545 matches found
Apple users: Update your devices now to patch zero-day vulnerability
Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS. Apple said: "A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against...
Vulnerabilities fixed in Oracle Financial Services
Oracle has fixed several vulnerabilities in Financial Services and components. The vulnerabilities allow unauthenticated attackers to gain access to critical data and compromise system integrity. Specific vulnerabilities can lead to compromise of confidentiality, integrity and availability, with...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle fixed vulnerabilities in Oracle Enterprise Manager A malicious party could exploit the vulnerabilities to gain access to sensitive data or cause a Denial-of-Service. Oracle has released updates to fix the vulnerabilities. See attached references for more information...
Oracle Java SE Security Update (Jan 2025) - Linux
Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Ivanti Connect Secure Specific for versions prior to 22.7R2.4 and Policy Secure Specific for versions prior to 22.7R1.2. The vulnerabilities are in the Secure Application Manager component and the IPSEC component of Ivanti Connect Secure and Policy Secure and d...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed several vulnerabilities in Acrobat Reader including versions up to and including 24.005.20307. The vulnerabilities include a Use After Free vulnerability that can lead to arbitrary code execution and denial-of-service. All vulnerabilities require user interaction for exploitation,...
Vulnerability fixed in Adobe After Effects
Adobe has fixed a vulnerability in Adobe After Effects Specifically for versions 24.6.2, 25.0.1 and earlier. The vulnerability is in the way Adobe After Effects handles files. When a user opens a maliciously crafted file, it can cause a buffer overflow, which can result in the execution of...
Vulnerabilities fixed in Adobe InDesign Desktop
Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID19.5, ID18.5.4 and earlier. The vulnerabilities include stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read, all of which can lead to code execution when a user opens a malicious file. Thes...
Vulnerability fixed in Adobe Framemaker
Adobe has fixed a vulnerability in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerability is in the way Adobe Framemaker handles files. A malicious party can exploit this vulnerability by creating a malicious file and allowing it to be opened, which can lead to...
Vulnerabilities fixed in Drupal Core
Drupal has fixed vulnerabilities in Drupal Core Specifically for versions 7.0 to 7.102, 8.0.0 to before 10.2.11, 10.3.0 to before 10.3.9, and 11.0.0 to before 11.0.8. The vulnerabilities in Drupal Core are related to privilege escalation and deserialization of untrusted data, which can lead to...
Important Photon OS Security Update - PHSA-2024-5.0-0419
Updates of 'postgresql13', 'postgresql15', 'postgresql14' packages of Photon OS have been released...
Vulnerabilities fixed in VMware Aria Operations
VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include local privilege escalation and stored cross-site scripting XSS. Local privilege escalation allows an attacker with local administrative privileges to increase their access to the root user level on the device,...
Vulnerabilities fixed in Apple macOS and Safari
Apple has fixed several vulnerabilities in macOS and Safari. Two vulnerabilities CVE-2024-44308 & CVE-2024-44309 in present in macOS Sequoia and Safari 18.1.1 can lead to execution of arbitrary code. Apple indicates that active exploits of these vulnerabilities have been taking place on Intel-bas...
Vulnerability fixed in Trend Micro Deep Security
Trend Micro has fixed a vulnerability in Trend Micro Deep Security. The vulnerability is in the Trend Micro Deep Security 20 Agent and allows malicious actors with legitimate domain access to elevate privileges and potentially execute arbitrary code. Trend Micro has released updates to fix the...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Specifically for versions 24.7.3, 25.11 and earlier. The vulnerability is in the way Adobe Photoshop handles certain files. A malicious party could exploit this vulnerability by tricking a user into opening a malicious file, which could lead to the...
CVE-2021-1464
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input...
CVE-2022-20931
A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could...
CVE-2022-20654
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based...
CVE-2022-20631
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2022-20626
A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device. This vulnerability i...