ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script.
94b9c452c40fa97359bd14766458b08e7dbabab381af5bfc9f983be77b4e1601This white paper, titled "DTLS 'ClientHello' Race Conditions in WebRTC Implementations," details a security vulnerability affecting multiple WebRTC implementations. The research uncovers a security flaw where certain implementations fail to properly verify the origin of DTLS "ClientHello" messages in WebRTC sessions, potentially leading to denial of service attacks. The paper includes methodology, affected systems, and recommendations for mitigation.
eb9b90060957ab9a31665bc8c84c603533eeccd79e0c24bfa578d26e43901509Ubuntu Security Notice 7080-1 - Toshifumi Sakaguchi discovered that Unbound incorrectly handled name compression for large RRsets, which could lead to excessive CPU usage. An attacker could potentially use this issue to cause a denial of service by sending specially crafted DNS responses.
cc7105052cdc61cec40803353bdf5bd7234e9e5535f0ccbd99d8e011b2a6ec92Ubuntu Security Notice 7078-1 - Atte Kettunen discovered that Firefox did not properly validate before inserting ranges into the selection node cache. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
1384fe43e656351dfff115b8a598ae38edc6fd1b15fa5bd10c4ef73f06367497Ubuntu Security Notice 7072-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
08de50fda1a204987e7b236b4d60489118dfcdd288c610737173e129183556edUbuntu Security Notice 7062-2 - USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.
7416855bcecac5b5624e8e37e7f8de249410a20a22cc5adf52eff7f97219bf3dAn error path in usbdev_mmap() (where remap_pfn_range() fails midway through) frees pages before the PFN mapping pointing to those pages is cleaned up, making physical page use-after-free possible. Some other drivers look like they might have similar issues.
9954c73a5d4b25cfd2ae71c579096d9048f40475e6683e174f991dae3312c11dUbuntu Security Notice 7042-3 - USN-7042-2 released an improved fix for cups-browsed. This update provides the corresponding update for Ubuntu 24.10. Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.
bcfb45a99344cfbb1e508b8fa8b50297a7f22efed18b112b2d79da6dc19b12cdRed Hat Security Advisory 2024-8014-03 - Network Observability 1.7 for Red Hat OpenShift. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
98af9b707c7bf6fe22d29e7c3bc78754e1ace6f0ff84bac13f16b35686a6520fRed Hat Security Advisory 2024-7759-03 - Multicluster Engine for Kubernetes 2.6.3 General Availability release images and updated container images.
d8426d1b795c5cfa9bf5293a7a777d093c7f3cdb96227e95ffb02e0884662239Ubuntu Security Notice 7077-1 - Enrique Nissim and Krzysztof Okupski discovered that some AMD processors did not properly restrict access to the System Management Mode configuration when the SMM Lock was enabled. A privileged local attacker could possibly use this issue to further escalate their privileges and execute arbitrary code within the processor's firmware layer.
1b93fed31deb5ceab827b377461e759d44430df07935c76d9f6670528d1a2507Rittal IoT Interface and CMC III Processing Unit versions prior to 6.21.00.2 suffer from improper signature verification and predictable session identifier vulnerabilities.
24d8219a6f5e71cab30605ff318d56d4c733756ce0d70e61bb19f0186edec9fdPaxton Net2 versions prior to 6.07.14023.5015 (SR4) suffers from a bypass vulnerability that allows for unauthorized enabling of the API.
bc7e4117f2795cf37ed186093a7e7a38374fb88c77529bd1f8c3be2dac768d41Debian Linux Security Advisory 5793-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
a639a7d1289dbe3e7b752ce962df23b2b6678ccb48fe42b2380c790047568270Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.
d393a8fbc83a7853129734872e32346a0060fce6cc2859479ba80540d7ca06afThis Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961). It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP and glibc versions are also vulnerable). Versions affected include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.
f1b5cba01a5fd2ecef43b7a58280b21a88a3060e64cb2735247437f0ade78ff4ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script.
cb2141122e64c71654606a390db65e7c398f5ec9a8b5883f4b4d4e29437c9eacIBM Security Verify Access versions 10.0.0 through 10.0.8 suffer from an OAUTH related open redirection vulnerability.
a500a745e7c7c466abf142ddd6e71012e70518f4c0a88fbc922748f51623b6fbUbuntu Security Notice 7076-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
75a37cad45fa04414449a59d15d74bae4fcdac71f1d884b39d0f469fee75b15fUbuntu Security Notice 7074-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
3d3891df4038ae50767c7e0119f42726c76273dbb4ca44e116eec89bd005b3d6Ubuntu Security Notice 7073-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
fc4bba5376b41425014122bda093f3ca0b31ddf03a403f088d12c0efefaf7aaeUbuntu Security Notice 7069-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
90a26949ae996a096f04ec182eabaa6418d7330bf22e8c98d14db5fb53c8975fUbuntu Security Notice 7028-2 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
98691b52dc361923ae789d46853b1631bac1471d52e1e8f5c5bf3183938d9021Ubuntu Security Notice 7059-2 - USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10. Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.
a222adab927c20990f74c17c0d1c4297b96fae9882ffec61a1e854faccf9b026Red Hat Security Advisory 2024-8116-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include buffer overflow and integer overflow vulnerabilities.
732d16b8012b7b71e251ab4230e7cac070ff5b1ccfdfbaa3aaff7788dfb741f9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed