Akaunting versions 3.1.3 and below suffer from a remote command execution vulnerability.
8d4933e0c1b3efde90f0ca90ae286fa4036671aa25168b79c0dd977756a0f6b1
Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.
a79ef3e7a5505aef83c8e1d9026a34f64acecaa9ccd3e41b225ac5500d8a96e7
Ubuntu Security Notice 6682-1 - ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
17369ac09ff469d577917f6a11d6b237c679de121e53f191d4d051615739e955
NDtaskmatic version 1.0 suffers from a remote SQL injection vulnerability.
937864e92a9493aa55230c661e22af5ba23fc573b0d4f507979622c61443310b
Ubuntu Security Notice 6679-1 - It was discovered that FRR incorrectly handled certain malformed OSPF LSA packets. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
3efcd48e104a143fe730fd8974e6c97f3e55c468d9f86582780097369d74b591
Ubuntu Security Notice 6675-1 - It was discovered that ImageProcessing incorrectly handled series of operations that are coming from unsanitised inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
d491a79e75514bf25f975567ff41507638e98c09cab54bfb9d5dcf4332bfbb3a
JetBrains TeamCity versions prior to 2023.11.4 remote authentication bypass exploit that can be leveraged for user addition and remote code execution.
1eb2994a182c4436527b7e141ca0fa83da6821b9a33465277fc30e0e77a404f3
F5 BIG-IP remote user addition exploit that leverages the authorization bypass vulnerability as called out in CVE-2023-46747.
8e2ae8616e3f49ce4b6b8d7d60b60b5b38f7d2f1025eb35aadd47b408f83606c
Customer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customer_support/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020.
718d48eb7ca237f5f3ee83bb6118e210de87e3b83055bc4ece1ed2ad4b88e9d9
Ubuntu Security Notice 6674-2 - USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
997b193005614a4286e157f3adb9ede1701e065c5ba4f071d3dffb9741612a72
Ubuntu Security Notice 6674-1 - Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
8724577a7a85c8ee06c83d3ec00d4db888a3a2260fa6a62b92f39b2d23d729c9
Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.
01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48a
Wallos versions prior to 1.11.2 suffer from a remote shell upload vulnerability.
77ba729fac9fbd6e562f329a83458d57ae71f13aaf4f55db7da1328097365d1a
Gentoo Linux Security Advisory 202403-1 - A vulnerability has been discovered in Tox which may lead to remote code execution. Versions greater than or equal to 0.2.13 are affected.
bd25f2b467d833795026292ee1d9110cf019aaca57398e04f9425d2375388e5f
Petrol Pump Management System version 1.0 suffers from a remote shell upload vulnerability. This is a variant vector of attack in comparison to the original discovery attributed to SoSPiro in February of 2024.
0f0040501420a8f8ddd6c7f12a7f7140cff7687749ef9d7f7d32928b820114f8
Petrol Pump Management Software version 1.0 suffers from a remote SQL injectionvulnerability.
51abe5321193658e358ef6153227465b3009062f89a267703a6584db36a564df
Easywall version 0.3.1 suffers from an authenticated remote command execution vulnerability.
02674567c5d503f91e947ba06aece45751ee04aeffe5b6edc3dfffb994976693
Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.
fa597d50e9f8b5bd302a8783ff6dbb02dfd40c5672ca6442aff828f6a586c095
GL.iNet AR300M versions 3.216 and below suffer from an OpenVPN client related remote code execution vulnerability.
0bc765cb78e3663fd69f067daec79c26a082e75d184e6d211c3b136d90337022
GL.iNet AR300M versions 4.3.7 and below suffer from an OpenVPN client related remote code execution vulnerability.
9270490cd001ef107453c4f557a02b7ca323b54f6f7cbe828cf79a16dc19810e
Employee Management System version 1.0-2024 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
01f9a437e502773164c42d18db293d6d010978a568703d9945cb9bfe002238b5
Real Estate Management System version 1.0 suffers from a remote shell upload vulnerability.
839e1e676d2dbd464ca5097616ef9a9bec7bfb837d94aa2a8ab1088675a02115
XAMPP version 5.6.40 suffers from a remote SQL injection vulnerability.
388ddb4dde51e1972477265a1ca501e1b0ccc13ac7cdae3357edbf821cc9e47b
AC Repair And Services System version 1.0 suffers from a remote SQL injection vulnerability.
968e1e9ea2480d617b49d7df215b4108c9bc3eb6c59822b95bb40c30e4220cb9
Simple Student Attendance System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
6b7b532debcb16f754e8a23e15c6fb12f3478fbbf1e0f8342fa31ef1ea31bcf1