CyberAlerts

CVE-2024-6784

Description: Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-6516

Cross Site Scripting XSS

Description: Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-6515

unauthorized file access

Description: Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-6298

remote code execution

Description: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

CVSS: CRITICAL (9.4)

EPSS Score: 0.09%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-6260

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability

Description: Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Malwarebytes service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22321.

CVSS: HIGH (7.0)

EPSS Score: 0.05%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its...

Description: Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

CVSS: LOW (3.8)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-6209

unauthorized file access

Description: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized

CVSS: CRITICAL (9.4)

EPSS Score: 0.09%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Description: Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

CVSS: LOW (3.8)

EPSS Score: 0.04%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-5513

Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Description: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22044.

CVSS: HIGH (7.8)

EPSS Score: 0.08%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-5511

Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Description: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22020.

CVSS: HIGH (7.8)

EPSS Score: 0.07%

Source: CVE

December 6th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-6784	SSRF Server Side Request Forgery Description: Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-6516	Cross Site Scripting XSS Description: Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-6515	unauthorized file access Description: Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-6298	remote code execution Description: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely CVSS: CRITICAL (9.4) EPSS Score: 0.09% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-6260	Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability Description: Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Malwarebytes service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22321. CVSS: HIGH (7.0) EPSS Score: 0.05% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-6219	Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its... Description: Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. CVSS: LOW (3.8) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-6209	unauthorized file access Description: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized CVSS: CRITICAL (9.4) EPSS Score: 0.09% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-6156	Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. Description: Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. CVSS: LOW (3.8) EPSS Score: 0.04% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-5513	Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability Description: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22044. CVSS: HIGH (7.8) EPSS Score: 0.08% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-5511	Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability Description: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22020. CVSS: HIGH (7.8) EPSS Score: 0.07% Source: CVE December 6th, 2024 (5 months ago)