CVE-2022-34873

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Ubuntu: Security Advisory (USN-5517-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-6W2F-6WQ3-RJVF RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2022-32065

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file...

The vulnerability of the FFmpeg multimedia library in the Debian GNU/Linux operating system allows a perpetrator to trigger an octath in service or execute arbitrary code.

The vulnerability of the FFmpeg multimedia library in the Debian GNU/Linux operating system is related to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to trigger an octath in the service or execute arbitrary code...

USN-5510-2: X.Org X Server vulnerabilities

USN-5510-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash,...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9583)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9583 advisory. - floppy: use a statically allocated error counter Willy Tarreau Orabug: 34218640 CVE-2022-1652 Tenable has extracted the preceding description block directly...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Guava, Red Hat Single Sign-On, Springfox and Spring Security could allow a remote attacker to bypass security restrictions...

Arbitrary File Upload

snipe/snipe-it is vulnerable to arbitrary file upload. The vulnerability exists in the store function in AcceptanceController.php due to improper validation of the update branding settings component, allowing an attacker to inject and execute arbitrary code through a maliciously crafted file...

Docebo Community Edition Arbitrary File Upload (CVE-2022-31362)

An arbitrary file upload vulnerability exists in Docebo Community Edition. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1988)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible...

EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1958)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible...

CVE-2022-32060

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

Security Bulletin: IBM QRadar Network Security is affected by vulnerability in rpm. (CVE-2021-20271)

Summary IBM QRadar Network Security has addressed vulnerability in rpm library. the issue could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-20271 DESCRIPTION: RPM could allow a remote attacker to execute arbitrary code on the system, caus...

CVE-2022-32413

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32413

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...