546 matches found
Vulnerabilities fixed in Fortinet FortiMail
Fortinet has fixed vulnerabilities in FortiMail. A malicious party can exploit the vulnerability with reference CVE-2023-45582 exploited to gain brute-force access to the mail environment. The vulnerability with reference CVE-2023-36633 allows an authenticated malicious person to gain access to...
Vulnerability fixed in Cisco Meeting Server
Cisco has fixed a vulnerability in Meeting Server. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service. Cisco has released updates to fix the vulnerability in Meeting Server. For more information, see:...
Vulnerabilities fixed in VMware Tools
VMware has fixed vulnerabilities in VMware Tools. A malicious person with access to a guest system in which VMWare Tools are installed can exploit the vulnerabilities to give themselves elevated privileges and thus potentially execute code with elevated privileges. VMware has released updates to...
Vulnerability fixed in Roundcube Webmail
Roundcube has fixed a vulnerability in Roundcube Webmail. A malicious party could exploit the vulnerability to launch a Stored Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim and access sensitive data in the context of the victim's...
Vulnerabilities fixed in OTRS
OTRS developers have fixed vulnerabilities in OTRS. An authenticated malicious person could exploit the vulnerabilities to launch a cross-site scripting attack. In addition, a malicious party can bypass security measures using an invalid certificate. OTRS has released updates to fix the...
Vulnerability fixed in Cisco IOS XE
Cisco has fixed a vulnerability in IOS XE. This vulnerability allows an unauthenticated malicious person to remotely create an account - with access level 15 - on an affected device. Through that account, full control over the affected device. As mitigating measures, Cisco makes the following...
Vulnerability fixed in FortiManager and FortiAnalyzer
FortiNet has fixed a vulnerability in FortiManager and FortiAnalyzer. The vulnerability involves a "relative path traversal" vulnerability in FortiManager and FortiAnalyzer and could allow a remote malicious party to execute unauthorized code. execute. FortiNet has released updates to fix the...
Vulnerabilities fixed in FortiOS
FortiNet has fixed vulnerabilities in FortiOS. The vulnerabilities are located in the management environment and allow an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, execute arbitrary code on the...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Business Objects, SAP HANA, SAP Netweaver and SAP PowerDesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSR...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party can exploit the exploit the vulnerabilities to execute arbitrary code with application privileges, perform a denial-of-service DoS or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2. For more...
Vulnerability fixed in IBM License Metric Tool
A vulnerability has been fixed in IBM License Metric Tool A malicious party can send a specially crafted URL request with "dot dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Rockwell Automation FactoryTalk
Rockwell has fixed a vulnerability in Factory Talk View Machine Edition. An unauthenticated malicious person could exploit the exploit the vulnerability to execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to the production network...
Vulnerability fixed in Roundcube webmail
A vulnerability has been fixed in Roundcube webmail. A malicious party can exploit the vulnerability for a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. victim...
Vulnerabilities fixed in Progress MOVEit Transfer
Progress has fixed vulnerabilities in MOVEit Transfer. The vulnerabilities labeled CVE-2023-40043 and CVE-2023-42660 can be be exploited by an authenticated malicious person to gain access to sensitive data via an SQL injection to gain access to sensitive data. Misuse of the vulnerability with...
Vulnerability fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person could exploit the vulnerability to execute pipelines with the privileges of an arbitrary user to execute pipelines. When this arbitrary user has elevated privileges, execution of code wit...
Vulnerability fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed a vulnerability in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. It is possible that by executing code, access can be gained to sensitive data in the victim's context. Successful exploitation requires...
Vulnerabilities fixed in Hewlett Packard OneView
Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass authentication and gain access to sensitive data. HPE has released updates to fix the vulnerabilities in OneView 8.5 and 6.60.05. For more...
Zeroday vulnerability fixed in Google Chrome
Google has fixed a Zeroday vulnerability in Chrome. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code on the underlying operating system with permissions from the victim. If the victim's privileges are high enough are high enough, this allows the...
Vulnerabilities fixed in Sophos Unified Threat Management (UTM)
Sophos has fixed vulnerabilities in Unified Threat Management UTM. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with application privileges. Sophos has released updates to fix the vulnerabilities in UTM 9.716. For more...
Vulnerability fixed in AMD Zen 2 platform
AMD has fixed a vulnerability in its Zen 2 platform. The involves a hardware vulnerability that allows a malicious person to able to read out part of the processor memory. The malicious party could theoretically use this to gain access to sensitive information, such as key material. Because this ...