Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.
7de4b646e251e2d19beaff13447bea9203d84dff1252032449a7a84e3fe4b164Ubuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.
bbf083f3d2d1406b17c352954c3eb9443be7fb0019d52c848f3b9d5be201e1e4Ubuntu Security Notice 7084-1 - It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
29ff94c3d9e8abedc1bc6ca7386296e337966fbed2dbee657de8625b278ef2efThis Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.
ee57dce5428a24a7b498257e3bc5ee22dadff0bd6e92b4746a779384b38532cbABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication, attackers can gain unauthorized insights into valid usernames.
876239c6ba18bd17cf52cea349bc4116a278ec0160c9a365202602eb0c5d0e08ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized information disclosure in the jsonProxy.php endpoint. An unauthenticated attacker can retrieve sensitive system information, including system time, uptime, memory usage, and network load statistics. The jsonProxy.php endpoint proxies these requests to internal services without requiring authentication, allowing attackers to obtain detailed system status data, which could aid in further attacks by revealing operational characteristics and resource utilization.
54ba1ca2869094716720e73937f51fe840979ccab5472dbfb97b23f87b366ff1ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized SSH service configuration changes via the jsonProxy.php endpoint. An unauthenticated attacker can enable or disable the SSH service on the server by accessing the FTControlServlet with the sshenable parameter. The jsonProxy.php script proxies requests to localhost without enforcing authentication, allowing attackers to modify SSH settings and potentially gain further unauthorized access to the system.
3e98b4b396141e37a68a75be90c6aec7e9ecbd76dd24b82d33c08641bd3c4863ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to localhost without requiring authentication, enabling attackers to disrupt system availability by repeatedly triggering server restarts.
bcacda1a1bffa6ee6d70a54beaff09b511b2a7ae2d1b536e862440ab2a2c5dd7ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthorized project file disclosure in jsonProxy.php. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by proxying requests to localhost (AspectFT Automation Application Server), granting remote attackers unauthorized access to internal Java servlets. This exposes potentially sensitive project data and configuration details without requiring authentication.
daeb2790f0aa17137e230e9743c822114097df90c546bcf21d4fe680c859fd52ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with multiple java servlets without authorization, potentially exposing sensitive system functions and information.
a08a2149099c34ec40fd07e93366c624394f11cf20f4846541af94c2dc635080ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to disclose credentials in plain-text.
e32550b0bd6a59d7a54347d6baf48647e2265dd21c439c982e1c9264a16942cbABB Cylon Aspect version 3.08.01 suffers from an unauthenticated reflected cross-site scripting vulnerability. Input passed to the GET parameters query and application is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
a0ecb721f44718ac0888eed9bd376599009ff218720ee24ca8060a52f93a3ef9Red Hat Security Advisory 2024-8617-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.
e5a4066563c2f840bbcc60ffb9224876640a9a68b520e13044d7d7a14606eb5eRed Hat Security Advisory 2024-8616-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
691be1a1db06df157ae0cf32b6ee2ebd69606477506089158d9a64c472c28818Red Hat Security Advisory 2024-8614-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.
484351ee2477bf9e52586c3165461737117803069fe452f47b89617b3a802cf5Red Hat Security Advisory 2024-8613-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.
27c9fe72758b99357de54c01de159e5227c6921e57c6e54b7612b81015a9fbcbRed Hat Security Advisory 2024-8577-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
ba836b1f571a1be6f6f04ac01d04cea90f4977aa956a8d82ae932118455fe944Red Hat Security Advisory 2024-8572-03 - An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
ea233c07171cf7dad56f848e06e358f9ff79980a270356c7f270a1b7086e0547Red Hat Security Advisory 2024-8567-03 - An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
c8fb17ade725edde397023c4277b397c0a90874a0cb27a0041a35d0db02f8791Red Hat Security Advisory 2024-8563-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.
6218ceead2a862abfe6f14caf64689d8fe561ef58acda507479d3de43198f670Red Hat Security Advisory 2024-8546-03 - Red Hat Advanced Cluster Management for Kubernetes 2.9.5 General Availability release images, which fix bugs and update container images.
8fff60dfb64638ac683b6a4c794eb8f9024ddcc0a6e13c89bcf6c5df78e64d97Red Hat Security Advisory 2024-8543-03 - An update for the pki-core:10.6 and pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
eac8a8c1caab3ca9ae4c9096331124f3d3870b249494632d4f6b39460ccf41f9Red Hat Security Advisory 2024-8534-03 - An update is now available for Red Hat Ansible Automation Platform 2.5. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.
65bfbdf47b7b3ef0832fde85370b1282cfbfe60dc0ce626eb629b080616d5d4fRed Hat Security Advisory 2024-8533-03 - Multicluster Engine for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images.
575a74d3bcaac7ab6c39b707168000ca9439851ec33d7ff240d70578cb2f27fdRed Hat Security Advisory 2024-8528-03 - An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.
2fb744c63c3d969ba1a284da9fc98e527ab28bd6d87c57979e6d8b44a03a4e2e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed