ABB Ability™ SCADAvantage Security Vulnerabilities

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2023 Critical Patch.....

kernel security, bug fix, and enhancement update

[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Exposed Dangerous Method or Function (CVE-2023-5389)

An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files.....

Oracle Session Border Controller (January 2022 CPU)

The versions 8.4 and 9.0 of Oracle Enterprise Session Border Controller product of Oracle Communications installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory, including the following: Easily exploitable vulnerability allows low...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow...

Verizon’s 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities

As we delve into cybersecurity's complex and evolving landscape, the Verizon 2024 Data Breach Investigations Report (DBIR) offers crucial insights into the mechanisms and motives behind the latest wave of cyberattacks. Qualys is once again proud to contribute to the report, helping to dissect...

CVE-2024-33517

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected...

CVE-2024-33518

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected...

CVE-2024-33516

An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the...

CVE-2024-33513

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected...

CVE-2024-33515

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected...

CVE-2024-33514

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected...

CVE-2024-33518

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected...

CVE-2024-33517

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected...

CVE-2024-33516

An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the...

CVE-2024-33515

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected...

CVE-2024-33514

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected...

CVE-2024-33513

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected...

CVE-2024-33512

There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful...

CVE-2024-33511

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this...

CVE-2024-26304

There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this...

CVE-2024-26305

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability...

CVE-2024-33512

There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful...

CVE-2024-33511

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this...

CVE-2024-26305

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability...

CVE-2024-26304

There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this...

CVE-2024-24912

A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target...

CVE-2024-24912 Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file

A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target...

The Business of Cybersecurity Ownership

Who exactly owns cybersecurity in your organisation? Authored by Sean Vogelenzang Many would say the answer is obvious. It’s the chief information security officer (CISO) and his or her team, of course. However, it’s not that simple. Sure, the CISO and their team are responsible for setting the...

CVE-2024-32973

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session......

CVE-2024-32973 Remote for TLS session may be trusted despite constraints in Pluto lang

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session......

Navidrome Parameter Tampering vulnerability

Summary Parameter tampering is a vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. Details The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist,...

Navidrome Parameter Tampering vulnerability

Summary Parameter tampering is a vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. Details The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist,...

CVE-2024-32963

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter...

CVE-2024-32963 Parameter Tampering vulnerability in Navidrome

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter...

Bypassing MFA on Microsoft Azure Entra ID

TL;DR Even though MFA is effective it is one security control amongst many Even if MFA is in use, check its configuration Consider unexpected patterns of use, such as people logging in from Linux or macOS Make sure you log and can react to out-of-band behaviour Introduction On a recent Red Team...

Security Bulletin: NVIDIA ChatRTX - May 2024

NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update addresses and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...

Security Bulletin: Triton Inference Server - April 2024

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

CVE-2024-28269

ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in a Remote Code...

Security Bulletin: A vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...

Introducing the Wallarm Q1 2024 API ThreatStats™ Report

As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...

Velociraptor 0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More

By Dr. Mike Cohen and Carlos Canto Rapid7 is very excited to announce that version 0.7.2 of Velociraptor is now fully available for download. In this post we’ll discuss some of the interesting new features. EWF Support Velociraptor has introduced the ability to analyze dead disk images in the...

(RHSA-2024:2585) Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283) kernel: mlxsw: spectrum_acl_tcam: Fix...

(RHSA-2024:2582) Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283) kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586) kernel: netfilter:...

(RHSA-2024:2394) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546) kernel: multiple use-after-free vulnerabilities (CVE-2024-1086, CVE-2023-3567, CVE-2023-4133,...

Privilege Escalation

github.com/projectcalico/calico/ is vulnerable to Privilege Escalation. The vulnerability is due to an incorrect SUID bit configuration in the Calico CNI install binary, combined with the ability to control the input binary, allows an attacker to execute an arbitrary binary with elevated...

RHEL 9 : kernel (RHSA-2024:2394)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2394 advisory. kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) kernel: memcg does not limit the...

RHEL 8 : kernel-rt (RHSA-2024:2585)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2585 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-011)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0_412.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-011 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of...