Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Oracle Fusion Middleware components. The vulnerabilities allow unauthenticated attackers to access critical data over HTTP, which can lead to partial denial-of-service. The severity of these vulnerabilities is underscored by CVSS scores of 7.5, indicating...

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS and iPadOS. A malicious party could exploit the vulnerabilities to execute arbitrary code with user privileges, potentially gaining access to sensitive data. Apple reports having information that the vulnerabilities have been limited and highly target...

Apple users: Update your devices now to patch zero-day vulnerability

Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS. Apple said: "A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against...

Vulnerabilities fixed in Oracle Financial Services

Oracle has fixed several vulnerabilities in Financial Services and components. The vulnerabilities allow unauthenticated attackers to gain access to critical data and compromise system integrity. Specific vulnerabilities can lead to compromise of confidentiality, integrity and availability, with...

Vulnerabilities fixed in Cisco IP phones

Cisco has fixed vulnerabilities in the firmware of several IP Phone systems. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data on the vulnerable device and thus potentially manipulate phone calls. Cisco has released updates to fix t...

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to bypass security measures to allow traffic pass through traffic that was not initially authorized. Juniper has release...

Vulnerability fixed in SonicWall SSL-VPN products

SonicWall has fixed a vulnerability in SMA 100 series SSL VPNs. An authenticated malicious party can exploit the vulnerability exploit the vulnerability to establish a link to the mobile MFA device of another user and thus potentially gain access to sensitive data in the victim's context. SonicWa...

Vulnerability fixed in Adobe InCopy

Adobe has fixed a vulnerability in InCopy. A malicious person could exploit the vulnerability to execute arbitrary code with privileges of the victim. For successful abuse, the malicious party must trick the victim into opening a rogue file. Adobe has released updates to fix the vulnerability in...

Vulnerability fixed in Citrix Sharefile and Content Collaboration

Citrix has fixed a vulnerability in the StorageZones Controller as in use with Sharefile and Content Collaboration. A malicious party could exploit the vulnerability to gain access gain access to sensitive data. Citrix has released updates to fix the vulnerability in Sharefile and Content...

Vulnerabilities fixed in Aveva products

Aveva has fixed vulnerabilities in inTouch, PlantScada and Telemery Server. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to system...

Vulnerability fixed in Esri ArcGIS Server

A vulnerability has been fixed in Esri ArcGis Server. This vulnerability allows an unauthenticated malicious person through path traversal to view system information from the server on which the application is running. Esri has released updates to fix the vulnerability. For more information, see:...

Vulnerabilities fixed in VMware vCenter

VMware has fixed vulnerabilities in vCenter server. A malicious party on the local network, with access to port 443 could exploit the vulnerabilities to gain access to sensitive data. VMware did not release further details. VMWare has released updates to fix the vulnerabilities in vCenter server...

Vulnerabilities fixed in Cisco Content Security Management Appliance

Vulnerabilities have been fixed in several Cisco security appliances. A malicious party could exploit the vulnerability to obtain sensitive information or to execute commands execute commands on the underlying system under root privileges. To exploit this latter vulnerability, the malicious party...

Vulnerabilities fixed in Juniper Networks Junos OS

Juniper Networks has fixed vulnerabilities in Junos OS. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to cause a denial-of-service. Juniper Networks categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 7.5. Juniper Networ...