This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Daily Archives: July 1, 2022
ZDI-22-947: Parallels Access Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
ZDI-22-948: Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
USN-5499-1: curl vulnerabilities
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB
messages. An attacker could possibly use this to perform a
machine-in-the-middle attack. (CVE-2022-32208)
golang-1.17.10-1.el7
FEDORA-EPEL-2022-453673a4ea
Packages in this update:
golang-1.17.10-1.el7
Update description:
Update to 1.17.10, Security fix for CVE-2022-24921, CVE-2022-28327, CVE-2022-24675, and CVE-2022-29526