4190 matches found
Vulnerability fixed in Elasticsearch and Kibana
Vulnerabilities have been fixed in Elasticsearch and Kibana. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Increased user privileges Elastic has made updates...
Vulnerability fixed in Microsoft Malware Protection Engine
Microsoft has fixed a vulnerability in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. The vulnerabilities allow a malicious person to execute arbitrary code. The following table lists the vulnerabilities...
Vulnerabilities fixed in Cisco Expressway Series and TelePresence Video Communication Server
Vulnerabilities have been fixed in Cisco Expressway Series and TelePresence Video Communication Server. The vulnerabilities allow an authenticated remote malicious person to execute arbitrary code to execute under user privileges and under root privileges. Cisco has released updates to fix the...
Vulnerabilities fixed in ElasticSearch
Elastic has fixed vulnerabilities in the Elastic Stack. A authenticated malicious person could exploit the vulnerabilities to obtain sensitive information or bypass a security measure. The vulnerabilities are located in Elasticsearch itself and in the Elastic App Search API. Elastic has released...
Vulnerabilities fixed in Oracle Fusion Middleware products
Oracle has fixed vulnerabilities in several products in the Oracle Fusion product group. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Remot...
Vulnerabilities fixed in Cisco Content Security Management Appliance
Vulnerabilities have been fixed in several Cisco security appliances. A malicious party could exploit the vulnerability to obtain sensitive information or to execute commands execute commands on the underlying system under root privileges. To exploit this latter vulnerability, the malicious party...
Vulnerabilities fixed in Samsung products
Several vulnerabilities have been fixed in various Android-based products from Samsung. The vulnerabilities allow a malicious person, remotely or otherwise, to carry out attacks that lead to the following categories of damage: Manipulation of data Circumvention of security measure Remote code...
Vulnerability fixed in Moxa NPort 5110 firmware
Moxa has fixed a vulnerability in the NP5110 firmware. The vulnerability potentially allows a malicious party to use the device to forward IP traffic to network segments that the initially did not have access to because the NPort devices facilitated IP forwarding. Moxa has released updates to fix...
Vulnerabilities identified in GNU/Linux subsystem of Siemens SIMATIC S7-1500 CPU
Vulnerabilities have been identified in the GNU/Linux subsystem of Siemens SIMATIC S7-1500 CPU. The vulnerabilities allow a malicious person able to perform attacks leading to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following Oracle Database products: Database - Enterprise Edition Text Spatial and Graph Application Express APEX SQL Developer The vulnerabilities allow a malicious person, whether or not unauthenticated and remote, potentially be able to launch attacks th...
Vulnerabilities fixed in Microsoft Office products
Microsoft fixes multiple vulnerabilities in Microsoft Office and Sharepoint products. A malicious party could potentially exploit them to execute arbitrary code, to obtain elevated permissions, to gain access to sensitive data obtain access to sensitive data, to conduct a denial-of-service attack...
Vulnerabilities handled in the n8n workflow automation platform
n8n has identified several vulnerabilities in the n8n workflow automation platform, particularly in versions 1.123.55, 2.24.0, 2.25.7, 2.26.1, and 2.26.2. These vulnerabilities affect various components of the n8n platform. Authorized users with workflow processing rights can exploit...
Vulnerabilities present in Siemens products
Siemens has identified vulnerabilities in various products, including SCALANCE, SIMATIC, SINAMICS, SIPROTEC, and TIA Portal. These vulnerabilities pose a threat to malicious actors, who could exploit them to cause the following types of damage: - Denial-of-Service DoS attacks - Data manipulation ...
Vulnerabilities in Microsoft Azure
Microsoft has addressed vulnerabilities in various Azure components. Malicious actors could exploit these vulnerabilities to impersonate other users, gain elevated privileges, execute arbitrary code, or potentially access sensitive data. The most severe vulnerability was found in HorizonDB and ha...
Flattening of vulnerability issues within the Drupal core
Drupal has identified a vulnerability in the Drupal core versions starting from 8.9.0, specifically versions 10.x and 11.x. The vulnerability involves SQL injection in the Drupal’s database abstraction API. As a result, unauthorized malicious actors can execute arbitrary SQL injections on sites...
Vulnerability concealment in Fortinet FortiAuthenticator
Fortinet has identified a vulnerability in FortiAuthenticator. This vulnerability relates to incorrect access control in FortiAuthenticator, allowing attackers to execute unauthorized code or commands. This occurs due to insufficient restrictions in the access control mechanism within the softwar...
Microsoft Defender’s inability to address vulnerabilities
Microsoft has identified a vulnerability in System Center. A malicious individual could exploit this vulnerability by allowing Windows Defender to apply insufficient access control, thereby enabling an authorized attacker to escalate their privileges locally. UPDATE If Microsoft Defender...
Vulnerability fixed in Microsoft Authenticator app
Microsoft has fixed a vulnerability in the Authenticator app for Android and iOS. A malicious party could exploit the vulnerability to gain access to sensitive data. Successful abuse requires the malicious party to trick the victim into installing a rogue app. This app can then be misused to...
Vulnerability fixed in Palo Alto Networks PAN OS
Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS handles certain requests. Unauthenticated attackers can cause a denial-of-service DoS by repeatedly sending requests, which can cause the firewall to go into maintenance mode, disrupting normal...
Vulnerabilities fixed in Arista EOS
Arista has fixed vulnerabilities in the Arista EOS platform. The vulnerabilities are related to the processing of malformed messages, which can lead to system crashes and denial-of-service conditions. High-privileged attackers can exploit these vulnerabilities, leading to severe operational...
Vulnerability fixed in Oracle E-Business Suite
Oracle has fixed a vulnerability in Oracle E-Business Suite Specifically for the Concurrent Processing component in versions 12.2.3 to 12.2.14. The vulnerability is located in the Concurrent Processing component of the Oracle E-Business Suite. Unauthenticated attackers can exploit this...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of a security measure - Execution of arbitrary code - Accessin...
Vulnerabilities fixed in Apache Tomcat
Apache has fixed vulnerabilities in Apache Tomcat Specifically for versions 11.0.0-M1 to 11.0.7, 10.1.0-M1 to 10.1.41, and 9.0.0-M1 to 9.0.105. The vulnerabilities include denial-of-service due to insufficient limits on multipart headers, lack of resource allocation without limits, untrusted sear...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter and Tecnomatix. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in SAP NetWeaver, BusinessObjects Business Intelligence platform, Enterprise Project Connection and Commerce, among others. The vulnerabilities in SAP NetWeaver include a lack of access control, which allows unauthenticated attackers to gain access to sensitive serve...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial of Service DoS - Circumvention of security measure - Execution of arbitrary code User Rights - Execution of arbitrar...
Vulnerability fixed in Splunk Enterprise
Splunk has fixed a vulnerability in Splunk Enterprise and Splunk Secure Gateway. The vulnerability is in specific versions of Splunk Enterprise and Splunk Secure Gateway, allowing low-privileged users to remotely execute code without needing admin rights. Splunk has released updates to fix the...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Specifically for versions 24.7.3, 25.11 and earlier. The vulnerability is in the way Adobe Photoshop handles certain files. A malicious party could exploit this vulnerability by tricking a user into opening a malicious file, which could lead to the...
Vulnerabilities fixed in Citrix Workspace App for Windows
Citrix has fixed vulnerabilities in the Citrix Workspace App for Windows. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and potentially execute code with SYSTEM privileges. Citrix has released updates to fix the vulnerabilities. See attached...
Vulnerabilities fixed in Oracle Database Products
Oracle has fixed vulnerabilities in several Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Access to sensitive data...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including Netweaver, HANA, Fiori and Business Objects. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Circumvention of security measure. Increased user privileges GitLab has released updates to...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in several Hyperion products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in several Java products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP, Netweaver, SAP GUI and HANA. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure. Remote...
Vulnerabilities fixed in SAP
SAP has fixed vulnerabilities in several products, including. Business Objects, SAP GUI, Master Data Governance, Netweaver and Solution Manager. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS...
Vulnerability fixed in Citrix Virtual Apps and Deckstops
Citrix has fixed a vulnerability in the Virtual Delivery Agent for Virtual Apps and Desktops. An authenticated malicious party can exploit the vulnerability to launch applications and desktops for which it is not authorized. Citrix has released updates to fix the vulnerability in Virtual Apps and...
Vulnerability fixed in VMware vRealize
VMware has fixed a vulnerability in vRealize Orchestrator and vRealize Automation. A malicious person with access to the Orchestrator could exploit the vulnerability for an XML External Entity XXE attack, potentially gaining access to sensitive data or grant themselves elevated privileges in the...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in Mendix, among others, Nucleus NET, RUGGEDCOM, SCALANCE, SICAM, SIMATIC, SIPROTEC and SIMATIC WinCC-OA. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Oracle ha...
Vulnerabilities fixed in Oracle Communications
Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security measure Remote code...
Vulnerabilities fixed in Android
Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Access to system data Increased user privileges To exploit the...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Fusion Middleware products: BI Publisher Business Intelligence Enterprise Edition Coherence Global Lifecycle Management NextGen OUI Framework HTTP Server Managed File Transfer Middleware Common Libraries and Tools Security Service SOA Suite...
Vulnerabilities fixed in Intel processors
Vulnerabilities have been fixed in several Intel processors. The vulnerabilities allow a malicious person with local access to the processor to obtain sensitive data or cause a denial-of-service. Intel has released updates to fix the vulnerabilities. More information can be found on the pages...
Vulnerabilities fixed in Adove InDesign
Adobe has fixed vulnerabilities in InDesign. The vulnerabilities allow a malicious person to execute arbitrary code execute with application privileges. To do this, the malicious party induces the victim to open a rogue file open. Adobe has released updates to fix the vulnerabilities. For more...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a malicious party to cause a denial-of-service or to execute arbitrary code execute arbitrary code under the user's privileges. The vulnerability with reference CVE-2022-30129 allows a malicious person to...
Vulnerability fixed in VMWare Cloud Director
A vulnerability has been fixed in VMWare Cloud Director. This vulnerability allows an authenticated outside attacker with network access to the VMWare Cloud Director tenant to execute execute arbitrary code and thereby gain access to the server. gain. VMWare has made updates available for VMware...
Vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed vulnerabilities in IBM Spectrum Protect and IBM Spectrum Protect Plus. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Bypassing authenticatio...
Vulnerabilities fixed in Red Hat OpenShift Logging
Red Hat has fixed vulnerabilities in OpenShift Logging. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in Sophos UTM Up2Date
Sophos has fixed multiple vulnerabilities in Up2Date for Sophos UTM. A malicious party could potentially abuse it to cause a Denial-of-Service or to perform a execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visi...