CVE-2024-36598

An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file...

Google Chrome V8 Module Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome V8 module, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2024-5834

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

GHSA-CR7J-RWMV-VGCH Duplicate Advisory: aimeos-core arbitrary file upload vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhc2-23c2-ww7c. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execu...

CVE-2024-36811

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidate is a reservation duplicate of CVE-2024-37295. Notes: All CVE users should reference CVE-2024-37295 instead of this candidate. All references and descriptions in this candidate have been removed t...

aimeos-core arbitrary file uopload vulnerability

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file...

Ubuntu: Security Advisory (USN-6810-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-36811

CVE-2024-36811 is a reserved/duplicate entry for CVE-2024-37295. Connected documents describe Aimeos core vulnerability: before 2024.04.5, an administrative user could upload image-like files containing PHP code, leading to remote code execution in the web server context. A fix is released in 202...

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-2359

The CVE concerns parisneo/lollms-webui v9.3. An OS command injection stems from improper neutralization, enabling remote code execution. Affected component: the host/config handling in the runtime; attacker-controlled host via the /update_setting endpoint bypasses the intended protection on /exec...

Ubuntu: Security Advisory (USN-6809-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 11 vulnerabilities (USN-6811-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6811-1 advisory. It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted...

CVE-2024-37273

An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-20878

Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code...

CVE-2024-20878

Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code...

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : libarchive vulnerability (USN-6805-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6805-1 advisory. It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrar...

RHEL 7 : libreoffice (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libreoffice: heap-based buffer overflow related to the ReadJPEG function CVE-2017-8358 - LibreOffice befo...

RHEL 5 : mingw-virt-viewer (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap buffer overflow in FLIC decoder CVE-2016-9636 - The qtdemuxtagaddstrfull...

RHEL 8 : jbossweb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 Note that Nessus has not...