Security
Headlines
HeadlinesLatestCVEs

Tag

#java

ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure

ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

Packet Storm
Open in Source
#sql#vulnerability#web#linux#apache#java#intel#php#perl#auth#ssh
AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover," Aqua said in a report shared

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor. This entails triggering the

GHSA-qqqw-gm93-qf6m: OS Command Injection in Snyk gradle plugin

The Snyk gradle plugin is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.

TA866 Group Linked to New WarmCookie Malware in Espionage Campaign

Cisco Talos reveals TA866’s (also known as Asylum Ambuscade) sophisticated tactics and its link to the new WarmCookie…

ABB Cylon Aspect 3.08.01 logCriticalLookup.php Unauthenticated Log Disclosure

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.

ABB Cylon Aspect 3.08.01 throttledLog.php Unauthenticated Log Disclosure

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.

Ubuntu Security Notice USN-7079-1

Ubuntu Security Notice 7079-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2024-8329-03

Red Hat Security Advisory 2024-8329-03 - An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.

Attackers Use Encoded JavaScript to Deliver Malware

Cyber attackers are using encoded JavaScript files to hide malware, abusing Microsoft’s Script Encoder to disguise harmful scripts…