4190 matches found
Vulnerabilities fixed in VMware Aria Operations
Broadcom has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include privilege escalation, stored cross-site scripting XSS and command injection. The privilege escalation vulnerability could allow an attacker to gain elevated privileges, which could affect system integrity an...
Vulnerability fixed in SmarterTools SmarterMail
SmarterTools has fixed vulnerabilities in SmarterMail. A malicious party could exploit the vulnerabilities to bypass authentication and execute arbitrary code with administrator privileges, and possibly SYSTEM. For successful abuse, the malicious party must have access to the API interface...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in several Oracle MySQL components. The vulnerabilities allow highly privileged attackers to remotely exploit the server, which can lead to server crashes and denial of service. This problem can be exploited by attackers with network access, underscoring the need...
Vulnerabilities fixed in Oracle Communications products
Oracle has fixed vulnerabilities in Oracle Communications products. The vulnerabilities allow attackers to gain unauthorized access to the system, which can lead to data manipulation and partial denial-of-service. Attackers can exploit these vulnerabilities via HTTP requests, potentially resultin...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager. Most of the fixed vulnerabilities involve Cross-Site Scripting XSS, which can lead to execution of arbitrary code or increase user privileges. This does require user interaction. The vulnerability with reference CVE-2025-64540 concerns ...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in Oracle Fusion Middleware components. The vulnerabilities allow unauthenticated attackers to access critical data over HTTP, which can lead to partial denial-of-service. The severity of these vulnerabilities is underscored by CVSS scores of 7.5, indicating...
Vulnerability fixed in Fortinet FortiWeb
Fortinet has fixed a vulnerability in FortiWeb. Fortinet has fixed a vulnerability in FortiWeb. The vulnerability marked CVE-2025-64446 involves a relative path traversal vulnerability and allows an unauthenticated remote attacker to execute administrative commands via specially crafted HTTP...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle fixed vulnerabilities in Enterprise Manager The vulnerabilities allow unauthorized attackers to gain access to sensitive data and can lead to denial-of-service DoS attacks. Specifically, the vulnerability in Oracle Enterprise Manager's Security Framework can be exploited by unauthenticated...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for versions 12.2.3 to 12.2.14. The vulnerabilities are in several components of Oracle E-Business Suite, including iStore, Product Hub, Workflow, Applications Manager, and Marketing. These vulnerabilities allow...
Vulnerabilities fixed in Veeam Backup & Replication
Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities are in Veeam Backup & Replication's Mount service and Backup Server, both of which are vulnerable to remote code execution RCE by authenticated domain users. This can lead to unauthorized access and manipulation of...
Vulnerability fixed in IBM InfoSphere
IBM has fixed a vulnerability in InfoSphere Versions 11.7.0.0 to 11.7.1.6 The vulnerability is in how input is validated in affected versions of InfoSphere. Authenticated users can exploit this vulnerability to execute arbitrary commands with elevated privileges. This could lead to unauthorized...
Vulnerabilities fixed in Cisco NX-OS Software
Cisco has fixed vulnerabilities in Cisco NX-OS Software Specifically for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software. A vulnerability in the command-line interface CLI allows authenticated local malicious actors to perform command...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIMAC, RUGGEDCOM, SIMOTION, SINAMICS, SIPROTEC and SINUMERIK. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in Adobe InDesign Desktop
Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID20.2, ID19.5.3, and earlier. The vulnerabilities include a Heap-based Buffer Overflow, Use After Free, NULL Pointer Dereference, and out-of-bounds read, all of which can lead to arbitrary code execution or disclosure ...
Vulnerabilities fixed in SysAid On-Prem
SysAid has fixed vulnerabilities in SysAid On-Prem Versions up to 23.3.40 The vulnerability is in the unauthenticated XML External Entity XXE present in SysAid On-Prem versions up to 23.3.40. This vulnerability allows attackers to exploit the system without authentication. This can lead to...
Vulnerabilities fixed in Apache HTTP Server
Two vulnerabilities have been fixed in Apache HTTP server 2.4. The first vulnerability CVE-2024-40725 can lead to source code leakage when files are accessed indirectly. The second vulnerability CVE-2024-40898 involves a Server Side Request Forgery SSRF that can be abused by a malicious person to...
Vulnerability fixed in Adobe Dreamweaver
Adobe has fixed a vulnerability in Dreamweaver. A malicious party could exploit the vulnerability to execute an OS Command Injection, thus executing arbitrary code on the underlying system. Adobe has released updates to fix the vulnerability in Dreamweaver 21.4. For more information, see attached...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as. Cerberus, Ruggedcom, SCALANCE, Sentron, SIMATIC, Sinema, Sinteso, Siveillance and Solid Edge. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage:...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunOS. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges The table below...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in the Microsoft Office. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Remote code execution User Rights Spoofing Access to sensitive data The tables below provide an overview of the vulnerabilitie...
Vulnerabilities fixed in Microsoft Office products
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application. To execute code in Office and Visio, the malicious party does not need prior authentication, but needs to trick the vict...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in RUGGEDCOM, SCALANCE and SIMATIC products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication. Remote co...
Vulnerabilities fixed in Oracle Supply Chain
Oracle has fixed vulnerabilities in the following Supply Chain products: Advanced Supply Chain Planning Transportation Management Autovue for Agile Product Lifecycle Management. Agile Engineering Data Management Agile PLM MCAD Connector Agile PLM Framework Product Lifecycle Analytics The...
Vulnerabilities fixed Oracle Communications Applications
Oracle has fixed vulnerabilities in the following products: Communications Billing and Revenue Management Communications ASAP Communications IP Service Activator Communications MetaSolv Solution Communications Order and Service Management Communications Design Studio Communications Network...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges The vulnerability with attribute...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed vulnerabilities in the following products: Communications Services Gatekeeper Communications Service Broker Communications Session Border Controller Enterprise Session Border Controller Enterprise Communications Broker Communications Operations Monitor Communications Interactive...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in Visual Studio and Visual Studio Code. The vulnerabilities allow a malicious person able to execute arbitrary code under the privileges of the user and obtain elevated privileges. Below is a summary of the various vulnerabilities described by compone...
Vulnerabilities fixed in Oracle Communications products
Oracle has fixed vulnerabilities in the following Communications products: Communications Services Gatekeeper Communications Converged Application Server - Service Controller Communications Session Border Controller Enterprise Communications Broker Communications Operations Monitor Communications...
Vulnerability fixed in NetApp Clustered Data ONTAP
NetApp has fixed a vulnerability in the BSD sub-layer of Clustered Data ONTAP. The vulnerability is located in the ipv6 impelementation and potentially allows a malicious party to cause a denial-of-service exploit. NetApp has released updates to fix the vulnerability in Clustered Data ONTAP. For...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data...
Vulnerabilities fixed in Oracle Linux
Oracle has fixed multiple vulnerabilities in the Unbreakable Enterprise kernel for Oracle Enterprise Linux. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code executi...
Vulnerabilities fixed in Cisco Nexus 9000 series
Cisco has fixed vulnerabilities in Nexus 9000 Series Fabric Switches. The vulnerabilities allow an unauthenticated remote malicious party able to cause a denial-of-service cause and to bypass a security measure. Cisco categorizes these vulnerabilities according to the CVSSv3 method with a highest...
Multiple vulnerabilities fixed in F5 BIG-IP products
Multiple vulnerabilities have been identified in F5 BIG-IP, an external malicious person could exploit them to create a denial of service condition, spoofing, execution of external code, data manipulation, cross-site scripting and trigger security restrictions on the targeted system. F5 has...
Vulnerability fixed in Samba
Ubuntu has fixed a vulnerability in Samba. The vulnerability potentially allows a malicious party to obtain domain administrator rights. The vulnerability with reference CVE-2020-1472 in Samba in that case should be exploited in conjunction with a vulnerable Microsoft domain controller to be...
Multiple vulnerabilities fixed in Oracle Java SE
Oracle has fixed several vulnerabilities in Oracle Java SE. A malicious party could potentially exploit the vulnerabilities to gain elevated privileges, to access potentially sensitive data or to launch a denial-of-service attack. An overview of the fixed vulnerabilities:...
Vulnerabilities hidden in Fortinet FortiPortal
Fortinet identified a vulnerability in FortiPortal versions 7.0 through 7.4.7. The vulnerability relates to the FortiPortal API endpoints, where an external attacker with organizational user privileges could access sensitive network configuration data through specially crafted HTTP requests. Thes...
Vulnerability handling in Fortinet FortiSandbox
Fortinet has identified a vulnerability in FortiSandbox versions 4.2 through 5.0.5, including FortiSandbox Cloud and FortiSandbox PaaS. The vulnerability involves OS command injection in the FortiSandbox’s webinterface. As a result, unauthorized attackers can execute arbitrary OS commands by...
Vulnerabilities that can be addressed in Adobe Connect
Adobe has identified vulnerabilities in Adobe Connect versions 2025.9.15, 2025.8.157, and earlier versions. These vulnerabilities allow attackers to execute arbitrary code on the affected system. This can occur when users interact with malicious URLs or compromised web pages. The first...
vulnerabilities handled in Microsoft Developer Tools
Microsoft has addressed vulnerabilities in various Developer Tools. A malicious individual could exploit these vulnerabilities to carry out attacks that can cause the following types of damage: - Denial-of-Service DoS attacks - Bypass of security measures - Execution of arbitrary code user rights...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Analytics Toolkit, Ruggedcom, Industrial Edge Management Pro, SIDIS and TPM. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...
Vulnerabilities fixed in Cisco Catalyst SD-WAN Manager
Cisco has fixed several vulnerabilities in the Cisco Catalyst SD-WAN Manager. The vulnerabilities are in the peering authentication mechanisms of the Cisco Catalyst SD-WAN Controller and Manager products. These vulnerabilities allow an unauthenticated remote attacker to bypass the authentication...
Vulnerability fixed in BeyondTrust Remote Support
BeyondTrust has fixed a vulnerability in BeyondTrust Remote Support and some older versions of Privileged Remote Access. The vulnerability is in the software's pre-authentication, which allows unauthenticated attackers to execute operating system commands by sending specially crafted requests to...
Vulnerability fixed in Microsoft Exchange
Microsoft has fixed a vulnerability in Exchange server. A malicious person could, without prior authentication, impersonate another user and thus gain access to sensitive data in the victim's context. Microsoft has made updates available that fix the described vulnerability. We recommend that you...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP CRM, SAP S/4HANA, SAP NetWeaver Application Server ABAP, SAP Supply Chain Management, SAP BusinessObjects BI Platform, SAP Document Management System, SAP Commerce Cloud, and SAP Business Workflow. The vulnerabilities include code...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Desigo, NX, Polarion, SENTRON, Simcenter, SINEC, SIPORT, Siveillance, Solid Edge, The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service D...
Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition
GitLab has fixed vulnerabilities in Community Edition CE and Enterprise Edition EE versions for 18.6.4, 18.7.2, and 18.8.2. Malicious parties can exploit the vulnerabilities to cause a denial-of-service DoS, or potentially gain access to sensitive data by bypassing security measures. GitLab has...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in Oracle Enterprise Manager Base Platform and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated attackers to gain unauthorized access, or can lead to a partial denial-of-service over HTTP. Oracle has released updates to fix the...