#vulnerability

ABB Cylon Aspect version 3.08.01 has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary directories without reading file contents, leading to information disclosure of directory structures and filenames. This may expose sensitive system details, aiding in further attacks. The issue lies in the listFiles() function of the persistenceManagerAjax.php script, which calls PHP's readdir() function without proper input validation of the directory POST parameter.

Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability.

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

Ubuntu Security Notice 7022-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7060-1 - It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Ubuntu Security Notice 7059-1 - Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.

Vulnerability prioritization has evolved over the years. Several frameworks exist to help organizations make the right decisions when it comes to deciding which patches to apply and when. But are these better than a Magic 8 Ball?

Red Hat Security Advisory 2024-7958-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-7875-03 - An update for net-snmp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and null pointer vulnerabilities.

Red Hat Security Advisory 2024-7869-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and denial of service vulnerabilities.