CVE-2026-23456

A flaw was found in the Linux kernel's netfilter H.323 connection tracking module. A remote attacker could exploit this vulnerability by sending a specially crafted H.323/RAS H.323 Registration, Admission, and Status packet. The system's processing of these packets could lead to an out-of-bounds...

CVE-2024-53983 Server-side request forgery in Backstage Scaffolder plugin

The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection SSTI can be exploited to perform Git config injection. The vulnerability allows an...

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download Vulnerabilities

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass...

Johnson Controls exacqVision Server web service

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Web Service Vulnerability : Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Warning issued over vulnerability in cardiac device monitoring software

The Cybersecurity and Infrastructure Security Agency CISA has issued a warning about a vulnerability that could result in remote code execution or a denial-of-service DoS condition impacting a healthcare delivery organizations Paceart Optima system. Paceart Optima is a software application that...

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA has published three Industrial Control Systems ICS advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's...

USN-5380-1: Bash vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges. Update...

Security Bulletin:CVE-2021-44228: MobileIron Remote code injection in Log4j

Affected Versions --- MobileIron Core below Core 11.5 Mobileiron Sentry Sentry 9.13 and 9.14 only Core Connector All Versions Reporting Database RDB All Versions Please Note Ivanti has tested the mitigation for the vulnerability on supported versions of the product. While it may be possible to...

CVE-2021-3928

A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Do not run...

Johnson Controls Sensormatic Electronics American Dynamics victor Web Client and Software House C•CURE Web Client (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Low skill level to exploit Vendor : Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment : American Dynamics victor Web Client Vulnerability : Improper Authorization 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

CVE-2017-12173

It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve...

Siemens Reyrolle

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Reyrolle Vulnerabilities: Missing Authorization, Improper Input Validation, Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the following Reyrolle...

F5 TLS vulnerability (CVE-2016-9244) (Ticketbleed)

Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...

Finding Ticketbleed

Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...

Siemens APOGEE Insight Incorrect File Permissions Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-082-01 Siemens APOGEE Insight Incorrect File Permissions Vulnerability that was published March 22, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Siemens has identified an...