Heap-based buffer overflow in the glibc’s syslog ()
Summary -Heap-based buffer overflow in the glibc’s syslog () We discovered a heap-based buffer overflow in the GNU C Library’s __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022) by the following commit: https://sourceware.org/git?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1…
Cisco Unified Communications Products Remote Code Execution Vulnerability
Summary Affected Products Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Workarounds Additionally, follow the best practices that are…
VMware Releases Security Advisory for Aria Operations
Security Advisory: VMSA-2024-0001 1. Impacted Products 2. Introduction A Missing Access Control vulnerability in Aria Automation has been privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. 3. Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Description: Aria Automation contains…
Multiple Vulnerabilities in Rapid SCADA Pose Serious Threats, Urgent Mitigations Recommended
Executive Summary: Rapid Software LLC’s industrial automation platform, Rapid SCADA, has been found susceptible to multiple critical vulnerabilities, posing significant risks of remote code execution, unauthorized access, and privilege escalation. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory detailing the potential exploits and…
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with administrative privileges to execute arbitrary code on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: 3.2 Vulnerability Overview 3.2.1 ACCEPTANCE OF EXTRANEOUS…
Ubuntu Security Notice USN-6502-1
Packages Details Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleemdiscovered that the InfiniBand RDMA driver in the Linux kernel did notproperly check for zero-length STAG or MR registration. A remote attackercould possibly use this to execute arbitrary code. (CVE-2023-25775) Yu Hao discovered that…
Mitsubishi Electric MELSEC and MELIPC Series (Update G)
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition. Recovery requires a system reset. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MELSEC series CPU modules and MELIPC Series Industrial Computers…
Hitachi Energy eSOMS
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information related to eSOMS application configuration. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected: 3.2 Vulnerability Overview 3.2.1 GENERATION OF ERROR MESSAGE CONTAINING…
Johnson Controls Quantum HD Unity
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to access debug features that were accidentally exposed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls Quantum HD Unity products are affected: 3.2 Vulnerability Overview 3.2.1 ACTIVE DEBUG…
Cisco Identity Services Engine Command Injection Vulnerabilities
Summary Affected Products Details Workarounds Fixed Software Source:
Stay connected