#LocalPrivilegeEscalation

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

August 9, 2024 by Xynik

August 9, 2024 at 02:51PM Microsoft disclosed medium-severity security flaws in OpenVPN, enabling attackers to achieve remote code execution and local privilege escalation. The vulnerabilities, affecting versions prior to 2.6.10 and 2.5.10, can lead to data breaches and system compromise. Exploitation requires user authentication and advanced understanding of OpenVPN’s inner workings. Vulnerabilities can be exploited … Read more

VMware fixes critical vCenter RCE vulnerability, patch now

June 18, 2024 by Xynik

June 18, 2024 at 02:11PM VMware has issued a security advisory for critical vulnerabilities in vCenter Server, impacting versions 7.0 and 8.0, and Cloud Foundation versions 4.x and 5.x. The vulnerabilities include remote code execution and local privilege escalation flaws. The vendor has released fixes for the vulnerabilities and advises applying updates promptly to mitigate … Read more

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

March 29, 2024 by Xynik

March 29, 2024 at 07:09AM A vulnerability in the “wall” command of the util-linux package, tracked as CVE-2024-28085, allows unprivileged users to manipulate other users’ terminals on certain Linux distributions. This could lead to password leaks or clipboard alteration. Users are advised to update to util-linux version 2.40 to address this issue. Another vulnerability, CVE-2024-1086, … Read more