CVE-2023-49070 : APACHE OFBIZ UP TO 18.12.9 CODE INJECTION

Description

Pre-auth RCE in Apache Ofbiz 18.12.09. It’s due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10.

References

https://ofbiz.apache.org/download.html

https://ofbiz.apache.org/security.html

https://ofbiz.apache.org/release-notes-18.12.10.html

https://issues.apache.org/jira/browse/OFBIZ-12812

https://lists.apache.org/thread/jmbqk2lp4t4483whzndp5xqlq4f3otg3

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-26622 : LINUX KERNEL UP TO 6.8-RC6 TOMOYO_WRITE_CONTROL USE AFTER FREE

CVE-2024-26622 : LINUX KERNEL UP TO 6.8-RC6 TOMOYO_WRITE_CONTROL USE AFTER FREE

Description In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control()

CVE-2023-52479 : LINUX KERNEL UP TO 5.15.134/6.1.56/6.5.6 KSMBD SMB20_OPLOCK_BREAK_ACK USE AFTER FREE

CVE-2023-52479 : LINUX KERNEL UP TO 5.15.134/6.1.56/6.5.6 KSMBD SMB20_OPLOCK_BREAK_ACK USE AFTER FREE

Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix uaf in smb20_oplock_break_ack drop reference after use

CVE-2024-22459 : DELL ECS UP TO 3.6.2.5/3.7.0.6/3.8.0.4 ACCESS CONTROL

CVE-2024-22459 : DELL ECS UP TO 3.6.2.5/3.7.0.6/3.8.0.4 ACCESS CONTROL

Description Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access