4190 matches found
Vulnerabilities fixed in VMware ESXi and vCenter Server
VMware has fixed vulnerabilities in ESXi and vCenter Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service on the host, or to grant itself elevated privileges to perform actions that the malicious party is not initially authorized to perform. This does require the...
Vulnerabilities fixed in Lenovo notebook BIOS
Vulnerabilities have been found in several Lenovo laptop models by researchers from security firm ESET. These vulnerabilities are Lenovo-specific, a full list of affected Lenovo laptops can be found under "Possible fixes." Two of these vulnerabilities, with attributes CVE-2021-3970 and...
Vulnerability fixed in XWiki
The developers of XWiki have fixed a vulnerability. A malicious person with SCRIPT privileges could exploit the vulnerability to gain access to the server's Instance Manager and thereby create arbitrary Java objects. The developers have released updates to fix the vulnerability fix in XWiki 12.2....
vulnerabilities handled in Microsoft Developer Tools
Microsoft has addressed vulnerabilities in Developer Tools. A malicious actor could exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. Except for the vulnerability in .NET Core, where no prior authentication or user...
Vulnerabilities managed in Ivanti Endpoint Manager
Ivanti has addressed several vulnerabilities in Ivanti Endpoint Manager, specifically in the core server, the agent, and the web console components. These vulnerabilities concern various aspects of Ivanti Endpoint Manager. First, a remotely authenticated attacker can exploit a vulnerable method t...
Vulnerabilities found in Cisco Catalyst SD-WAN Controllers and Managers
Cisco has identified vulnerabilities in the Catalyst SD-WAN Controller and Manager products. Cisco has uncovered four vulnerabilities in these products. These vulnerabilities involve XXE injection, privilege escalation, and authentication bypass. The authentication bypass vulnerability resides in...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities included several problems such as memory corruption, buffer overflow, and post-release usage, which could lead to unauthorized access to sensitive data, unexpected process crashes and other stability issues. The vulnerabilitie...
Vulnerabilities fixed in Oracle Communications products
Oracle has fixed vulnerabilities in Communications products and applications. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...
Vulnerabilities fixed in Fortinet FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerability to cause a denial-of-service, or to reboot the system with a rogue image. To reboot, the malicious party needs prior administrator privileges. Fortinet has released updates to fix the...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics 365. A remote malicious person could exploit the vulnerabilities for a cross-site scripting attack. Such an attack can result in execution of code in the context of the victim's browser and thereby potentially accessing sensitive data. Microsoft...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant himself elevated privileges granted, or to execute arbitrary code with privileges of the victim. To do this, the malicious party must entice t...
Vulnerabilities fixed in FortiOS
Vulnerabilities have been fixed in FortiOS. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to sensitive data Access to system data Fortinet has released updates to...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in the following JD Edwards products: JD Edwards EnterpriseOne Tools JD Edwards World Security The vulnerabilities allow an unauthenticated malicious person potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS...
Vulnerability fixed in Zyxel Firewall and VPN systems
Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...
Vulnerabilities fixed in Cobbler
The Cobbler project has fixed two vulnerabilities. A local malicious party can exploit the vulnerabilities to view configuration files or locally execute arbitrary code execute arbitrary code under the application's permissions. A third vulnerability was also found, CVE-2021-45081. There are...
Vulnerability fixed in VMware vCenter and Cloud Foundation
VMware has fixed a vulnerability in vCenter Server and Cloud Foundation. An authenticated malicious party could, by exploiting this vulnerability obtain elevated privileges on the vulnerable system. The vulnerability is located in the Integrated Windows Authentication IWA authentication mechanism...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed several vulnerabilities in Jira. A unauthenticated remote malicious person can exploit the vulnerabilities exploit them to gain access to information about the system or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code...
Vulnerabilities fixed in Cisco FXOS and NX-OS
Cisco has fixed vulnerabilities in FXOS and NX-OS. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service and to execute arbitrary code under root privileges. Cisco categorizes this vulnerability according to the CVSSv3 method with a score...
Vulnerabilities found in Check Point Remote and Mobile Access VPN-products
Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...
Vulnerabilities found in Ivanti Sentry
Ivanti has identified two vulnerabilities in Sentry. The first vulnerability is rated by Ivanti with a CVSS score of 10. An unauthorized malicious actor can execute arbitrary code with root privileges through this vulnerability. The second vulnerability is rated with a CVSS score of 9.9. This...
Vulnerabilities in Microsoft Windows
Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...
Vulnerabilities in IBM WebSphere Application Server and WebSphere Liberty
IBM has identified vulnerabilities in WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0. These vulnerabilities reside in the Web Server Plug-ins, which are part of the request handling processes of these products. The first vulnerability relates to HTTP request smuggling,...
Vulnerabilities in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code root/admin privileges - Execution of arbitrary code user privileges -...
Vulnerabilities are detected in Fortinet FortiAnalyzer and FortiManager
Fortinet has identified vulnerabilities in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Malicious individuals could exploit these vulnerabilities by executing unauthorized code or deleting files. Specifically, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and...
Vulnerabilities fixed in Fortinet FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. The vulnerabilities include a stack-based buffer overflow that allows authenticated attackers to execute unauthorized code via specially crafted CLI commands. In addition, there are issues with incorrect certificate validation that all...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities in Samsung Mobile The vulnerabilities include an out-of-bounds write and read, as well as a vulnerability in USB connection mode that allows local attackers to gain unauthorized access to user data. These vulnerabiliti...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2 and macOS Tahoe 26.1. The vulnerabilities covered a wide range of issues, including unauthorized access to sensitive user data, race conditions, and logic flaws that could lead to unwanted access or system instability...
Vulnerabilities fixed in Rockwell Automation FactoryTalk
Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine Edition. The vulnerabilities include an authentication bypass that allows unauthorized access to the PanelView Plus 7 Series B file system and diagnostic information. In addition, there is a path-traversal vulnerability tha...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, assign themselves elevated privileges and gain access to sensitive data. Microsoft has since released updates to fix the vulnerabilities marked...
Vulnerabilities fixed in Oracle Database Products
Oracle has fixed vulnerabilities in several Oracle Database Products and subsystems, including Oracle Server, NoSQL, TimesTen, Secure Backup and Essbase. The vulnerabilities allow unauthenticated malicious actors to cause a Denial-of-Service or gain unauthorized access to sensitive data and...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed several vulnerabilities in its Communications products, including Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function and Oracle Communications Order and Service Management. The vulnerabilities allow unauthenticated malicious actors t...
Vulnerabilities fixed in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy. The vulnerabilities include hard-coded cryptographic keys, improper processing of OS commands, and out-of-bounds write and read errors. Attackers can exploit these vulnerabilities to gain...
Vulnerabilities fixed in VMware Aria Operations Networks
VMWare has fixed vulnerabilities in Aria Operations Networks, formerly known as vRealize Network Insight. A malicious party could exploit the vulnerabilities to bypass authentication, or to execute arbitrary code on the underlying system. The most serious vulnerability has been given attribute...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in two Developer Tools. In order to exploit the vulnerabilities, the malicious party must have local access to the development environment. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in several Oracle Fusion Middleware products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights...
Vulnerabilities fixed in IBM SPSS
Several vulnerabilities have been fixed in Spring Framework version 5.3.20 as part of IBM SPSS Collaboration and Deployment Services. The vulnerabilities can be exploited by a malicious be exploited to execute arbitrary code and/or to cause a denial-of-service DoS exploit. These vulnerabilities...
Vulnerabilities fixed in the Linux kernel
Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Increased user privileges The...
Vulnerabilities fixed in Adobe Creative Cloud
Adobe has fixed vulnerabilities in Creative Cloud Desktop Application. A malicious party can exploit the vulnerabilities to injecting system commands which are then executed by the application. Also, the vulnerabilities can be exploited to obtain elevated privileges and to overwrite arbitrary...
Vulnerabilities fixed in Nagios XI
Vulnerabilities have been fixed in Nagios XI. The vulnerabilities allow a malicious person to perform attacks that lead to Cross-Site Scripting XSS and Remote code execution User Rights. Nagios has released updates to fix the vulnerabilities in Nagios XI 5.8.0. For more information, see:...
Serious vulnerabilities fixed in Dell Wyse ThinOS
Vulnerabilities have been fixed in Dell Wyse ThinOS. A malicious person with access to a local FTP server could exploit the vulnerabilities to obtain sensitive information. The malicious party, by accessing this information and the ability to modify configuration files, the entire system. Dell ha...
Vulnerabilities fixed in Microsoft SharePoint
Microsoft is fixing several vulnerabilities in Microsoft SharePoint. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code or to conduct a Cross-Site-Scripting XSS attack. Two of the vulnerabilities in SharePoint can be exploited to execute arbitrary code in th...
Vulnerabilities fixed in Microsoft Developer tools
Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code or to bypass a security measure. Microsoft considers the vulnerability with attribute CVE-2020-16874 to be critical. The vulnerability in...
The vulnerability was concealed in Starlette
There is a vulnerability in Starlette, a Python library for developing web services. Starlette is used by various products, including FastAPI. An unauthorized malicious actor can exploit this vulnerability to bypass authentication checks. This allows the malicious actor to access protected URL...
Vulnerabilities in Oracle Database Server
Oracle has identified vulnerabilities in Oracle REST Data Services versions 24.2.0 to 26.1.0 and Oracle Database Server versions 23.4.0 to 23.26.2. The vulnerabilities in Oracle REST Data Services allow attackers with low privileges and network access via HTTPS to perform various actions without...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed several vulnerabilities in Oracle Communications products, including Cloud Native Core and Policy Management. The vulnerabilities in Oracle Communications products allow unauthenticated attackers to gain unauthorized access to sensitive data and can lead to denial-of-service DoS...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed several vulnerabilities in Android and Samsung Mobile, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The vulnerabilities are in the Android kernel and the ExternalStorageProvider.java, which can lead to local privilege escalation and...
Vulnerabilities fixed in VMware vCenter
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the server. For successful abuse, however, the malicious party must have access to the LAN infrastructure. VMware has...
Vulnerabilities fixed in Microsoft System Center
Microsoft has fixed vulnerabilities in System Center. A malicious party could exploit the vulnerabilities to gain elevated permissions or gain access to sensitive data. For successful abuse, the malicious party needs local access. Open Management Infrastructure:...
Vulnerabilities fixed in Adobe Bridge and Photoshop
Adobe has fixed vulnerabilities in Photoshop and Bridge. A malicious party could exploit the vulnerabilities to execute attacks that could lead to the execution of arbitrary code with the victim's privileges. In order for the code to be executed in order for the code to be executed, the malicious...