ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection

ABB Cylon Aspect 3.08.00 yumSettings.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...

Low: gdb

Issue Overview: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c. CVE-2023-39128 GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...

ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vulnerability

ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system. ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb...

ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution

ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management an...

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vulnerability

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper...

ABB Cylon Aspect 3.07.02 user.properties Default Credentials

ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management and...

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2024-2543)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : wget (EulerOS-SA-2024-2543)

According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data...

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure

ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution

ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management a...

ABB Cylon Aspect 3.08.01 (logYumLookup.php) Unauthenticated File Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The building management system suffers from an unauthenticated...

Advisory ROSA-SA-2024-2503

Software: wget 1.19.5 OS: ROSA Virtualization 2.1 packageevrstring: wget-1.19.5-12.rv3 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the userinfo URI component of the GNU Wget download manager is related to insecure behavior in which data that should hav...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-2849 DESCRIPTION: Vim is vulnerable to a heap-based buffer...

CVE-2024-8096

...

RLSA-2024:6986 Low: nano security update

GNU nano is a small and friendly text editor. Security Fixes: nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742 For more details about the security issues, including the impact, a CVSS scor...

nano security update

An update is available for nano. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNU nano is a small and friendly text editor. Security Fixes: nano: running chmo...

IcedTea: Multiple Vulnerabilities

Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers...

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2022-23219]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-23219 Vulnerability Details CVEID:CVE-2022-23219 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based buffer overflow, caused by...

Old Vulnerability Rated 9.9 Impacts All GNU/Linux Systems, Researcher Claims

A researcher claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers…...