SUSE CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

CVE-2024-27177 Remote Code Execution

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower th...

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

Nextcloud Security Breach

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A security vulnerability exists in Nextcloud Desktop Client versions prior to 3.12.0, which...

Autodesk AutoCAD SLDPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

USN-6819-3: Linux kernel (OEM) vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6819-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

USN-6819-2: Linux kernel vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

AnythingLLM Operating System Command Injection Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from an operating system command injection vulnerability that stems from improper handling of environment variables, leading to remote code execution...

GO-2024-2650 Golang SDK for Vela Insecure Variable Substitution in github.com/go-vela/sdk-go

Golang SDK for Vela Insecure Variable Substitution in github.com/go-vela/sdk-go...

GO-2024-2647 CLI for Vela Insecure Variable Substitution in github.com/go-vela/cli

CLI for Vela Insecure Variable Substitution in github.com/go-vela/cli...

GO-2024-2648 Server/API for Vela Insecure Variable Substitution in github.com/go-vela/server

Server/API for Vela Insecure Variable Substitution in github.com/go-vela/server...

GO-2024-2641 Insecure Variable Substitution in Vela in github.com/go-vela/worker

Insecure Variable Substitution in Vela in github.com/go-vela/worker...

GO-2024-2649 Types for Vela Insecure Variable Substitution in github.com/go-vela/types

Types for Vela Insecure Variable Substitution in github.com/go-vela/types...

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview Sharp and Toshiba Tec MFPs multifunction printers contain multiple vulnerabilities listed below. Stack-based Buffer Overflow CWE-121 - CVE-2024-28038 Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-28955 Cleartext Storage of Sensitive Information CWE-312 -...

RHEL 8 : mingw-wavpack (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wavpack: Use of uninitialized variable in WavpackSetConfiguration64 leads to DoS CVE-2019-11498 - The...

RHEL 7 : mod_fcgid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - modfcgid: modfcgid sets environmental variable based on user supplied Proxy request header CVE-2016-1000104 Note th...