CVE-2024-27730

Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature...

Ubuntu: Security Advisory (USN-6961-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : BusyBox vulnerabilities (USN-6961-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6961-1 advisory. It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or...

CVE-2024-42737

The CVE-2024-42737 vulnerability affects TOTOLINK X5000r (version 9.1.0cu.2350_b20230313) where the CGI endpoint /cgi-bin/cstecgi.cgi contains an OS command injection in the delBlacklist function. An attacker can send a malicious packet to execute arbitrary commands on the affected device. The is...

CVE-2024-40500

Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component...

CVE-2024-41577

CVE-2024-41577 affects productinfoquick v1.0 via the Ueditor component. The vulnerability is an arbitrary file upload that allows code execution when uploading a crafted PNG. Public documentation from multiple feeds confirms the affected software/component: productinfoquick v1.0, Ueditor, and the...

CVE-2024-20450

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges...

CVE-2024-34612

Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code...

CVE-2024-34614

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code...

KLA71396 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in V8 can be exploited to cause denial of service...

CVE-2024-40498

SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php...

USN-6932-1: OpenJDK 21 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 21 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...

PaperCut NG pc-web-print Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the pc-web-print...

Ubuntu: Security Advisory (USN-6929-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2024-38986

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

CVE-2024-38983

CVE-2024-38983 affects the JavaScript library mini-deep-assign v0.0.8, where the prototype pollution arises from the internal _assign() at /lib/index.js:91. This enables an attacker to execute arbitrary code or cause a Denial of Service (DoS) and other impacts as described in multiple connected s...

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2024-41304

The CVE-2024-41304 entry refers to WonderCMS v3.4.3 and reports an arbitrary file upload vulnerability in the uploadFileAction() function. A crafted SVG file can lead to arbitrary code execution on affected installations. Connected sources consistently describe the same issue without detailing ex...

CVE-2023-42959

A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges...