1072 matches found
PT-2025-32853
Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio 2022 versions prior to 17.14.12 Description Improper neutralization of special elements used in a command, known as command injection, in GitHub Copilot and Visual Studio allows an...
Cisco ISE 安全漏洞
Cisco ISE is a NAC solution from Cisco, Inc. It is used to manage access to network resources by endpoints, users, and devices in a zero-trust architecture. A security vulnerability exists in Cisco ISE that stems from unverified administrator privileges on the server side, which could lead to...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to version 7.5.0 Update Package 12. The vulnerabilities include an ability for an authorized user to modify critical configuration files, which could lead to uploading malicious autoupdate files and executing arbitrary commands within the...
Fedora 42 : kea (2025-dc6ec0a8e2)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-dc6ec0a8e2 advisory. - New version 2.6.3 rhbz2368989 - Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803 - kea.conf: Remove /tmp/ from socket-name for existing...
kea: Insecure handling of file paths allows multiple local attacks
A vulnerability was found in the Kea package. If an attacker has access to a local user account and the Kea API entry points are not secured, the attacker may use the API to modify Kea's configuration files or overwrite any system's file which a Kea running user has write access. This may be...
CVE-2024-35295
A vulnerability has been identified in Perfect Harmony GH180 All versions = V8.0 V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025. The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an...
CVE-2024-35295
A vulnerability has been identified in Perfect Harmony GH180 All versions = V8.0 V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025. The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an...
CVE-2024-35295
CVE-2024-35295 affects Perfect Harmony GH180 versions V8.0–V8.3.3 with the NXGPro+ controller (manufactured 2020–2025). The maintenance connection fails to protect access to the device configuration, enabling a physically proximate attacker with access to the maintenance port to perform arbitrary...
CVE-2024-35295
A vulnerability has been identified in Perfect Harmony GH180 All versions = V8.0 V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025. The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an...
Siemens SINAMICS PERFECT HARMONY GH180 访问控制错误漏洞
The Siemens SINAMICS PERFECT HARMONY GH180 is a high-voltage AC inverter from Siemens Germany. An access control error vulnerability exists in the Siemens SINAMICS PERFECT HARMONY GH180 versions prior to V8.0 through V8.3.3, which stems from improper access control of the maintenance connection a...
PT-2025-25183 · Unknown · Perfect Harmony Gh180
Name of the Vulnerable Software and Affected Versions: Perfect Harmony GH180 versions V8.0 through V8.3.3 Description: A security issue has been identified where the maintenance connection of affected devices does not protect access to the device's control unit configuration. This could allow an...
PT-2025-24675 · Siemens · Scalance Xcm328 +20
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RST2428P versions prior to V3.2 SCALANCE XC316-8 versions prior to V3.2 SCALANCE XC324-4 versions prior to V3.2 SCALANCE XC324-4 EEC versions prior to V3.2 SCALANCE XC332 versions prior to V3.2 SCALANCE XC416-8 versions prior to V3....
PT-2025-24671 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.25.6 GeoServer versions prior to 2.26.3 Description: The issue allows bypassing the default REST API security, enabling access to the index page. This is possible because the REST API security does not handle...
CVE-2025-20286
A vulnerability in Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI cloud deployments of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configuration...
Security update for bind
This update for bind fixes the following issues: Update to version 9.20.9. Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG bsc1243361. CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS...
PT-2025-23191 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 12.1.0 through 12.1.1 Description: The issue is related to a denial of...
CVE-2024-28815
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system...
CVE-2024-22062
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration...
CVE-2024-46463
By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ORIZON has to be modified to prevent this vulnerability...
CVE-2023-39695
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out...