RockyLinux 9 : libtiff (RLSA-2025:20956)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20956 advisory. libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8176 libtiff: Libtiff Write-What-Where CVE-2025-9900 Tenable has extracted the preceding...

Security Updates for Microsoft Excel Products C2R (January 2026)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by the following vulnerabilities: - Multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. CVE-2026-20946, CVE-2026-20950...

CVE-2026-20956

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2026-20956

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2023-20956

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

CVE-2025-20956 corresponds to a vulnerability in Galaxy Watch Settings where improper export of Android application components enables physical attackers to access developer settings. The PT Security entry specifies Galaxy Watch versions prior to SMR May-2025 Release 1 as affected and recommends ...

CVE-2022-20956

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected...

CVE-2024-20956

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Installation. Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2024-20956

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Installation. Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2024-20956

CVE-2024-20956 affects Oracle Agile Product Lifecycle Management for Process (Installation component) prior to version 6.2.4.2. The root cause is insufficient input validation in the Installation component, enabling an unauthenticated, network-accessible attacker (via HTTP) to perform unauthorize...

CVE-2024-20956

...

CVE-2024-20956

creationtimestamp| type| source ---|---|--- 2024-02-10 10:11:52+00:00| seen| https://t.me/ctinow/182509...

CVE-2023-20956

The CVE-2023-20956 entry affects Android 12–13 and is due to an out-of-bounds write in C2SurfaceSyncObj.cpp caused by a missing bounds check. This leads to potential local information disclosure with System-level privileges required; exploitation does not require user interaction. Public referenc...

CVE-2023-20956

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L...

CVE-2022-20956

creationtimestamp| type| source ---|---|--- 2022-11-07 13:16:19+00:00| seen| https://t.me/truesecator/3668...

CVE-2022-20956

Cisco Identity Services Engine (ISE) exposes a vulnerability in its web-based management interface where improper access control could allow an authenticated remote attacker to bypass authorization and access system files. The issue arises from insufficient access controls in the web UI, enabling...