#web

ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to perform network operations such as ping, traceroute, or nslookup on arbitrary hosts or IPs by sending a crafted GET request to networkDiagAjax.php. This could be exploited to interact with or probe internal or external systems, leading to internal information disclosure and misuse of network resources.

Ubuntu Security Notice 7073-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Red Hat Security Advisory 2024-8180-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

SofaWiki version 3.9.2 suffers from a remote shell upload vulnerability.

Ubuntu Security Notice 7072-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7071-1 - A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.

Red Hat Security Advisory 2024-7944-03 - Red Hat OpenShift Container Platform release 4.16.17 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a remote SQL injection vulnerability.

Red Hat Security Advisory 2024-7941-03 - Red Hat OpenShift Container Platform release 4.13.52 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include an open redirection vulnerability.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elvaco Equipment: M-Bus Metering Gateway CMe3100 Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Insufficiently Protected Credentials. 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution, impersonate and send false information, or bypass authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Elvaco CMe3100, a metering gateway are affected: CMe3100: Version 1.12. 1 3.2 Vulnerability Overview 3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS (CWE-522) The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. CVE-2024-49396 has been assigned to t...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Networks Equipment: EWON FLEXY 202 Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to sniff and decode credentials that are transmitted using weak encoding techniques. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of EWON FLEXY 202, an industrial modular gateway, are affected: EWON FLEXY 202: Firmware Version 14.2s0 3.2 Vulnerability Overview 3.2.1 CWE-522: Insufficiently Protected Credentials The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. CVE-2024-7755 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). CVE-2024-7755 has been assigned to this ...