Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

ABB Cylon Aspect 3.07.00 Remote Code Execution

The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.

Packet Storm
#vulnerability#web#linux#apache#java#intel#php#rce#acer#auth
Gentoo Linux Security Advisory 202409-25

Gentoo Linux Security Advisory 202409-25 - Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected.

Red Hat Security Advisory 2024-7103-03

Red Hat Security Advisory 2024-7103-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-7102-03

Red Hat Security Advisory 2024-7102-03 - An update for grafana is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Ubuntu Security Notice USN-7009-2

Ubuntu Security Notice 7009-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

Red Hat Security Advisory 2024-7101-03

Red Hat Security Advisory 2024-7101-03 - An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

DragonForce Ransomware Expands RaaS, Targets Firms Worldwide

DragonForce ransomware is expanding its RaaS operation and becoming a global cybersecurity threat against businesses. Companies must implement…

ABB Cylon Aspect 3.08.01 Remote Code Execution

ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller.