Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.3)

The version of AOS installed on the remote host is prior to 5.11.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.11.3 advisory. - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.2.1)

The version of AOS installed on the remote host is prior to 5.11.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.11.2.1 advisory. - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.6)

The version of AOS installed on the remote host is prior to 5.15.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.6 advisory. - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.2)

The version of AOS installed on the remote host is prior to 5.19.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.2 advisory. - Perl before 5.30.3 has an integer overflow related to mishandling of a PLregkindOPn == NOTHING situation. A crafted regular...

Zimbra zmslapd arbitrary module load

This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes...

Ubuntu: Security Advisory (USN-4705-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-28-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3968-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4263-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. Rapid7...

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...

Design/Logic Flaw

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...

CVE-2022-37393

CVE-2022-37393: Zimbra’s sudo configuration allows the zimbra user to run the zmslapd binary as root with arbitrary parameters. zmslapd can load a user-defined configuration file that may include plugins (.so) executed as root, enabling local privilege escalation. The available connected document...

PT-2022-4416 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite affected versions not specified Description: The issue is related to the sudo configuration in Zimbra, which allows the zimbra user to execute the zmslapd binary as root with arbitrary parameters. The zmslapd binary...

Zimbra 安全漏洞

Zimbra is an open source email collaboration platform from Zimbra, Inc. in the United States. Zimbra suffers from a security vulnerability that stems from its sudo configuration that allows a user to execute zmslapd binaries as the root user with arbitrary parameters. As part of its intended...

Zimbra zmslapd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...

Zimbra zmslapd Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which...

VMware Workspace ONE Access Privilege Escalation Exploit

VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a...

VMware Workspace One Access 权限许可和访问控制问题漏洞

VMware Workspace One Access is a centralized management console from VMware, Inc. that allows you to manage users and groups, set and manage authentication and access policies, as well as add resources to a directory and manage permissions for those resources. A vulnerability exists in VMware...