CVE-2023-50164 : ORACLE MYSQL ENTERPRISE MONITOR 8.0.36 AND PRIOR MONITORING REMOTE CODE EXECUTION

Description

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

References

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

https://www.openwall.com/lists/oss-security/2023/12/07/1

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

https://security.netapp.com/advisory/ntap-20231214-0010/

For More Information

CVERecord

Contact us to get started

CVE-2024-32638 : APACHE APISIX 3.8.0/3.9.0 FORWARD-AUTH PLUGIN REQUEST SMUGGLING

Description Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using `forward-auth` plugin. This issue affects

Learn more

CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION

Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows

Learn more

CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION

Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more

Learn more