An elevation of privilege vulnerability exists due to the MS KS Server kernel module allow accessing memory out of bounds. The vulnerability could allow an attacker to run code with elevated privileges.
An improper authorization vulnerability in Atlassian Confluence allows unauthenticated remote attackers to restore the database of the instance. This allows the creation of unauthorized administrator accounts and the later installation of malicious plugins that allow the execution of OS system commands.
An improper authorization vulnerability in Atlassian Confluence allows unauthenticated remote attackers to restore the database of the instance. This allows the creation of unauthorized administrator accounts and the later installation of malicious plugins that allow the execution of OS system commands.
An AJP request smuggling present in F5 BIG-IP Traffic Management User Interface (TMUI) allows unauthenticated remote attackers to create an administrative user and execute OS systems commands in the context of the root user.
An encoding bypass in the webui_wsma_https endpoint in Cisco IOS XE allows unauthenticated remote attackers to execute commands and configure the system through SOAP requests via the Web Service Management Agent (WMSA). This can be abused to create unauthorized local administrator accounts (user with privilege level 15) and log in with normal user access.
A Java deserialization vulnerability is Apache ActiveMQ allows unauthenticated remote attackers to execute system commands via OpenWire protocol.
A broken access control vulnerability in Atlassian Confluence allows unauthenticated remote attackers to create unauthorized Confluence administrator accounts and access Confluence instances. This allows to execute system commands by installing a malicious Servlet plugin JAR file.
This update adds the CVE-2023-21554 to the vulnerabilities exploited by the module. Also Windows Server 2019 was added to supported systems.
An elevation of privilege vulnerability exists due to the MS KS Server kernel module allow mapping arbitrary memory addresses to user mode. The vulnerability could allow an attacker to run code with elevated privileges.
A broken access control vulnerability in Atlassian Confluence allows unauthenticated remote attackers to create unauthorized Confluence administrator accounts and access Confluence instances.