4190 matches found
Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS
Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the vulnerable system. Successful exploitation requires the malicious party to have access to the PAPI port, or the SSH...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious person could exploit the vulnerabilities to bypass a security measure, grant themselves elevated privileges, access sensitive data, execute arbitrary code, possibly with kernel privileges or cause a Denial-of-Service. Successful abuse requires...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office, Sharepoint and Outlook. A malicious party could exploit the vulnerabilities to impersonate another user or execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicio...
Vulnerabilities fixed in Siemens Products
Siemens has fixed vulnerabilities in various products such as Mendix, RUGGEDOM, SIMATIC, SINEMA, SIPROTEC and the Engineering Platforms for various systems. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...
Vulnerabilities fixed in Adobe Commerce
Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code, possibly with administrator privileges. Proof-of-Concept code PoC has been published for the vulnerability with reference...
Vulnerabilities fixed in Avaya IP Office
Avaya has fixed vulnerabilities in IP Office. A malicious party could exploit the vulnerabilities to execute arbitrary code on the central system, potentially taking over the system. For successful abuse, the malicious party must have access to the Web Control interface, but does not need prior...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including Business Objects, HANA, CRM and NetWeaver. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Bypassing authentication - Cross-Site...
Vulnerabilities fixed in PHP
Vulnerabilities have been fixed in PHP. A malicious person could exploit the vulnerabilities to execute arbitrary code with application privileges. The vulnerability with attribute CVE-2024-4577 is actually a re-entry of the vulnerability with attribute CVE-2012-1823. This vulnerability allows th...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. The vulnerabilities allow a malicious person to grant themselves elevated privileges, cause a denial-of-service or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue link, or...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in Solarwinds Platform. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, execute a command injection, or perform a Cross-Site-Scripting attack. Such an attack can result in execution of arbitrary code in the victim's browser. For...
Vulnerability fixed in Check Point VPN products
Check Point has fixed a vulnerability in Quantum Gateway VPN systems. Check Point reports observing active abuse attempts. A path-traversal bug allows a malicious party to gain access to the username and password credentials of local accounts on the VPN system. If these local accounts, are...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service DoS, or collect sensitive data via a Cross-Site-Scripting attack XSS to take over accounts. GitLab has released updates to fix the...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Excel and Sharepoint. The vulnerability in Excel allows a malicious person to execute arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into opening a rogue file. The vulnerability in Sharepoi...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in Hewlett Packard OneView
Hewlett Packard has fixed vulnerabilities in OneView. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that could result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of authentication Remote code...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in PeopleSoft Enterprise PeopleTools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. Causing a Denial-of-Service does not require prior authentication is required. Successful access to sensiti...
Vulnerabilities fixed in Tenable Nessus Network Monitor
Tenable has fixed vulnerabilities in Nessus Network Monitor and underlying software. An unauthenticated malicious person could potentially exploit the vulnerability with reference CVE-2023-5363 potentially exploit it to cause a denial-of-service DoS or to gain access to sensitive system data. In...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in After Effects. A malicious party could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adob...
Vulnerabilities fixed in SugarCRM
Vulnerabilities have been fixed in SugarCRM. A malicious party can exploit the vulnerabilities to conduct a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or access sensitive data in the context of the victim's...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications products. A malicious party could exploit them to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Oracle has...
Vulnerabilities fixed in Oracle Analytics
Vulnerabilities have been fixed in Oracle Analytics products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Accessing syst...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in BIG-IP. An authenticated malicious person with access to the management interface, or access to the shell of the system, could exploit the vulnerabilities to cause a Denial-of-Service, obtain sensitive information or, through a Cross-Site-Scripting attack, execute...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange. A malicious party could exploit the vulnerabilities to impersonate as another user and execute arbitrary code with privileges of that user, or gain access to the sensitive data in the victim's context. The most serious vulnerability has been given...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Oracle has fixed the...
Vulnerabilities fixed in Oracle Enterprise Manager
Vulnerabilities have been fixed in Oracle Enterprise Manager products. A malicious party can exploit the vulnerabilities to execute attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to...
Vulnerabilities fixed in Microsoft Paint3D
Microsoft has fixed vulnerabilities in Paint3D. The vulnerabilities allow a malicious person to execute arbitrary execute code with user privileges. The malicious must do so to trick the victim into opening a rogue image. open. Paint3D comes installed by default, but maintained through the...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or potentially execute arbitrary code with privileges of the victim. Google has released updates to fix the vulnerabilities in Chrome 114.0.5735.133 for linux and...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Increased user privileges In order to...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in SIMATIC, SICAM, SIMOTION, WinCC, Solid Edge and Scalance products. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Microsoft Teams: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impa...
Vulnerability fixed in Red Hat Fuse
Red Hat has fixed a vulnerability in Fuse 7. The vulnerability is located in the Hazelcast integrated in Fuse Connection Cache and allows an unauthenticated malicious agent to able to manipulate data in the cluster without prior authentication or authorization. Red Hat has released updates to fix...
Vulnerability fixed in Microsoft Malicious Software Removal Tool
Microsoft has fixed a vulnerability in the Windows Malicious Software Removal Tool as used by Microsoft System Center Endpoint Protection and Microsoft Malware Protection Engine. The vulnerability allows a malicious party to obtain of elevated privileges. Windows Malicious Software Removal Tool:...
Vulnerability fixed in Citrix Gateway and ADC
Citrix has fixed a vulnerability in Citrix Gateway and Citrix ADC. An unauthenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code. To do so, rogue network traffic must be sent to the vulnerable system be sent. Gateway and ADC systems are only...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to execute arbitrary code under the privileges of the user. The vulnerabilities marked CVE-2022-3602 and CVE-2022-3786 are located in OpenSSL and were previously...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. The vulnerabilities potentially enable a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure. Remote code execution Administrator/Root rights Remo...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root privileges Access to...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Oracle has fix...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in RUGGEDCOM, SCALANCE and SIMATIC products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication. Remote co...
Vulnerabilities fixed in BMC Track-It!
BMC has fixed vulnerabilities in Track-It! A malicious person could exploit the vulnerabilities to execute arbitrary code under service account privileges or for gaining access to sensitive data. For accomplishing the former does not require authentication. BMC has released updates to fix the...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in the following Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager Ops Center Oracle Application Testing Suite Enterprise Manager for MySQL Database The vulnerabilities potentially enable a malicious party to execute attacks that...
Vulnerabilities fixed in Juniper products
Juniper has fixed vulnerabilities in several products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in IBM Tivoli Netcool Impact
Vulnerabilities have been fixed in IBM Tivoli Netcool Impact. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing...
Vulnerabilities fixed in Cisco Identity Services Engine
Vulnerabilities have been fixed in Cisco Identity Services Engine. The vulnerabilities allow a malicious party to access system data or to bypass authentication. Cisco has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2022-20733...
Vulnerabilities fixed in IBM Cognos Command Center
Several vulnerabilities have been fixed in IBM Cognos Command Center. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing Access to sensitive data Increased user privileg...
Vulnerabilities fixed in IBM QRadar SIEM
Vulnerabilities have been fixed in the IBM QRadar Data Synchronization App for IBM QRadar SIEM. The vulnerabilities are are in underlying software and libraries, such as Node.js and SQLite. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office. The vulnerabilities allow a remote malicious person to execute arbitrary code under the user's privileges or to bypass a security measure. Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE ID | CVSS |...
Vulnerabilities fixed in Liferay
Vulnerabilities have been fixed in Liferay Portal versions 7.3.3 through through 7.4.1. The vulnerabilities allow a malicious party to perform a Cross-Site Scripting attack or unintentionally view the list of groups and sites used within the portal. Liferay has made updates available for Liferay...