OpenMediaVault allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. All OpenMediaVault versions including the latest release 7.4.2-2 are vulnerable.
977b68b131bff0d949e6b913d2598f3af7e54c6447c2599729d421f769bac029Readymade Real Estate Script suffers from remote blind SQL injection and cross site scripting vulnerabilities. This was last validated on the build available as of July 12, 2024.
69386793e89cd8dd66c1d690fdd8aaaa1e52413aa12dedc645d9ef84ac9279a6Ubuntu Security Notice 6934-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.39 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
8e19ddfa7b465f3b22bb3e9d4a490937544b8838c05cfd5ad6de902d90a2f085Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
92b1bafe6e5d4ee4b322aaab6a609d8615a3bfbb3a543f0940ed55bcc0c2a5b5Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
b3e5f81d7594d4e27286cdf314c3ba39afa280b68b40db8274bd9a6fb236d9a4Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
64ed7468d6981b59402fc69e4b058670397d166eba644ba4e17b84199bc55681AMPLE BILLS version 1.0 suffers from a cross site scripting vulnerability.
5058deb5a1cc69ff116aa38a8a8e12d52904972c6285fe8c8a0fcc30aabf4c26Ubuntu Security Notice 6929-1 - It was discovered that the Hotspot component of OpenJDK 8 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 8 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
f4e9c4f3c7e69bd458944b9f132afa2f82f2fb0cc5990844424b460d546df0bdAero CMS version 0.0.1 suffers from a cross site request forgery vulnerability.
d177460484605e92448747eb5276d4dbc65842e8466efab16cfdeff8b9e1e531Ubuntu Security Notice 6928-1 - It was discovered that the Python ssl module contained a memory race condition when handling the APIs to obtain the CA certificates and certificate store statistics. This could possibly result in applications obtaining wrong results, leading to various SSL issues. It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered "private" or "globally reachable". This could possibly result in applications applying incorrect security policies.
6348aa6c803c2cb2243ee6f79a4a4964ae3836831f2a5635d54e6852bb5e11d9SchoolPlus LMS version 1.0 suffers from a remote SQL injection vulnerability.
22013989000d479ea07e76db9eff79fd7621f97874918eb37a3342e24fbd35dfAccPack Khanepani version 1.0 suffers from an insecure direct object reference vulnerability.
760d2e5184238b42e8f1ba299d632f9a683af578d5af3fd433dd135eb0ceb06bRed Hat Security Advisory 2024-4938-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a null pointer vulnerability.
d452de2aa6e75076d2f3e8721c8b90b0bf1571959bdebabac8478415e805eb13Red Hat Security Advisory 2024-4937-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.
4c2604fdae44be754d8a0513c7e63395b67fbfe9f90be45ce51de9fb3da3e457Red Hat Security Advisory 2024-4936-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.
e6d2c41175a0acd5861cc6a0c8176462281813df777cca58381e3fac1b9650a3Red Hat Security Advisory 2024-4935-03 - An update for freeradius is now available for Red Hat Enterprise Linux 9.
2532e6dcb2d4da08b107649950751c606f734cf85dd66630e015ec8b37417713Red Hat Security Advisory 2024-4934-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
12fb5d6e5d2cdec776f8c371f3506e5c0f6387296d6267bb3de1a9c532930402Red Hat Security Advisory 2024-4933-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.
55a61d1ba52b8b71b73acd02d2c990f7576342720ed726606929af825dd44ed1AccPack Cop version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a27d6ecbb685d624f010c47638973a78a91c45496e0c3d8256ad20eeb76f2222Red Hat Security Advisory 2024-4928-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include a null pointer vulnerability.
d85c1911157700d246f802349435694ee3fd873de2f76eb6b9c87f5544c9f2feRed Hat Security Advisory 2024-4922-03 - Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
96baa5beae39a868e494284fbcfeb38307eb17a3a70b7bcfa63f53577cdc2dc6Red Hat Security Advisory 2024-4913-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
8b38e606db35992e5ab109b5e7053084677124debd879c04f500e3f14ad132c8Red Hat Security Advisory 2024-4912-03 - An update for freeradius is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
ddcfed84eceadbd19ceaf0a618b0d733d7ecb7c7ed690c29be91bc5ade7697f7AccPack Buzz version 1.0 suffers from an arbitrary file upload vulnerability.
26ba3578925635eec579c27afdcf5dfe641d09db3c89b0df1e695a98b9056176Red Hat Security Advisory 2024-4911-03 - An update for freeradius is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
5686026f5780c87171eee9bd7ea8374d174b7ae8b314289fb9dac9e8ad1d9885
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed