SICAM A8000 CP-8000, SICAM A8000 CP-802X, SICAM A8000 CP-8050 Security Vulnerabilities

CVE-2024-36951

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised. Do a range check so that the debugger and runtime do not receive garbage codes. Update the user api...

CVE-2024-5514

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...

Exploit for Uncontrolled Resource Consumption in Apache Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found...

Siemens CP-XXXX Series Exposed Serial Shell

...

CVE-2021-47566

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...

CVE-2024-5403

ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote...

CVE-2024-5400

Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote...

CVE-2024-5399

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote...

CVE-2021-47566

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...

CVE-2021-47566 proc/vmcore: fix clearing user buffer by properly using clear_user()

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .

Summary IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS. This bulletin identifies the steps required to address these vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-33599 DESCRIPTION: **glibc is vulnerable.....

Exploit for CVE-2024-27956

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2024-30260 DESCRIPTION: **Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a...

CVE-2024-35902

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-site...

CVE-2024-35902

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: cp is a parameter of __rds_rdma_map and is not reassigned. The following call-sites...

CVE-2024-35902

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following...

CVE-2024-35902 net/rds: fix possible cp null dereference

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: cp is a parameter of __rds_rdma_map and is not reassigned. The following call-sites...

CVE-2024-35902

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-site...

CVE-2024-24874

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through...

CVE-2024-24873

: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through...

CVE-2024-24873 WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability

: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through...

CVE-2024-24874 WordPress Polls CP plugin <= 1.0.71 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through...

SAP NetWeaver AS ABAP XSS (May 2024) (3448445)

The remote SAP NetWeaver ABAP server may be affected by a cross-site scripting (XSS) vulnerability. A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a.....

SAP NetWeaver AS ABAP XSS (May 2024) (3450286)

The remote SAP NetWeaver ABAP server may be affected by a cross-site scripting (XSS) vulnerability. A cross-site scripting (XSS) vulnerability exists due to improper validation and encoding of untrusted data. An unauthenticated, remote attacker can exploit this, by convincing a user to click a...

SAP NetWeaver AS ABAP File Upload Vulnerability (May 2024) (3448171)

The remote SAP NetWeaver ABAP server may be affected by an arbitrary file upload vulnerability. An arbitrary file upload vulnerability exists in the content repositiory due to missing a signature check. An unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote...

Siemens SICAM Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20945)

Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20945) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache ZooKeeper security bypass vulnerabilitiy. (CVE-2023-44981)

Summary Potential Apache ZooKeeper security bypass vulnerabilitiy (CVE-2023-44981) has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-44981 ...

CVE-2024-4894

ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network...

CVE-2024-4893

DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system...

Kemp LoadMaster Local sudo Privilege Escalation Exploit

This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such,.....

Kemp LoadMaster Local sudo Privilege Escalation

...

RHEL 5 : gcc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gcc: Exploitable buffer overflow (CVE-2016-2226) Use-after-free vulnerability in libiberty allows remote...

RHEL 6 : bluez (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS...