ABB Ability™ Symphony® Plus Operations Security Vulnerabilities

K000139691: Python vulnerabilities CVE-2022-48565, CVE-2018-1000802 and CVE-2016-9063

Security Advisory Description CVE-2022-48565 An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2018-1000802 Python Software Foundation Python (CPython)...

K000139685: Python vulnerability CVE-2023-40217

Security Advisory Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST

Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2021-35942 DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain...

[slackware-security] mariadb

New mariadb packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mariadb-10.5.25-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Difficult to exploit vulnerability...

CVE-2024-35997

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More...

CVE-2023-49335

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...

CVE-2023-49335

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...

CVE-2023-49332

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...

CVE-2023-49333

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...

CVE-2023-49334

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...

CVE-2023-49331

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...

CVE-2023-49334

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...

CVE-2023-49331

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...

CVE-2023-49332

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...

CVE-2023-49333

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...

CVE-2023-49335

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...

CVE-2023-49335

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...

CVE-2023-49334

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...

CVE-2023-49334

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...

CVE-2023-49333

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...

CVE-2023-49333

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...

CVE-2023-49332

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...

CVE-2023-49332

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...

CVE-2024-35956

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...

CVE-2024-35955

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time....

CVE-2023-49331

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...

CVE-2023-49331

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...

Passbolt Api Retrieval of HTTP-only cookies

Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...

Passbolt Api Retrieval of HTTP-only cookies

Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST

Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2023-45283 DESCRIPTION: **Golang Go could allow a remote attacker to traverse directories on...

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under.....

Security Bulletin: Multiple vulnerabilities affect Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-22201, CVE-2023-51775)

Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as Indexing Engine server is vulnerable to denial of service. Vulnerability Details ** CVEID: CVE-2024-22201 DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets...

Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense Plus

[CVE-2023-27100 - pfSense Anti-brute force protection bypass]...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....

linux-aws, linux-aws-5.15 vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS

Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as modern....

CVE-2024-4287 Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...

CVE-2024-35997

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More...

CVE-2024-35997

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More...

CVE-2024-35997

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More...

CVE-2024-35956

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...

CVE-2024-35956

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...

CVE-2024-35955

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time....

CVE-2024-35956

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...