ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the configuration mappings information via the VMobileImportExportServlet by directly calling the vstatConfigurationDownload.php script.
43c96af8c2682eb0a000f47d83e5264452bc79644a69b914c8f4bd5a1347cdba
The Akuvox Smart Intercom/Doorphone suffers from an insecure service API access control. The vulnerability in ServicesHTTPAPI endpoint allows users with "User" privileges to modify API access settings and configurations. This improper access control permits privilege escalation, enabling unauthorized access to administrative functionalities. Exploitation of this issue could compromise system integrity and lead to unauthorized system modifications.
d6519d44019fd929163a3f0cfc993a7eb59025d7f9ad1249b44c90b5573d566f
Debian Linux Security Advisory 5819-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, CLRF injection or information disclosure.
2481470ddfb4c98e2a69dca6bc10f1fc70bf8a21d5327573eb900cd624ee6b9d
Ubuntu Security Notice 7126-1 - It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that libsoup could enter an infinite loop when reading certain websocket data. An attacker could possibly use this issue to cause a denial of service.
cdd94a4f3569687a23d5f90580cbb143f94576b6385e0c33dfac46abdac253a6
Ubuntu Security Notice 7127-1 - It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
8eab9b3c18eec9367e7c8330678731ff248eafd1a6652553de40ab2d374e7f6e
Ubuntu Security Notice 7130-1 - It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if the user connected to a malicious server.
fe3eb861c4e7a23b6b2ce99368f3327913bcab99b1f679efb490abc72c37bc89
Ubuntu Security Notice 7125-1 - It was discovered that RapidJSON incorrectly parsed numbers written in scientific notation, leading to an integer underflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.
5959e05a4f919e8c421949a58be5b383c74c195a0627c0a6b62be2aa7a5df935
Ubuntu Security Notice 6988-2 - USN-6988-1 fixedCVE-2024-41671 in Twisted. The USN incorrectly stated that previous releases were unaffected. This update provides the equivalent fix for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Ben Kallus discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS.
9f6c4ac3ae0181ed5637fe932441a9acc8aa722c23b40f44fc27316ef8f338d3
Ubuntu Security Notice 7129-1 - It was discovered that TinyGLTF performed file path expansion in an insecure way on certain inputs. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.
43b97184d979319f1754c2eac1453cd4112977dacc04a1b4e5f6bf6b99ea7ad7
Ubuntu Security Notice 7128-1 - Sebastian Chnelik discovered that Pygments had an inefficient regex query for analyzing certain inputs. An attacker could possibly use this issue to cause a denial of service.
668d2cc6b2579ea7a3344658960fa1c48b5e4d4b3366c1ad0d944d336ae5e142
Ubuntu Security Notice 7117-2 - USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem. Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root.
6045c90f6a06c6c706541b8ae686bc492ee7f2e736d368452534e35f1f2ef3cc
Red Hat Security Advisory 2024-9885-03 - Red Hat Trusted Profile Analyzer 1.2.0 release Red Hat Product Security has rated this update as having a security impact of Moderate.
e0bc1d0e0b375cb703d1ebee931318c748e31c547117762fc9a82a9c57b2ad35
Red Hat Security Advisory 2024-10492-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a bypass vulnerability.
239fc5b5b373b0c1e519d89cf6b101c8409857bb98ef3226b483ec979685d3d0
Red Hat Security Advisory 2024-10483-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a bypass vulnerability.
6e07b8a73866680967a947d8bb9e51594ed0f1d66529b1c117f3a5c2709e684e
Red Hat Security Advisory 2024-10472-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.
04dc5877a858b49930517be0597d0861052545d2dbffcbe983cd485ccc376234
Red Hat Security Advisory 2024-10389-03 - Red Hat OpenShift Virtualization release 4.13.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
e9aa901dc07e42b8b0ee3aa3c5059d62c3df365e0ab185d739174a3d19885ffa
Red Hat Security Advisory 2024-10386-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
6fa1f51512caf9b12c7d28b1aca2f2ebb6247624795929d5c61a4e0d85604a54
Red Hat Security Advisory 2024-10385-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
7685e8cae51ba24ac9d3a8960a51d48fe92533726434e49338973df84ac2a6e5
Red Hat Security Advisory 2024-10384-03 - An update for tuned is now available for Red Hat Enterprise Linux 9.
81ffaa341ca2f20857818ce21c2e8f8b35fce2ab0d74891a38cd6e4a0f02af05
Red Hat Security Advisory 2024-10381-03 - An update for tuned is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
b2d200e1b8d9ef807f86e0e47cc35641f4c52d93cf9bdb6e04c640e03ed0c0ed
Red Hat Security Advisory 2024-10379-03 - An update for pam is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.
9d021eda9681de10faf8d0e1687a12556a93d3bfe5b9b776036e8734b9c650c8
Red Hat Security Advisory 2024-10289-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and traversal vulnerabilities.
8cca4c9205ce2f835d3b0321f2fa4f2c71a7019bac0421b61c1d3c39ae209621
Red Hat Security Advisory 2024-10282-03 - An update for the kernel-rt:4.18.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
b2d62df3d4be8824e4635ae693a82c86c3365fb3966bef95b77da1947bfaf5b4
Red Hat Security Advisory 2024-10281-03 - An update for the kernel:4.18.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
7d1175e7bf1bb7c91e0f7efb53f70b56d9142454e5fb603b14948824ffcc56f6
Red Hat Security Advisory 2024-10275-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
18c649d00738466bebac043cd210aac4104c54781058b81c36d7626e24706bba