Apache HTTP Server Privilege Escalation Vulnerability (Mar 2012) - Linux

Apache HTTP Server is prone to a privilege escalation vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Path traversal

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

CVE-2021-31359

A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon jdhcpd process to crash, resulting in a Denial of Service DoS, or execute arbitrary commands as root. Continued processing of malicious...

CVE-2021-31350 Junos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Toolkit (JET)

An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit JET API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2569)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-20122

The Telus Wi-Fi Hub PRV65B444A-S-TS with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass...

Command injection

The Telus Wi-Fi Hub PRV65B444A-S-TS with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass...

CVE-2021-20122

The Telus Wi-Fi Hub PRV65B444A-S-TS with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass...

Privilege escalation

VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root...

CVE-2021-42109

CVE-2021-42109 affects VITEC Exterity IPTV products; the issue allows privilege escalation to root on affected devices (through 2021-04-30). Connected sources reference a zero-day context and describe Exterity’s IPTV stack (AvediaPlayer/Server/Stream with embedded Linux/BusyBox) but do not provid...

Command injection

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

CVE-2021-25467

Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library...

CVE-2021-22015

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance...

Privilege escalation

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance...

ManageEngine OpManager SumPDU Java Deserialization

An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote attacker to execute OS commands in the context of the OpManager application NT AUTHORITY\SYSTEM on Windows ...

CVE-2021-38648

Open Management Infrastructure Elevation of Privilege Vulnerability Recent assessments: zeroSteiner at October 27, 2021 5:59pm UTC reported: A locally exploitable vulnerability exists within Microsoft’s OMI management server in versions prior to 1.6.8-1 that can allow a local attacker to execute...

EulerOS 2.0 SP2 : cups (EulerOS-SA-2021-2363)

According to the version of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE...

CVE-2021-21996

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and sourcehash URLs can gain full file system access as root on a salt minion...

GHSA-JQQR-C2R2-9CVR Improper Certificate Validation in security-framework

If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...