Multiple vulnerabilities fixed in F5 BIG-IP products

F5 has fixed several vulnerabilities in BIG-IP. Malicious remote users can exploit the vulnerabilities to cause a Denial-of-Service or perform Cross-Site-Scripting and Cross-Site-Request-Forgery attacks. Authenticated malicious parties can exploit some vulnerabilities exploit them to bypass...

Vulnerabilities fixed in Oracle Communications

Oracle has fixed vulnerabilities in the following products: Communications Services Gatekeeper Communications Session Border Controller Communications Unified Session Manager Enterprise Session Border Controller Enterprise Communications Broker Communications Operations Monitor Communications...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Access to syst...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several MS Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution User rights Spoofing Access to sensitive data...

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in the following MySQL products: MySQL Workbench MySQL Server MySQL Cluster MySQL Enterprise Monitor MySQL Connectors The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service D...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.2, 23.14, 21.20 and earlier. The vulnerabilities in ColdFusion include a significant vulnerability related to improper restriction of XML External Entity Reference XXE, hard-coded credentials, improper authorization, XML...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. The vulnerabilities are in the Keymaster trustlet, SmartManagerCN and FreeType, among others. The vulnerabilities allow a local attacker to run code on the device and execute code with SmartManagerCN privileges. Google reports receiving information tha...

Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved

Vulnerabilities have been found and fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to carry out attacks that can lead to denial-of-service DoS, access to sensitive information, execution of code with increased user privileges and bypassing a security...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in the following Cisco products: Cisco Adaptive Security Appliance ASA. Cisco Firepower Management Center Cisco Firepower Threat Defense Cisco Secure Firewall Snort The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the...

Vulnerabilities fixed in TYPO3

The Typo3 Association has fixed vulnerabilities in the Core software of the TYPO3 Content Management System. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, gain access to system information, or launch Perform Cross-Site-Scripting XSS attacks. The...

Vulnerabilities fixed in Gitlab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Circumvention of security measure Remote...

Vulnerabilities fixed in Foxit Reader

Foxit has fixed vulnerabilities in Foxit Reader Specific to version 2025.1.0.27937. The vulnerabilities are in the way Foxit Reader handles PDF files. Malicious parties can exploit these vulnerabilities by tricking users into opening a malicious PDF file or visiting a malicious website, which can...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

Vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. An authenticated malicious party can exploit the vulnerabilities to exploit attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that result in...

Vulnerabilities fixed in Wind River Linux

Vulnerabilities have been fixed in Wind River Linux. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Circumvention of security measure Remote code execution...

Vulnerabilities fixed in GitLab EE & CE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions before 18.2.7, 18.3.3, and 18.4.1. The vulnerabilities include allowing authenticated users to access confidential information by creating projects with the same name as the victim, and gaining unauthorized access to...

Vulnerabilities fixed in Solarwinds Platform

Vulnerabilities have been fixed in SolarWinds Access Rights Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to system data Access to sensitive data Manipulation of data Circumvention of security measure Remot...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data Increased user privileges The...

Vulnerabilities fixed in Juniper Junos OS

Juniper Networks has fixed multiple vulnerabilities in Junos OS and Junos OS Evolved for SRX and NFX series devices, among others. The vulnerabilities potentially enable a malicious party to execute attacks that result in the categories of damage. For each category, the CVE features that are...

Vulnerabilities fixed in NVIDIA GPU Display Driver

Vulnerabilities have been fixed in NVIDIA GPU Display Driver. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to system data Increased user privileges NVIDIA has...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in several Fusion Middleware products. A malicious party can exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to manipulate projects and be able to cause damage cause damage in the following categories: Bypassing security measure. Remote code execution User rights Spoofing Accessing...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in components of Azure. A malicious party could exploit the vulnerabilities to gain elevated privileges, execute code with privileges of a user or gain access to sensitive data. Azure DevOps: |----------------|------|-------------------------------------| | CVE...

Vulnerabilities fixed in BIG-IP

F5 has fixed vulnerabilities in BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Access to system data Increased user privileges F5 has released...

Vulnerabilities fixed in IBM Cognos

IBM has fixed vulnerabilities in Cognos. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Circumvention of security measure. Remote code execution Administrator/Root rights...

Vulnerabilities fixed in Oracle Financial Services Applications

Oracle has fixed vulnerabilities in several Financial Services applications. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing...

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data Acce...

Vulnerabilities fixed in Rancher

Vulnerabilities have been fixed in Rancher. The vulnerability with reference CVE-2022-43760 allows a malicious person to perform a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the browser of the victim. The vulnerabilities marked...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to sensitive data Access to system data Increased user privileges This update also...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Fusion Middleware components, such as WebLogic Server, WebCenter and HTTP Server. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Execution...

Vulnerabilities fixed in F5 products

F5 has fixed multiple vulnerabilities in several F5 products, including BIG-IP and BIG-IQ. Most of the updates are relate to the Traffic Management Microkernel TMM, a component of virtually all BIG-IP modules. The vulnerability with reference CVE-2022-23008 concerns the NGINX Controller API...

Fixed vulnerabilities in various Intel processors, chipsets, firmware, drivers and tools

Intel has fixed a sizable number of vulnerabilities in a range of processors, chipsets, firmware, drivers and tools. Many of the named chipsets are integrated and mostly present in systems built with Intel hardware. The associated tooling is generally included and installed by default. A maliciou...

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed a large number of vulnerabilities in Experience Manager. A malicious party can exploit the vulnerabilities to bypass security measures and launch a Cross-Site Scripting attack in various ways. Such an attack often results in execution of arbitrary code in the victim's browser, or...

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Accessing...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Administrator/Root privileges Siemens...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Increased user privileges The most serious...

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP, SAP Gui, CRM, Netweaver and Business Objects. A malicious person could vulnerabilities potentially exploit and cause damage in the categories below: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing...

Vulnerabilities fixed in Adobe products

Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution...

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign Desktop versions 20.4, 19.5.4, and earlier. The vulnerabilities are in the way Adobe InDesign Desktop processes files. When a user opens a maliciously crafted file, it can lead to arbitrary code execution. Attackers can exploit these vulnerabilities to...

Vulnerabilities fixed in Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS XE Software. The vulnerabilities in Cisco IOS XE Software include several issues, including insufficient input validation and improper memory management. These vulnerabilities can be exploited by unauthenticated attackers to cause denial-of-service DoS...

Vulnerabilities fixed in Honeywell Experion and Safety Manager

Honeywell has fixed vulnerabilities in Experion, Experion Plantcruise and Safety Manager. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP ERP, Netweaver, HAMA, Business Objects and SAP Solution Manager. A malicious party could potentially exploit the vulnerabilities and cause damage cause damage in the categories listed below: Cross-Site Scripting XSS Denial-of-Service Do...

Vulnerabilities fixed in xWiki

The developers of Xwiki have fixed several vulnerabilities in Xwiki. An authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, or to gain access to data to which the malicious party is not initially authorized. Xwiki has released updates to fix the...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure The vulnerability with attribute...

Vulnerabilities fixed in Esri ArcReader

Esri has fixed multiple vulnerabilities in ArcReader, ArcGIS Desktop, ArcGIS Engine and ArcGIS Pro. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code execute arbitrary code under application privileges. To do so, the malicious party needs to induce an...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Access to sensiti...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to grant themselves elevated privileges and perform actions in the context of another user, potentially including users with...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to cause a denial-of-service, access gain access to and manipulate system data, or launch a Server-Side Request Forgery SSRF exploit. Such an attack can lead to execution of...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights Remote...