Apache OFBiz - Improper Authorization & Remote Code Execution

Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

CVE-2026-35477

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

CVE-2024-38856

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

CVE-2024-38856 Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

CVE-2024-38856 Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

CVE-2024-38856

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

Rocky Linux 8 : shim (RLSA-2021:1734)

The remote Rocky Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2021:1734 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

Rocky Linux 8 : fwupd (RLSA-2021:2566)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2566 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

AlmaLinux 8 : grub2 (ALSA-2021:0696)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:0696 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

EulerOS Virtualization 3.0.2.6 : grub2 (EulerOS-SA-2021-2868)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot i...

NewStart CGSL CORE 5.04 / MAIN 5.04 : grub2 Multiple Vulnerabilities (NS-SA-2021-0097)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This fla...

NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2021-0133)

The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an...

EulerOS Virtualization 3.0.2.2 : grub2 (EulerOS-SA-2021-2126)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any...

SUSE SLES11 Security Update : grub2 (SUSE-SU-2021:14659-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14659-1 advisory. - The grubext2readblock function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote...

EulerOS 2.0 SP5 : grub2 (EulerOS-SA-2021-1900)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and...

Oracle Linux 8 : grub2 (ELSA-2021-0696)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0696 advisory. - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 Tenable has extracted the preceding description block directly from the Oracle Linux...

Buffer overflow

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317...

Google Chrome Multiple Unspecified Vulnerabilities - July 10

The host isnstalled with Google Chrome and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultunspecifiedvulnjul10.nasl 5394 2017-02-22 09:22:42Z teissa $ Google Chrome Multiple Unspcified Vulnerabilities - July 10 Authors: Madhuri D Copyright:...

Google Fixes Critical Vulns In Chrome 5 Update

Google has released version 5.0.375.125 of Chrome, a security update that addresses three “high” risk vulnerabilities in its WebKit-based browser. According to the developers, two of the high risk issues could lead to memory corruption while SVG handling or rendering code. Read the full article...