Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062

Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-34062...

CVE-2024-36999

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-35527

An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file...

CVE-2024-33278

ASUS RT-AX88U firmware 3.0.0.4.388_24198 contains a buffer overflow in the connection_state_machine caused by improper length validation of the cookie field, enabling remote arbitrary code execution. Multiple sources corroborate this vulnerability and the affected device. The exploitation status ...

CVE-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...

Security Bulletin: Vulnerabilities in libcurl, cURL and Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in libcurl, cURL and Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to overflow a buffer and execute arbitrary code on the system, to insert cookies at will into a running program, t...

CVE-2024-36598

An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file...

Google Chrome V8 Module Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome V8 module, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2024-5834

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

GHSA-CR7J-RWMV-VGCH Duplicate Advisory: aimeos-core arbitrary file upload vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhc2-23c2-ww7c. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execu...

CVE-2024-36811

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidate is a reservation duplicate of CVE-2024-37295. Notes: All CVE users should reference CVE-2024-37295 instead of this candidate. All references and descriptions in this candidate have been removed t...

CVE-2024-36811

CVE-2024-36811 is a reserved/duplicate entry for CVE-2024-37295. Connected documents describe Aimeos core vulnerability: before 2024.04.5, an administrative user could upload image-like files containing PHP code, leading to remote code execution in the web server context. A fix is released in 202...

Ubuntu: Security Advisory (USN-6814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6810-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file...

aimeos-core arbitrary file uopload vulnerability

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-2359

The CVE concerns parisneo/lollms-webui v9.3. An OS command injection stems from improper neutralization, enabling remote code execution. Affected component: the host/config handling in the runtime; attacker-controlled host via the /update_setting endpoint bypasses the intended protection on /exec...

Ubuntu: Security Advisory (USN-6809-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 11 vulnerabilities (USN-6811-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6811-1 advisory. It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted...

CVE-2024-37273

An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...