ABB Ability™ Symphony® Plus Operations Security Vulnerabilities

CVE-2024-34686

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

tiff vulnerability

It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to a heap buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary...

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

Mozilla Firefox Security Advisory (MFSA2024-25) - Linux

This host is missing a security update for Mozilla...

AMD SPI Lock Bypass June 2024 Security Update

AMD has informed HP of a potential weakness in AMD SPI protection features, which might allow arbitrary code execution. AMD is releasing firmware updates and HP is enabling AMD ROM Armor to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has...

Mozilla Firefox ESR < 115.12

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox &lt; 127, Firefox ESR &lt; 115.12, and Thunderbird &lt; 115.12. Notes Author| Note ---|--- tyhicks | mozjs contains ...

LibTIFF vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages tiff - Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations,...

Mozilla Firefox < 127.0

The version of Firefox installed on the remote Windows host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the...

ROS-20240611-06

A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : LibTIFF vulnerability (USN-6827-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6827-1 advisory. It was discovered that LibTIFF incorrectly handled memory when performing certain cropping...

(0Day) Microsoft Windows Incorrect Permission Assignment Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

Mozilla Firefox ESR < 115.12

The version of Firefox ESR installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. (CVE-2024-5702) ...

Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6828-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6828-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

SPI Lock Bypass

Bulletin ID: AMD-SB-1041 Potential Impact: System Integrity Severity:High Summary Potential weaknesses in AMD’s SPI protection features may allow an attacker to bypass the native System Management Mode (SMM) ROM protections. CVE Details CVE-2022-23829 A potential weakness in AMD SPI protection...

Security Vulnerabilities fixed in Firefox ESR 115.12 — Mozilla

Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which.....

Security Vulnerabilities fixed in Firefox 127 — Mozilla

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...

Mozilla Firefox < 127.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal...

Oracle Database Password Hash Unauthorized Access

...

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-36305

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36305

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

ghtml Cross-Site Scripting (XSS) vulnerability

Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Actions Taken Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive...

ghtml Cross-Site Scripting (XSS) vulnerability

Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Actions Taken Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive...

CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...