JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by IBM DB2 Web Query for IBM i, allows unauthenticated attackers to execute system commands.
Atlassian Questions for Confluence creates a Confluence user account with the username disabledsystemuser.
The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default
A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to.
The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default
A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to.
A server side request forgery present in getKeyInfoData function of oracle.security.xmlsec.keys.RetrievalMethod and a deserialization vulnerability present in the ADF Faces framework allows a unauthenticated attacker with network access via HTTP to execute system commands.
Microsoft Windows could allow a remote attacker to execute arbitrary code or BSOD the system, caused by a design flaw in the Network File System component.
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
A vulnerability was discovered in RealVNC VNC Server installations on Windows when running MSI repair, which can lead to a local user privilege escalation.
The bpf verifier(kernel/bpf/verifier.c) did not properly restrict several *_OR_NULL pointer types which allows these types to do pointer arithmetic. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter "kernel.unprivileged_bpf_disabled=1" prevents such privilege escalation by restricting access to bpf(2) call.
An OGNL injection vulnerability present in ActionChainResult class of xwork jar file would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
This module exploits a vulnerability in Microsoft MSDT, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to open a malicious document.