Vulnerabilities in Oracle JD Edwards EnterpriseOne

Oracle has identified several vulnerabilities in Oracle JD Edwards EnterpriseOne, including the modules Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing, specifically for versions 9.2.0.0 to 9.2.26.2. These vulnerabilities enable attackers ...

Vulnerability handling in Oracle PeopleSoft Enterprise PeopleTools

Oracle has identified a vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. This vulnerability allows unauthorized attackers to exploit the system via HTTP remotely. This can lead to remote code execution, which may result in the complete takeover of the system. The...

Vulnerabilities found in Ivanti Sentry

Ivanti has identified two vulnerabilities in Sentry. The first vulnerability is rated by Ivanti with a CVSS score of 10. An unauthorized malicious actor can execute arbitrary code with root privileges through this vulnerability. The second vulnerability is rated with a CVSS score of 9.9. This...

Vulnerabilities in Adobe InDesign Desktop Applications

Adobe has identified several vulnerabilities in Adobe InDesign Desktop versions 21.3, 20.5.3, and earlier versions. These vulnerabilities lie in the way Adobe InDesign Desktop processes malicious files. There are stack-based and heap-based buffer overflow vulnerabilities that can lead to memory...

Vulnerabilities managed in Ivanti Endpoint Manager Mobile

Ivanti has identified several vulnerabilities in Ivanti Endpoint Manager Mobile. These vulnerabilities include an OS command injection vulnerability, where a remote attacker can execute arbitrary operating system commands with root privileges. Additionally, there is a vulnerability due to incorre...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Building X, COMOS, Energy Services, Gridscale X, NX, RUGGEDCOM, SICAM, SIMATIC, SINEC, SINEMA, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to launch attacks that could result in the following...

Vulnerability fixed in WatchGuard Fireware OS

WatchGuard has fixed a vulnerability in Fireware OS Specific to certain VPN configurations. The vulnerability is in the way Fireware OS handles Out-of-bounds Write. This allows a malicious, unauthenticated attacker to execute arbitrary code. This could lead to serious consequences for affected...

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities are in Veeam Backup & Replication's Mount service and Backup Server, both of which are vulnerable to remote code execution RCE by authenticated domain users. This can lead to unauthorized access and manipulation of...

Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities

Multiple vulnerabilities in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. These vulnerabilities exist...

Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input...

Vulnerabilities fixed in Trend Micro Apex One and Apex Central

Trend Micro has fixed vulnerabilities in Apex One and Apex Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Trend Micro has released updates to fix the vulnerabilities. See attached...

Vulnerabilities fixed in Ivanti Workspace Control

Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...

Vulnerability fixed in Siemens SiPass Integrated

Siemens has fixed a vulnerability in SiPass Integrated. The vulnerability is in the server applications of the SiPass Integrated system, specifically in the way it handles out-of-bounds reads. This can lead to a denial-of-service DoS, compromising the availability of services that depend on the...

Vulnerability fixed in Synology Replication Service and Synology Unified Controller

Synology has fixed a vulnerability in Synology Replication Service and Synology Unified Controller. The vulnerability is located in an off-by-one flaw in the Synology Replication Service and Synology Unified Controller, which allows remote attackers to execute arbitrary code. This can lead to...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter and Tecnomatix. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed several vulnerabilities in its products, including Oracle Fusion Middleware, Oracle WebLogic Server, and Oracle HTTP Server. The vulnerabilities are in several Oracle products, including Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, which allow unauthenticated...

Vulnerability fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS processes specially crafted DNS packets from attackers. This can lead to a device reboot and, on repeated attempts, the firewall can enter maintenance mode. Palo Alto says it has received reports from...

CVE-2022-20814

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

Vulnerabilities fixed in Zimbra

Synacor has fixed vulnerabilities in Zimbra Collaboration. By sending a specially prepared e-mail to the SMTP server, code execution can be obtained directly on the Zimbra server that can be used, for example, to place a webshell. Researchers have published Proof-of-Concept code that demonstrates...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Questa/ModelSIM, RUGGEDCOM, SENTRON, SIMATIC, SINEC, Tecnomatix and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS...