ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script.
94b9c452c40fa97359bd14766458b08e7dbabab381af5bfc9f983be77b4e1601
This white paper, titled "DTLS 'ClientHello' Race Conditions in WebRTC Implementations," details a security vulnerability affecting multiple WebRTC implementations. The research uncovers a security flaw where certain implementations fail to properly verify the origin of DTLS "ClientHello" messages in WebRTC sessions, potentially leading to denial of service attacks. The paper includes methodology, affected systems, and recommendations for mitigation.
eb9b90060957ab9a31665bc8c84c603533eeccd79e0c24bfa578d26e43901509
Ubuntu Security Notice 7080-1 - Toshifumi Sakaguchi discovered that Unbound incorrectly handled name compression for large RRsets, which could lead to excessive CPU usage. An attacker could potentially use this issue to cause a denial of service by sending specially crafted DNS responses.
cc7105052cdc61cec40803353bdf5bd7234e9e5535f0ccbd99d8e011b2a6ec92
Ubuntu Security Notice 7078-1 - Atte Kettunen discovered that Firefox did not properly validate before inserting ranges into the selection node cache. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
1384fe43e656351dfff115b8a598ae38edc6fd1b15fa5bd10c4ef73f06367497
Ubuntu Security Notice 7072-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
08de50fda1a204987e7b236b4d60489118dfcdd288c610737173e129183556ed
Ubuntu Security Notice 7062-2 - USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.
7416855bcecac5b5624e8e37e7f8de249410a20a22cc5adf52eff7f97219bf3d
An error path in usbdev_mmap() (where remap_pfn_range() fails midway through) frees pages before the PFN mapping pointing to those pages is cleaned up, making physical page use-after-free possible. Some other drivers look like they might have similar issues.
9954c73a5d4b25cfd2ae71c579096d9048f40475e6683e174f991dae3312c11d
Ubuntu Security Notice 7042-3 - USN-7042-2 released an improved fix for cups-browsed. This update provides the corresponding update for Ubuntu 24.10. Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.
bcfb45a99344cfbb1e508b8fa8b50297a7f22efed18b112b2d79da6dc19b12cd
Red Hat Security Advisory 2024-8014-03 - Network Observability 1.7 for Red Hat OpenShift. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
98af9b707c7bf6fe22d29e7c3bc78754e1ace6f0ff84bac13f16b35686a6520f
Red Hat Security Advisory 2024-7759-03 - Multicluster Engine for Kubernetes 2.6.3 General Availability release images and updated container images.
d8426d1b795c5cfa9bf5293a7a777d093c7f3cdb96227e95ffb02e0884662239
Ubuntu Security Notice 7077-1 - Enrique Nissim and Krzysztof Okupski discovered that some AMD processors did not properly restrict access to the System Management Mode configuration when the SMM Lock was enabled. A privileged local attacker could possibly use this issue to further escalate their privileges and execute arbitrary code within the processor's firmware layer.
1b93fed31deb5ceab827b377461e759d44430df07935c76d9f6670528d1a2507
Rittal IoT Interface and CMC III Processing Unit versions prior to 6.21.00.2 suffer from improper signature verification and predictable session identifier vulnerabilities.
24d8219a6f5e71cab30605ff318d56d4c733756ce0d70e61bb19f0186edec9fd
Paxton Net2 versions prior to 6.07.14023.5015 (SR4) suffers from a bypass vulnerability that allows for unauthorized enabling of the API.
bc7e4117f2795cf37ed186093a7e7a38374fb88c77529bd1f8c3be2dac768d41
Debian Linux Security Advisory 5793-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
a639a7d1289dbe3e7b752ce962df23b2b6678ccb48fe42b2380c790047568270
Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.
d393a8fbc83a7853129734872e32346a0060fce6cc2859479ba80540d7ca06af
This Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961). It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP and glibc versions are also vulnerable). Versions affected include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.
f1b5cba01a5fd2ecef43b7a58280b21a88a3060e64cb2735247437f0ade78ff4
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script.
cb2141122e64c71654606a390db65e7c398f5ec9a8b5883f4b4d4e29437c9eac
IBM Security Verify Access versions 10.0.0 through 10.0.8 suffer from an OAUTH related open redirection vulnerability.
a500a745e7c7c466abf142ddd6e71012e70518f4c0a88fbc922748f51623b6fb
Ubuntu Security Notice 7076-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
75a37cad45fa04414449a59d15d74bae4fcdac71f1d884b39d0f469fee75b15f
Ubuntu Security Notice 7074-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
3d3891df4038ae50767c7e0119f42726c76273dbb4ca44e116eec89bd005b3d6
Ubuntu Security Notice 7073-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
fc4bba5376b41425014122bda093f3ca0b31ddf03a403f088d12c0efefaf7aae
Ubuntu Security Notice 7069-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
90a26949ae996a096f04ec182eabaa6418d7330bf22e8c98d14db5fb53c8975f
Ubuntu Security Notice 7028-2 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
98691b52dc361923ae789d46853b1631bac1471d52e1e8f5c5bf3183938d9021
Ubuntu Security Notice 7059-2 - USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10. Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.
a222adab927c20990f74c17c0d1c4297b96fae9882ffec61a1e854faccf9b026
Red Hat Security Advisory 2024-8116-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include buffer overflow and integer overflow vulnerabilities.
732d16b8012b7b71e251ab4230e7cac070ff5b1ccfdfbaa3aaff7788dfb741f9