4190 matches found
Vulnerabilities fixed in Liferay
Vulnerabilities have been fixed in Liferay Portal versions 7.3.3 through through 7.4.1. The vulnerabilities allow a malicious party to perform a Cross-Site Scripting attack or unintentionally view the list of groups and sites used within the portal. Liferay has made updates available for Liferay...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Remote code execution User rights The vulnerabilit...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system...
Vulnerability fixed in Apache Log4j
A vulnerability has been fixed in Apache Log4j. The vulnerability with reference CVE-2021-44832 allows a malicious person to execute execute arbitrary code. To exploit the vulnerability an attacker must have the ability to modify a configuration file modify a configuration file that the vulnerabl...
Vulnerabilities fixed in Grafana
Grafana Labs has fixed two vulnerabilities in Grafana. The vulnerabilities allow an authenticated malicious person to to gain access to sensitive data. This data is limited to arbitrary .md and .csv files. Obtaining unauthorized access to csv files requires it is necessary that the resource...
Vulnerability fixed in Apache Log4j2
A serious vulnerability has been fixed in Apache Log4j, a java log tool used by many Web applications and services. The vulnerability makes it possible for an unauthenticated remote malicious person to execute arbitrary code with the permissions of the Web server. Because Web servers generally ru...
Vulnerability fixed in FortiWeb
FortiNet has released new versions that fix a vulnerability fix in FortiWeb. The vulnerability allows a remote malicious remote user to execute arbitrary code under permissions of the application. FortiNet has released updates to fix the vulnerability. More information can be found on the page...
Vulnerabilities fixed in IBM Workload Scheduler
IBM has fixed vulnerabilities in Workload Scheduler. The vulnerabilities allow an unauthenticated malicious person to opportunity to cause a denial-of-service and to bypass a security measure. IBM categorizes these vulnerabilities using the CVSSv3 method with a highest score of 7.5. IBM has...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in Apple iOS and iPadOS. A malicious party can exploit the vulnerabilities to cause the following types of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data All of the vulnerabilities describe...
Vulnerabilities fixed in Icinga Web
Vulnerabilities have been fixed in Icinga Web. A malicious person could exploit the vulnerabilities to gain access to sensitive data, including login credentials to underlying systems such as Databases. Also, a malicious party could potentially cause a Denial-of-Service cause. Icinga has released...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Circumvention of security measure Remote cod...
Vulnerabilities fixed in Red Hat Openshift Container Platform
Red Hat has released updates to a large number of packages for its OpenShift Container Platform. The packages include several applications for which security advisories have previously been written, but for which Red Hat is now releasing a bundle for OpenShift 4.7.13 Malicious parties can exploit...
Vulnerability fixed in Tomcat
Two vulnerabilities have been discovered in the Tomcat servlet and the JSP engine, which could lead to information disclosure or denial of service. -= Debian =- Debian has made updates to tomcat9 available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages ...
Vulnerabilities fixed in Microsoft Windows
Vulnerabilities have been fixed in Windows. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Impersonating another user Access to sensitive...
Vulnerabilities fixed in the Ubuntu kernel
Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...
Vulnerability fixed in Oracle Siebel
Oracle has fixed several vulnerabilities in Siebel. The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service Manipulation of data...
Vulnerability fixed in IBM Spectrum Protect Operations Center
IBM has fixed a vulnerability in Spectrum Protect Operations Center. A malicious person with network access to the system could potentially exploit the vulnerability potentially exploit it to obtain information about the system. IBM has released updates to fix the vulnerability in Spectrum Protec...
Vulnerability fixed in Adobe Dreamweaver
Adobe has fixed a vulnerability in Dreamweaver. The vulnerability allows a malicious party to obtain elevated rights to obtain. Adobe has released updates to fix the vulnerability. More information can be found on the page below: https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.htm...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Workbench MySQL Server MySQL Cluster MySQL Enterprise Monitor The vulnerabilities allow a malicious person, whether or not unauthenticated and remote, potentially be able to launch attacks that result in the following...
Vulnerabilities fixed in Blackberry Android
Blackberry has fixed multiple vulnerabilities in Blackberry Powered by Android. The vulnerabilities allow a malicious person, either remote or otherwise, to launch attacks that can lead to the following types of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system dat...
Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel
Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. A malicious party could potentially exploit them to cause a denial-of-service or to obtain elevated privileges on the vulnerable system. -= Oracle =- Oracle has made updates available for Oracle Linux 6. You can instal...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in Oracle Java SE. A malicious party could exploit the vulnerabilities to execute arbitrary code or for causing a denial-of-service. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Large number of linux vulnerabilities in SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Siemens has published a large number of vulnerabilities in the Linux subsystem of the SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP. Malicious parties can exploit the vulnerabilities to cause various types of damage, the most important of which are: Execution of arbitrary code with privileges of the...
Vulnerability fixed in Apache Tomcat
The developers of Apache Tomcat have fixed a vulnerability fixed that could potentially allow a remote malicious person to execute arbitrary code under the application's permissions. This is possible if: the malicious party has control of a file on the server; PersistenceManager is used in...
Fixed several vulnerabilities in SAP products.
Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS SQL Injection Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data SAP reports a...
Vulnerabilities in Adobe ColdFusion
Adobe has addressed several vulnerabilities in Adobe ColdFusion versions 25.9, 23.20, and earlier versions. The vulnerabilities in Adobe ColdFusion include unlimited uploading of dangerous file types, improper input validation, path traversal, reflected Cross-Site Scripting XSS, and Server-Side...
Vulnerabilities in Cisco Identity Services Engine
Cisco has addressed several vulnerabilities in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC. These vulnerabilities can be exploited by both authenticated and unauthenticated attackers. An authenticated attacker with administrative privileges can send special...
Vulnerabilities in Oracle JD Edwards EnterpriseOne
Oracle has identified several vulnerabilities in Oracle JD Edwards EnterpriseOne, including the modules Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing, specifically for versions 9.2.0.0 to 9.2.26.2. These vulnerabilities enable attackers ...
vulnerabilities found in Cisco Unity Connection
Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...
Vulnerability avoidance in the Linux kernel cryptographic subsystem
The Linux kernel has a vulnerability in the algifaead crypto module of the cryptographic subsystem. This vulnerability resides in the algifaead crypto module of the Linux kernel, where a mistake occurred during the in-place operation when the source and destination mappings differed. This allows ...
Vulnerabilities handled in GitLab EE and CE
GitLab Inc. has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, particularly in versions ranging from 9.2 to 18.11.1, including various 18.x releases. These vulnerabilities affect various components of GitLab, such as the discussions endpoint, GraphQL AP...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include several issues such as improper path management, memory management, and insufficient input validation, which could lead to unauthorized access to sensitive data, unexpected application terminations, and other...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23 and earlier. The vulnerability is in the way input in form fields is sanitized. This allows attackers to insert malicious JavaScript code. When other users open the affected content, the injected scripts are executed in...
Vulnerabilities fixed in Adobe Commerce
Adobe has fixed vulnerabilities in Adobe Commerce up to version 2.4.9-alpha3. The vulnerabilities include improper input validation that can cause a denial-of-service without user interaction, and multiple improper authorization issues that allow attackers to bypass security mechanisms and gain...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Heliox, Ruggedcom, SICAM, SIDIS and SIMATIC. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...
Vulnerability fixed in n8n Automation Platform
N8n has fixed a vulnerability in the Merge node in SQL query mode Specifically for versions prior to 2.10.1, 2.9.3 and 1.123.22. The vulnerability is in how the Merge node executes SQL queries. Authenticated users with rights to create or modify workflows can execute arbitrary code and write file...
Vulnerabilities fixed in GitHub Enterprise Server
GitHub has fixed vulnerabilities in GitHub Enterprise Server Specifically for versions before 3.20, 3.19.2, 3.18.5 and 3.17.11. The first vulnerability concerns an authorization issue that allowed attackers to merge unauthorized pull-requests into repositories that provide fork support. The secon...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Google Chrome for versions prior to 145.0.7632.75. The vulnerability is in the way Google Chrome handles CSS and involves a use-after-free issue. This can lead to remote code execution via specially crafted HTML pages. Both Google Chrome and Microsoft Edge base...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS Versions 7.0 to 7.6.4, 7.4.0 to 7.4.9, and 7.2.0 to 7.2.11. The vulnerabilities include an Authentication Bypass that allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies, depending on specific configuratio...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server Power BI. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable SQL Server. Microsoft has made updates available that fix the described vulnerability. We recommend that you install these updates. More...
Vulnerability fixed in PEAR
PEAR has fixed a vulnerability in version 1.33.0. The vulnerability is in how the pregreplace function handles the /e modifier. This poses a risk of unauthorized code execution, which could compromise the integrity of applications using this framework. The patch fixes this problem by ensuring tha...
Vulnerability fixed in Cisco Meeting Management
Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...
Vulnerabilities fixed in Cisco Unified Communications products
Cisco has fixed vulnerabilities in several Cisco Unified Communications products. The vulnerabilities include a critical vulnerability that allows unauthenticated remote attackers to execute arbitrary commands on the device's operating system. This is due to improper validation of user input in...
Vulnerability fixed in GNU Inetutils telnetd
Security researchers have found a a vulnerability in Inetutils telnetd version 2.7. This vulnerability has been present since version 1.9.3 that came out in 2015, according to the researchers. The vulnerability is in the way the telnetd service handles the USER environment variable. By setting th...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in several subcomponents of Hyperon products. The vulnerabilities allow unauthenticated attackers to compromise systems, perform denial-of-service attacks, and modify or steal sensitive data. Oracle has released updates to fix the vulnerabilities. See attached...
Vulnerabilities fixed in Oracle Database Server products
Oracle has fixed vulnerabilities in Oracle Database Server products. The vulnerabilities in Oracle Database Server allow unauthenticated attackers to compromise the integrity and confidentiality of data. This could lead to unauthorized access to sensitive data and even a possible takeover of the...
Vulnerability fixed in Microsoft Developer Tools
Microsoft has fixed a vulnerability in Inbox COM Objects. A malicious party could exploit the vulnerability to execute arbitrary code in the context of the vulnerable application without prior authentication. Inbox Component Object Model COM objects is an architecture for developers to develop...
Vulnerability fixed in n8n
N8n has fixed a vulnerability in versions below 1.121.0. The vulnerability in allows unauthorized external malicious parties to access files on the underlying server via specific, form-based workflows. This could expose sensitive information stored on the system and, depending on the configuratio...
Vulnerability fixed in Roundcube Webmail
Roundcube has fixed a vulnerability in Roundcube Webmail. An unauthenticated malicious party can exploit the vulnerability to perform a cross-site scripting attack. The malicious party can thus execute JavaScript code in a user's browser and take over a user's account, for example. To do this, th...