This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Daily Archives: July 15, 2022
ZDI-22-1015: ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1016: (Pwn2Own) Inductive Automation Ignition Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.
ZDI-22-1017: (Pwn2Own) Inductive Automation Ignition Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-22-1018: (Pwn2Own) Inductive Automation Ignition Missing Authentication for Critical Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.
ZDI-22-1019: (Pwn2Own) Inductive Automation Ignition Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1020: (Pwn2Own) Inductive Automation Ignition ZIP File Insufficient UI Warning Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
DSA-5184 xen – security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in privilege escalation. In addition this updates provides
mitigations for the Retbleed speculative execution attack and the
MMIO stale data vulnerabilities.
DSA-5185 mat2 – security update
A directory traversal vulnerability was discovered in the Metadata
anonymisation toolkit, which could result in information disclosure via
a malformed ZIP archive.
DSA-5182 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK
web engine: