UBUNTU-CVE-2024-47745

In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check. And if the process has called personalityREADIMPLIESEXEC before and...

CVE-2024-48659

DCME-320-L firmware versions prior to 9.3.2.114 are affected. The vulnerability lies in the log_u_umount.php component, allowing a remote attacker to execute arbitrary code. Impact is remote code execution with high confidentiality, integrity, and availability consequences. Exploitation details a...

MariaDB Code Injection Vulnerability

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A code injection vulnerability exists in MariaDB version 10.5, which stems from insecure privileges in the sysexec function and can be exploited by...

CVE-2024-27766

Disputed A flaw was found in MariaDB. This flaw allows a remote attacker to use a specially crafted payload to execute arbitrary commands in certain configurations. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

CVE-2024-10079

The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajaximportcontent' function. This allows authenticated attackers, with subscriber-level permissions an...

Synology Router Manager (SRM) 1.3.x Multiple Vulnerabilities (Synology-SA-24:16) - Unreliable Remote Version Check

Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-48957

...

CVE-2024-48630

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

Malicious code in direct_access_theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e064b0aa00efc879c6095cc571b4d1359ef3cd9c13e1f02b5497c78d364fabef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

jQuery UI 安全漏洞

jQuery UI is a jQuery open source set of carefully curated user interface interactions, effects, widgets and themes built on jQuery. A security vulnerability exists in jQuery UI version v.1.13.1, which stems from the presence of a cross-site scripting vulnerability that allows remote attackers to...

CVE-2024-27766

CVE-2024-27766 describes an issue in MariaDB 11.1 where a remote attacker may execute arbitrary code via the lib_mysqludf_sys.so function. Multiple connected sources confirm remote code execution potential, but note that the MariaDB Foundation disputes the severity/privilege boundary claim, stati...

KLA74117 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Parce...

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2024-48957: Fixed out-of-bounds access in executefilteraudio in archivereadsupportformatrar.c bsc1231544. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

CVE-2024-20459

The CVE-2024-20459 entry applies to Cisco ATA 190 Multiplatform Series analog telephone adapters. The issue stems from a lack of input sanitization in the web-based management interface, enabling an authenticated, high-privilege attacker to execute arbitrary commands on the underlying OS as root ...

CVE-2024-22033 obs-service-download_url is vulnerable to argument injection

The OBS service obs-service-downloadurl was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps...

CVE-2024-22033

CVE-2024-22033 affects the OBS service obs-service-download_url. The flaw is a command injection vulnerability where a configuration passed to the service can lead to command execution in subsequent steps. Public references confirm this impact and the vulnerable component is the obs-service-downl...

CVE-2024-22033 obs-service-download_url is vulnerable to argument injection

The OBS service obs-service-downloadurl was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps...

CVE-2023-32193 Norman API Cross-site Scripting Vulnerability

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...

openSUSE Leap 操作系统命令注入漏洞

openSUSE Leap is a new openSUSE build and a new hybrid Linux distribution from SUSE Germany. An operating system command injection vulnerability exists in openSUSE Leap that stems from the presence of command injection, where an attacker can provide configuration to a service to allow execution o...

CVE-2024-45274

An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication...