Hitachi Energy RTU500 Product Incomplete List of Disallowed Inputs (CVE-2026-1773)

IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of...

CVE-2026-1773

IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates...

Linux Distros Unpatched Vulnerability : CVE-2024-26142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatc...

UBUNTU-CVE-2024-11218

A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...

HP ThinPro 8.1 SP 2 Security Updates

Previous versions of HP ThinPro prior to HP ThinPro 8.1 SP 2 could potentially contain security vulnerabilities. HP has released HP ThinPro 8.1 SP 2, which includes updates to mitigate potential vulnerabilities. All of the identified vulnerabilities listed above were addressed and fixed as part o...

HP ThinPro 8.0 SP 7 Security Updates

Previous versions of HP ThinPro prior to HP ThinPro 8.0 SP7 could potentially contain security vulnerabilities. HP has released HP ThinPro SP7, which includes updates to mitigate potential vulnerabilities. All of the identified vulnerabilities listed above were addressed and fixed as part of Thin...

DRUPAL-CONTRIB-2024-005

Open Social is a Drupal distribution for online communities. The included optional social\group\flexible\group module doesn't sufficiently validate group updates. The lack of validation makes it possible to have content inside the group changing it's visibility, which could lead to that content...

OpenFeature Operator vulnerable to Cluster-level Privilege Escalation

Impact On a node controlled by an attacker or malicious user, the lax permissions configured on open-feature-operator-controller-manager can be used to further escalate the privileges of any service account in the cluster. The increased privileges could be used to modify cluster state, leading to...

SUSE CVE-2017-17850

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...

Mageia: Security Advisory (MGASA-2021-0140)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-3486 ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1

Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1...

Cross site scripting

Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7...

CVE-2019-3481

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7...

CVE-2019-3484

Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7...

CVE-2019-3480

Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7...

CVE-2019-3479

Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7...

CVE-2018-12480

The CVE-2018-12480 entry concerns a cross-site scripting (XSS) vulnerability in Micro Focus NetIQ Access Manager prior to version 4.4 SP3. The provided documents indicate the issue affects NetIQ Access Manager and is mitigated by upgrades to 4.4 SP3 or later, but do not detail the root cause beyo...

Windows DNS Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global...

Bugged Smart Contract FuturXE: How Could Someone Mess up with Boolean? (CVE-2018–12025)

Recently SECBIT team found a serious bug about the if condition in a deployed ERC20 smart contract called FuturXE FXE and here is the bugged part: //Function for transer the coin from one address to another function transferFromaddress from, address to, uint value returns bool success //checking...

DEBIAN-CVE-2017-17850

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...