Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9583)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9583 advisory. - floppy: use a statically allocated error counter Willy Tarreau Orabug: 34218640 CVE-2022-1652 Tenable has extracted the preceding description block directly...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Guava, Red Hat Single Sign-On, Springfox and Spring Security could allow a remote attacker to bypass security restrictions...

Arbitrary File Upload

snipe/snipe-it is vulnerable to arbitrary file upload. The vulnerability exists in the store function in AcceptanceController.php due to improper validation of the update branding settings component, allowing an attacker to inject and execute arbitrary code through a maliciously crafted file...

Docebo Community Edition Arbitrary File Upload (CVE-2022-31362)

An arbitrary file upload vulnerability exists in Docebo Community Edition. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1988)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible...

EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1958)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible...

CVE-2022-32060

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

Security Bulletin: IBM QRadar Network Security is affected by vulnerability in rpm. (CVE-2021-20271)

Summary IBM QRadar Network Security has addressed vulnerability in rpm library. the issue could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-20271 DESCRIPTION: RPM could allow a remote attacker to execute arbitrary code on the system, caus...

CVE-2022-32413

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32413

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32413

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...

Adobe Bridge out-of-bounds write vulnerability (CNVD-2022-50226)

Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...

Autodesk AutoCAD Resource Management Error Vulnerability

Autodesk AutoCAD is a professional 3D drawing software from Autodesk, Inc. Autodesk AutoCAD versions 2022, 2021, 2020 and 2019 have a security vulnerability that could be exploited by attackers to execute arbitrary code...

Ubuntu: Security Advisory (USN-5487-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Privilege escalation

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file...

USN-5487-1: Apache HTTP Server vulnerabilities

It was discovered that Apache HTTP Server modproxyajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-26377 It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker...

Adobe InCopy out-of-bounds write vulnerability (CNVD-2022-48784)

Adobe InCopy is a text editing software for authoring from Adobe U.S.A. An out-of-bounds write vulnerability exists in Adobe InCopy. An attacker could use this vulnerability to execute arbitrary code in the context of the current user...