546 matches found
CVE-2022-20626
A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device. This vulnerability i...
Vulnerability fixed in Schneider Electric Ecostruxture
Schneider Electric has fixed a vulnerability in the Ecostruxture Gateway. A malicious party could exploit the vulnerability to take over the gateway to gain access to the Ecostruxture landscape in use. For successful abuse, the malicious party must have access to the production environment. It is...
Vulnerabilities fixed in Fortinet FortiClient
Fortinet has fixed vulnerabilities in FortiClient for Windows and macOS. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary commands on the system. Fortinet has released updates to fix the vulnerabilities. See attached references for...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. A malicious party can exploit the vulnerabilities to bypass security measures to route traffic to and through the system that is not initially authorized, or cause a denial-of-service. Palo Alto has released updates to address the...
Vulnerabilities fixed in Citrix Session Recording
Citrix fixed vulnerabilities in Citrix Session Recording A malicious person with limited privileges could exploit the vulnerabilities to gain access to service accounts and execute arbitrary code on the server. Researchers have published Proof-of-Concept code demonstrating the vulnerability with...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco fixed vulnerabilities in Identity Services Engine ISE The vulnerabilities are located in the management interface and allow a malicious person to perform a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive...
Vulnerabilities fixed in Aruba Networks ArubaOS
Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the underlying operating system. For successful abuse, the malicious party must have access to the management interface, or command-line. It is good practice n...
Vulnerability fixed in Cisco Catalyst access points
Cisco has fixed a vulnerability in the Unified Industrial Wireless Software for Catalyst Heavy Duty Access Points. A malicious party could exploit the vulnerability to execute arbitrary commands on the underlying operating system without prior authentication. The vulnerability is located in the...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious party can exploit the most serious vulnerability CVE-2024-10487 to execute arbitrary code on the system on which the browser is installed via an out-of-bounds write. To do this, the victim only needs to visit an infected website or website...
Vulnerabilities fixed in Cisco Adaptive Security Appliance and Firepower Threat Defense
Cisco has fixed vulnerabilities in Adaptive Security Appliance ASA and Firepower Threat Defense FTD. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service on the system, disrupting the underlying service, bypassing implemented security measures to enable unauthorized...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in E-Business Suite. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Oracle has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in MySQL. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to access and potentially manipulate sensitive data in the database. Oracle has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in Enterprise Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code User privileges - Execution of arbitrary code Administrator...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed vulnerabilities in several Communications products and systems. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Execution of arbitrary code User Rights -...
Vulnerabilities fixed in Palo Alto Expedition
Palo Alto has fixed vulnerabilities in Expedition. A malicious party could exploit the vulnerabilities to remotely execute arbitrary code, without prior authentication, on the system running Expedition, potentially obtaining login credentials and API keys. Expedition is a migration tool to conver...
Vulnerability fixed in Ivanti Endpoint Manager Mobile
Ivanti has fixed a vulnerability in Endpoint Manager Mobile. A locally authenticated malicious party could exploit the vulnerability to obtain read and write permissions to sensitive configuration files. Ivanti has released updates to fix the vulnerability in Endpoint Manager Mobile. See the...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. VoieOver does not appear to handle sensitive data correctly, making it possible to use VoiceOver to have recently stored passwords read aloud. Apple has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges...
Vulnerability fixed in Rockwell Automation FactoryTalk View Site
Rockwell Automation has fixed a vulnerability in FactoryTalk View Site. A malicious party could exploit the vulnerability to execute arbitrary code in the application, in the victim's context, using a Cross-Site Scripting attack. For successful exploitation, the malicious party must have access t...
Vulnerability fixed in Rockwell Automation ThinManager
Rockwell Automation has fixed a vulnerability in ThinManager. A malicious party could exploit the vulnerability to install software on the vulnerable system to execute arbitrary code. Rockwell Automation has released updates to fix the vulnerability. See attached references for more information...