilege vulnerability that can be exploited by attackers to execute arbitrary commands as root...

Privilege escalation

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'...

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'...