Unauthenticated OS Command Injection in evictPublishedSupportBundles function of ScriptUtils class of VMWare Aria Operations for Networks (aka vRealize Network Insight)
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. This module exploits this in order to achieve LPE.
A java deserialization vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Logs in the context of the root user account.
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
Vulnerability in Oracle WebLogic Server (component: Core).
The vulnerability can be exploited through the T3/IIOP protocol network, which transfers information between WebLogic servers and other Java programs.
This vulnerability found in Oracle WebLogic Server can lead to remote code execution.
The vulnerability can be exploited through the T3/IIOP protocol network, which transfers information between WebLogic servers and other Java programs.
This vulnerability found in Oracle WebLogic Server can lead to remote code execution.
This module exploits an OS command injection vulnerability present in the validateClaimRuleCondition function of ClaimTransformationHelper class of VMware Workspace ONE Access.
This module exploits an information disclosure vulnerability, a remote file download vulnerability and a directory traversal vulnerability in VMware vRealize Log Insight to deploy an agent with root privileges.
A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.
A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.