ZDI-22-385: Parallels Desktop Service Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code...
ZDI-22-386: Parallels Desktop HDAudio Buffer Overflow Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code...
USN-5292-3: snapd vulnerabilities
USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: James Troup...
Active Exploitation Against Adobe Commerce and Magento Through CVE-2022-24086/CVE-2022-24087
UPDATE February 17: Added reference to CVE-2022-24087, which Adobe disclosed and issues an out-of-band patch for on February 17th, 2022.FortiGuard Labs is aware of reports...
USN-5292-2: snapd vulnerabilities
USN-5292-1 fixed vulnerabilities in snapd. This update provides the corresponding update for the riscv64 architecture. Original advisory details: James Troup discovered that snap did not...
USN-5295-1: Linux kernel (HWE) vulnerabilities
It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause...
DSA-5080 snapd – security update
Multiple vulnerabilties were discovered in snapd, a daemon and tooling that enable Snap packages, which could result in bypass of access restrictions or privilege escalation....
DSA-5081 redis – security update
Reginaldo Silva discovered a (Debian-specific) Lua sandbox escape in Redis, a persistent key-value database. Read More
DSA-5082 php7.4 – security update
Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service....
CVE-2014-8597
A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the...
