Grisha Levit

**Name of the Vulnerable Software and Affected Versions** Parallels Desktop (affected versions not specified) **Description** The issue is related to improper initialization of environment variables within the Parallels Service, allowing local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this flaw. The vulnerability enables an attacker to leverage this issue and execute arbitrary code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sudo (affected versions not specified) Red Hat Enterprise Linux (affected versions not specified) **Description** A flaw was discovered in the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations, where the value of `INPUTRC` is preserved. This could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could exploit this flaw to read content from specially formatted files with elevated privileges provided by sudo. **Recommendations** For sudo, consider restricting access to the `INPUTRC` variable until a patch is available. For Red Hat Enterprise Linux, at the moment, there is no information about a newer version that contains a fix for this issue.