The issue, classified as a race condition flaw that could be exploited by an attacker to access the guest virtual machine to escalate privileges.
RDP is a protocol on Windows Operating systems that allows remote access and control of the Windows Operating System. This protocol is usually used by systems administrators to control computers running windows operating systems remotely. While the SMB protocol is commonly used by servers to communicate with computers on a domain and also used by computers to share files, printers and so on, on a network.
The vulnerabilities found in the DIR-865L model of D-Link routers increases the likelihood of a malicious attack to run arbitrary commands that could lead to a denial of service attack, sniff web traffic and use the session information to gain access to password-protected portions of the website without knowing the password, and conduct the CSRF attacks.
The following are the listed vulnerabilities that has been discovered in the D-LINK home routers.
Multiple security vulnerabilities in VMware ESXi, Workstation, Fusion, VMRC and Horizon Client were privately reported to VMware. VMware Fusion, VMRC, ESXi, and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOC/TOU) bug that still makes it possible for an attacker with low permissions to execute arbitrary code with root privileges. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.3.
The vulnerabilities found in the multiple adobe products affects versions 20.1 and earlier version of adobe classics, 13.0.6 and earlier versions of the Adobe Audition, 1.5.12 and earlier versions of the adobe premiere rush, 14.2 and earlier versions of adobe premiere pro, 24.1.2 and earlier versions of adobe illustrator, and 171 and earlier versions of adobe after effects.
The vulnerabilities allow an attacker who can connect to the "request server" port to bypass all authentication and authorization controls and publish arbitrary control messages, read and write files anywhere on the "master" server filesystem and steal the secret key used to authenticate to the master as root. The impact is full remote command execution as root on both the master and all minions that connect to it. The vulnerabilities are of two different classes. One being authentication bypass where functionality was unintentionally exposed to unauthenticated network clients, the other being directory traversal where untrusted input (i.e. parameters in network requests) was not sanitized correctly allowing unconstrained access to the entire filesystem of the master server.
