Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2021-41144: Fix for authenticated remote code execution through layout update

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

CVE
#vulnerability#git#rce#auth
CVE-2021-41143: Release v19.4.22 · OpenMage/magento-lts

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

CVE-2022-48008: GitHub - Sakura-501/LimeSurvey-5.4.15-PluginUploadtoRCE: In LimeSurvey5.4.15, it has a vulnerability in index.php/admin/pluginmanager which can lead to RCE

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.

Critical RCE Lexmark Printer Bug Has Public Exploit

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.

Red Hat Security Advisory 2023-0469-01

Red Hat Security Advisory 2023-0469-01 - Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2023-0471-01

Red Hat Security Advisory 2023-0471-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1). Issues addressed include a denial of service vulnerability.

GHSA-h632-p764-pjqm: DataFlow upload remote code execution vulnerability

### Impact An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile.

GHSA-5j2g-3ph4-rgvm: Fix for authenticated remote code execution through layout update

### Impact A layout block was able to bypass the block blacklist to execute remote code.

GHSA-5vpv-xmcj-9q85: Fix for arbitrary file deletion in customer media allows for remote code execution

### Impact Magento admin users with access to the customer media could execute code on the server.