ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Config Download Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

K000148650: Intel processor vulnerabilities CVE-2024-22185 and CVE-2024-24985

Security Advisory Description CVE-2024-22185 Time-of-check Time-of-use Race Condition in some IntelR processors with IntelR ACTM may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-24985 Exposure of resource to wrong sphere in some IntelR processor...

CVE-2024-34164

Uncontrolled search path element in some IntelR MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-28952

Uncontrolled search path for some IntelR IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-28028

Improper input validation in some IntelR Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access...

CVE-2024-38383

Intel® Quartus® Prime Pro Edition software for Windows before version 24.2 is affected by CVE-2024-38383 due to an uncontrolled search path, which may let an authenticated user escalate privileges via local access. Intel’s advisory recommends updating to version 24.2 or later to mitigate, with a ...

CVE-2024-21799

Path traversal for some IntelR Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-28950

Uncontrolled search path for some IntelR oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-28950

Uncontrolled search path for some IntelR oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-32485

Improper Input Validation in some IntelR VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2024-29085

Improper access control for some BigDL software maintained by IntelR before version 2.5.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access...

CVE-2024-28952

Uncontrolled search path for some IntelR IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

ABB Cylon Aspect 3.08.00 Off-By-One

ABB Cylon Aspect 3.08.00 logMix/YumLookup.php Off-by-One Error in Log Parsing Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Reflected XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy manageme...

ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring...

ABB Cylon Aspect 3.08.01 getApplicationNamesJS.php Building/Project Name Exposure

ABB Cylon Aspect 3.08.01 getApplicationNamesJS.php Building/Project Name Exposure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building...

ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure

ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: 3.08.02 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution Vulnerability

ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to perform network operations such as ping, traceroute, or nslookup on arbitrary hosts or IPs by sending a crafted GET request to networkDiagAjax.php. This could be exploited to interact with or probe internal or external systems...

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection

ABB Cylon Aspect 3.08.00 yumSettings.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...