4190 matches found
Vulnerabilities in Oracle Fusion Middleware products
Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...
Lack of transparency in Cisco Unified Communications Manager
Cisco has identified a vulnerability in Unified Communications Manager CM and Unified Communications Manager Session Management Edition CM SME. A malicious individual could exploit this vulnerability to carry out a Server-Side Request Forgery SSRF attack. Successful exploitation could result in t...
Kwetsbaarheid verholpen in Cisco Crosswork Network Controller
Cisco has identified a vulnerability in the Cisco Crosswork Network Controller. This vulnerability involves a denial-of-service attack that can be exploited by unauthorized external attackers. The attack involves overwhelming the system with a large number of connection requests, causing services...
vulnerabilities present in Microsoft Office
Microsoft has identified vulnerabilities in various Office products. A malicious individual can exploit these vulnerabilities to impersonate another user or execute arbitrary code with the victim’s privileges, potentially accessing sensitive data within the context of the victim’s account. For...
Vulnerabilities fixed in Kibana
Elastic has fixed vulnerabilities in Kibana. The vulnerabilities are in several components of Kibana. An authenticated user with view-only privileges can exploit an input validation flaw to cause a Denial of Service condition by sending specially crafted, misshapen payloads. This leads to excessi...
Vulnerability fixed in Dell RecoverPoint for Virtual Machines
Dell has fixed a vulnerability in Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1. The vulnerability resides in hard-coded login credentials present in the software. This allows unauthenticated attackers on the same network to gain unauthorized access to the system. This coul...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS, including versions Sequoia 15.7.4, Tahoe 26.3 and Sonoma 14.8.4. The vulnerabilities include memory corruption issues, unauthorized access to sensitive user data, and logging issues that could lead to unauthorized access to location information. The updat...
Vulnerabilities fixed in Oracle Financial Services
Oracle has fixed vulnerabilities in several products, including Oracle Banking Liquidity Management, Oracle Financial Services Model Management and Oracle FLEXCUBE. The vulnerabilities in the Oracle products allow unauthenticated attackers to gain access to sensitive data and perpetrate...
Vulnerabilities fixed in Oracle Communications products
Oracle has fixed several vulnerabilities in its Communications products, including Unified Assurance and Cloud Native Core. The vulnerabilities in Oracle Communications products allow malicious actors to gain unauthorized access, which can lead to partial or full Denial-of-Service DoS attacks...
Vulnerability fixed in Oracle E-Business Suite
Oracle has fixed a vulnerability in Oracle E-Business Suite Specifically for the Concurrent Processing component in versions 12.2.3 to 12.2.14. The vulnerability is located in the Concurrent Processing component of the Oracle E-Business Suite. Unauthenticated attackers can exploit this...
Vulnerabilities fixed in Zenitel ICX500 and ICX510 gateway
Zenitel has fixed vulnerabilities in the ICX500 and ICX510 gateway products. The vulnerabilities allow malicious parties to gain unauthorized access to the Billing Admin endpoint and execute arbitrary commands on the device. This can lead to serious compromise of device availability,...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. The vulnerabilities include improper certificate validation that allows attackers to connect to FortiClient via revoked certificates, leading to unauthorized access. In addition, there are vulnerabilities in session escalation and privilege managemen...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as RUGGEDCOM, SCALANCE, SIMATIC and Tecnomatix The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in macOS Specifically for Ventura 13.7.5, Sequoia 15.4 and Sonoma 14.7.5. The vulnerabilities include issues with unauthorized access to sensitive user data, logging issues, and vulnerabilities that allowed applications to obtain root privileges. These...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in BIG-IP. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS. - Circumvention of a security measure - Execution of arbitrary code Root/admin - Execution of arbitrary cod...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or grant themselves elevated privileges on the device and thus execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful...
Vulnerability fixed in HPE 3PAR Service Processor
A vulnerability has been fixed in HPE 3PAR Service Processor. An unauthenticated malicious person with access to the local network can exploit the vulnerability to bypass authentication. HPE has made an update available to fix the vulnerabilities. See the reference for more information...
Vulnerabilities fixed in IBM Qradar
IBM has fixed vulnerabilities in Qradar and underlying components such as SIEM, Wincollect and Case Manager. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...
Vulnerabilities fixed in Lexmark printers
Lexmark has fixed vulnerabilities in the firmware of several printers. The vulnerabilities are located in the Postscript interpreter and allow a malicious person with the ability to print commands the ability to send arbitrary code execute arbitrary code on the vulnerable system. Lexmark has...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in Zabbix
Vulnerabilities have been fixed in Zabbix. A malicious party can exploit the exploit the vulnerabilities to cause a Denial-of-Service, potentially execute arbitrary code with the privileges of the application, or use session hijacking to gain access to the data of a logged-in user. The developers...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A malicious person could exploit the vulnerabilities to execute arbitrary code in the victim's scope, or to gain access to sensitive data in the victim's scope. For successful exploitation, the malicious party must trick the victim into opening a rogu...
Vulnerability fixed in Avaya Aura
Avaya has fixed a vulnerability in the Aura Device Services web service. An unauthenticated malicious person can exploit the exploit the vulnerability to execute arbitrary code with the permissions of the web service. Avaya has released updates to fix the vulnerability in Aura Device Services...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Fusion Middleware products: BI Publisher Business Intelligence Enterprise Edition Coherence Global Lifecycle Management NextGen OUI Framework HTTP Server Managed File Transfer Middleware Common Libraries and Tools Security Service SOA Suite...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerabilities fixed in Intel processors
Vulnerabilities have been fixed in several Intel processors. The vulnerabilities allow a malicious person with local access to the processor to obtain sensitive data or cause a denial-of-service. Intel has released updates to fix the vulnerabilities. More information can be found on the pages...
Vulnerability fixed in Siemens SCALANCE
A vulnerability has been fixed in Siemens SCALANCE. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. Siemens has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in IBM MQ
IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in Java, Eclipse Jetty and Websphere Liberty and were previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to cause a...
Vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed vulnerabilities in IBM Spectrum Protect and IBM Spectrum Protect Plus. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Bypassing authenticatio...
Vulnerabilities fixed in snapd
Several vulnerabilities have been fixed in Canonical's snapd. The vulnerabilities allow a local malicious person to launch attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to...
Vulnerabilities fixed in Cisco Webex
Vulnerabilities have been fixed in Cisco Webex. The vulnerabilities marked CVE-2021-1500 and CVE-2021-40128 allow an unauthenticated remote malicious person able to trick a user to trick a user into opening a rogue Web page. The vulnerability with reference CVE-2021-40115 allows a malicious perso...
Vulnerabilities fixed in Cisco NX-OS
Vulnerabilities have been fixed in Cisco NX-OS. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause. Both vulnerabilities are not exploitable with standard configuration. exploited. For the vulnerability with CVE attribute CVE-2021-1588 requires tha...
Vulnerabilities fixed in F5 BIG-IP
Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights SQL Injection Access to...
Vulnerabilities fixed in Oracle Supply Chain Products Suite
Oracle has fixed vulnerabilities in the following products within the Supply Chain Products Suite: Transportation Management Agile Engineering Data Management Agile PLM Framework An unauthenticated malicious person could potentially exploit them to cause a denial-of-service. In addition the...
Vulnerability found in Rockwell Automation Logix Controllers
A vulnerability has been found in Rockwell Automation Logix Controllers. The vulnerability allows a malicious party to bypass authentication. After this, it is possible to modify the configuration of the vulnerable system and to execute arbitrary code execute. The attack should be performed from...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Access to system data -= Red Hat =- Red Hat has...
Vulnerability fixed in Atlassian Bamboo
A vulnerability has been fixed in Atlassian Bamboo. A unauthenticated malicious person could exploit the vulnerability to obtain system data. Atlassian has released updates to fix the vulnerability in Bamboo. For more information, see: https://confluence.atlassian.com/bamboo...
Vulnerabilities fixed in Oracle Unbreakable Enterprise kernel
Oracle has fixed vulnerabilities in the Unbreakable Enterprise kernel. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user privileges -= Oracl...
Vulnerabilities fixed in Siemens vulnerabilities
Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution Administrator/Root right...
Vulnerability fixed in Nessus
A vulnerability has been fixed in Nessus. The vulnerability allows a local malicious person with valid login credentials on a Windows machine to execute arbitrary code under the user's privileges. Tenable has made updates available for Nessus to fix the vulnerability. More information can be foun...
Vulnerabilities managed in Ivanti Endpoint Manager Mobile
Ivanti has identified several vulnerabilities in Ivanti Endpoint Manager Mobile. These vulnerabilities include an OS command injection vulnerability, where a remote attacker can execute arbitrary operating system commands with root privileges. Additionally, there is a vulnerability due to incorre...
Flaws hidden in Microsoft Dynamics
Microsoft has identified a vulnerability in Dynamics on-premise. A malicious individual could exploit this vulnerability to gain increased privileges on the system. It is possible for a malicious person to gain privileges as a System Administrator. For successful exploitation, the malicious...
vulnerabilities present in Microsoft Office
Microsoft has identified vulnerabilities in various Office products such as Sharepoint, Word, Project, and Excel. A malicious individual can exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. For successful exploitation, th...
Kwetsbaarheid verholpen in Cisco SD-WAN Manager
Cisco has identified a vulnerability in SD-WAN Manager, previously known as SD-WAN vManage. A malicious individual could exploit this vulnerability by uploading a specially crafted file to the affected system and thereby elevating their privileges to root user status. Cisco indicates that active...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...
Vulnerabilities fixed in VMware Aria Operations
Broadcom has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include privilege escalation, stored cross-site scripting XSS and command injection. The privilege escalation vulnerability could allow an attacker to gain elevated privileges, which could affect system integrity an...
Vulnerability fixed in SmarterTools SmarterMail
SmarterTools has fixed vulnerabilities in SmarterMail. A malicious party could exploit the vulnerabilities to bypass authentication and execute arbitrary code with administrator privileges, and possibly SYSTEM. For successful abuse, the malicious party must have access to the API interface...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in several Oracle MySQL components. The vulnerabilities allow highly privileged attackers to remotely exploit the server, which can lead to server crashes and denial of service. This problem can be exploited by attackers with network access, underscoring the need...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager. Most of the fixed vulnerabilities involve Cross-Site Scripting XSS, which can lead to execution of arbitrary code or increase user privileges. This does require user interaction. The vulnerability with reference CVE-2025-64540 concerns ...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in Oracle Fusion Middleware components. The vulnerabilities allow unauthenticated attackers to access critical data over HTTP, which can lead to partial denial-of-service. The severity of these vulnerabilities is underscored by CVSS scores of 7.5, indicating...