The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).
A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
A java unsafe reflection and a Server Side Request Forgery vulnerabilities present in ProxygenController class of VMware vCenter Server Virtual SAN Health Check plugin allows remote attackers to execute commands in the context of the vsphere-ui user account.
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Hard-coded credentials for the diagnostics user can be used to authenticate in the UCMDB component.
Then a java deserialization vulnerability present in several endpoints of the UCMDB service can be used to execute OS commands.
Then a java deserialization vulnerability present in several endpoints of the UCMDB service can be used to execute OS commands.
A vulnerability in the admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
An improvement in the heap feng shui in order to add more stability and support for more versions.
Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
Unauthenticated file upload vulnerability via uploadova plugin in VMware vCenter Server to upload and extract a TAR file.
The TAR file contains a path traversal that allows writing files at arbitraries locations.
The TAR file contains a path traversal that allows writing files at arbitraries locations.
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.