The vulnerability allows to an unauthenticated attacker to register as an administrator and take full control of the website. The problem occurs with the plugin registration form. In this form it's possible to change certain values for the account to be registered. This includes the "wp_capabilities" value, which determines the user's role on the website.

An improper privilege management vulnerability in IBM Performance Tools for i allows authenticated local attackers with command line access to gain all object access to the host operating system. The vulnerability can be exploited by abusing the QPFR/QAVCPP program.

The vulnerability is a pointer override that is reached by calling DeviceIoControl within IRP_MJ_DEVICE_CONTROL and called using the IOCTL 0x80002018.

A dll hijacking allows to inject DLLs into some privileged processes that contain an embedded manifest file with the tags level="asInvoker" and uiAccess="true". This allows to an user in administrator group to elevate from Medium to High integrity level

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

A vulnerability exists in the file history service, which runs as system, and can be exploited to elevate from ordinary users to system privileges. This update adds the ability for the user to select the folder to write to.

A java deserialization vulnerability and a blind XXE vulnerability allows unauthenticated remote attackers to execute system commands in Zoho ManageEngine ADAudit Plus.



This update fixes the module attack logic when launched in webapps RPT.

An improper privilege management in the AMD Radeon Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.

This module exploits a deserialization vulnerability in Oracle WebLogic Server that allows for remote code execution. An unauthenticated attacker with network access to the Oracle WebLogic Server T3 interface can send a serialized object to execute code on vulnerable hosts.

A path traversal vulnerability in SysAid on-prem allows unauthenticated remote attackers to upload arbitrary files to the system. This allows the upload of a malicious WAR file to the web server's root directory leading to the execution of OS system commands.