CVE-2022-25768

CVE-2022-25768 (Mautic) concerns improper access control in the UI upgrade process. The cited failure is that the upgrade UI lacks permission verification, potentially allowing an attacker to view the Mautic version number or run parts of the upgrade without authorization. Affected context is the...

PT-2024-11534 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.13 Mautic versions prior to 5.1.1 Description: The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to the patc...

GHSA-WH2W-39F4-RPV2 Hyperledger Indy's update process of a DID does not check who signs the request

Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...

(0Day) Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam

A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This...

CVE-2024-39872

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate...

CVE-2024-39872

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate...

Siemens SINEMA Remote Connect Server 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server due to an affected applicatio...

Siemens TIA Administrator Arbitrary File Write Vulnerability

TIA Administrator is a web-based framework that merges different functional modules to accomplish administrative tasks as well as to manage SIMATIC software and licenses. An arbitrary file write vulnerability exists in Siemens TIA Administrator, which can be exploited by an authenticated attacker...

CVE-2023-38533

A vulnerability has been identified in TIA Administrator All versions V3 SP2. The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process...

CVE-2023-38533

Siemens TIA Administrator (

CVE-2023-38533

A vulnerability has been identified in TIA Administrator All versions V3 SP2. The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process...

CVE-2023-38533

A vulnerability has been identified in TIA Administrator All versions V3 SP2. The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process...

Siemens TIA Administrator 安全漏洞

TIA Administrator is a web-based framework that merges different functional modules to accomplish administrative tasks as well as to manage SIMATIC software and licenses. An arbitrary file write vulnerability exists in Siemens TIA Administrator, which can be exploited by an authenticated attacker...

Siemens TIA Administrator

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-29149

An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8NOE-R300.1.40.12.4180 and SIP deskphones through 86x8SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmwar...

CVE-2024-29149

An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8NOE-R300.1.40.12.4180 and SIP deskphones through 86x8SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmwar...

PT-2024-22765 · Alcatel Lucent · Alcatel-Lucent Ale Noe Deskphones +1

Name of the Vulnerable Software and Affected Versions: Alcatel-Lucent ALE NOE deskphones versions 86x8 NOE-R300.1.40.12.4180 and earlier Alcatel-Lucent ALE SIP deskphones versions 86x8 SIP-R200.1.01.10.728 and earlier Description: An issue was discovered due to a time-of-check time-of-use...

CVE-2023-32156

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in ord...

CVE-2023-32156 Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in ord...