4190 matches found
Vulnerabilities fixed in Oracle Financial Services
Oracle has fixed vulnerabilities in Oracle Financial Services components. The vulnerabilities allow unauthenticated attackers to gain unauthorized access to sensitive data over HTTP. This can lead to unauthorized access and modification of critical data, with a CVSS score of 9.8 highlighting the...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges, or gain access to sensitive data in the victim's context. Successful exploitation requires the...
Vulnerability fixed in Fortra's GoAnywhere MFT
Fortra has fixed a vulnerability in GoAnywhere MFT License Servlet Specifically. The vulnerability is in the deserialization of a controlled object within the License Servlet. An attacker could use a forged license response signature to perform command injection, which could lead to unauthorized...
Vulnerabilities fixed in Ivanti products
Ivanti has fixed vulnerabilities in several products such as Connect Secure and Policy Secure. The vulnerabilities are in several Ivanti products and allow remote authenticated attackers with read-only admin rights to change authentication settings, configure restricted settings, hijack existing...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed vulnerabilities in Adobe Acrobat Reader Specifically for versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier. The vulnerability involves a Use After Free vulnerability that can lead to arbitrary code execution when a user opens a specially crafted malicious file. In...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23.0 and earlier. The vulnerabilities are in the way Adobe Experience Manager handles security measures. Attackers with limited privileges, can exploit these vulnerabilities to perform unauthorized reads and writes, which ca...
Vulnerability fixed in Adobe Dreamweaver
Adobe has fixed a vulnerability in Dreamweaver Desktop Specifically for versions 21.5 and earlier. The vulnerability is in the way Dreamweaver handles CSRF attacks. A malicious party can exploit this vulnerability by allowing a user to interact with a malicious link, which can lead to the executi...
Vulnerabilities fixed in Citrix NetScaler ADC and Gateway
Citrix has fixed vulnerabilities in the NetScaler ADC and Gateway The vulnerabilities are related to memory overflow and improper access control configurations. Malicious parties can exploit the vulnerabilities to cause a Denial-of-Service and potentially execute arbitrary code on the vulnerable...
Vulnerabilities fixed in Commvault
Commvault has fixed vulnerabilities in Commvault components such as CommCell and ComServe versions prior to 11.36.60. The vulnerabilities are in versions of Commvault prior to 11.36.60. The first vulnerability allows unauthenticated attackers to execute API calls through a known login mechanism,...
Vulnerabilities fixed in Cisco Secure Firewall Software
Cisco has fixed multiple vulnerabilities in Cisco Secure Firewall Software including ASA and FTD. The vulnerabilities are in the way Cisco Secure Firewall handles key exchange IKEv2, with this it is possible for an unauthenticated attacker to perform a denial-of-service attack. The vulnerability...
Vulnerability fixed in WinRAR
Rarlab has fixed a vulnerability in WinRAR. The vulnerability is in the Windows version of WinRAR and involves a path traversal. This flaw allows attackers to execute arbitrary code using malicious archive files. This can lead to unauthorized access and control of affected systems. Public sources...
Vulnerabilities fixed in Apple macOS, iOS and iPadOS
Apple has fixed vulnerabilities in macOS, iOS and iPadOS. The vulnerabilities include several issues, such as insufficient input validation, memory corruption, and logic issues that can lead to unauthorized access to sensitive user data. These vulnerabilities can be exploited by malicious parties...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openi...
Vulnerabilities fixed in Trend Micro Apex One and Apex Central
Trend Micro has fixed vulnerabilities in Apex One and Apex Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Trend Micro has released updates to fix the vulnerabilities. See attached...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Adobe Commerce and Magento Open Source. The vulnerabilities are in the way Adobe Commerce handles security measures. Attackers with elevated privileges can exploit a stored Cross-Site Scripting XSS vulnerability by injecting malicious scripts into form fields,...
Vulnerabilities fixed in ABB ASPECT product line
ABB has fixed vulnerabilities in the ASPECT product line, including ASPECT-Enterprise, NEXUS Series and MATRIX Series up to version 3.08.03. The vulnerabilities include Remote Code Execution, SQL injection, servlet injection, and various forms of file access and manipulation. These vulnerabilitie...
Vulnerability fixed in Ivanti Neurons for ITSM
Ivanti has fixed a vulnerability in Ivanti Neurons On-prem for ITSM Versions for 2023.4, 2024.2, and 2024.3 The vulnerability involves a critical authentication bypass that allows remote, unauthenticated attackers to gain administrative access. This could lead to unauthorized actions within the...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Circumvention of a security measure - Execution of arbitrary code user privileges - Access to sensitive dat...
Vulnerabilities fixed in Siemens TeleControl Server
Siemens has fixed vulnerabilities in TeleControl Server Basic. The vulnerabilities are in how the TeleControl Server Basic allows SQL injection through various methods, such as 'CreateTrace,' 'VerifyUser,' 'Authenticate,' and many others. These vulnerabilities allow unauthenticated and...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specifically for versions prior to 2024 SU1 and 2022 SU7. An attacker can exploit multiple vulnerabilities in Ivanti Endpoint Manager to elevate privileges, conduct cross-site scripting attacks, execute arbitrary code, manipulate data an...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerabilities are in the way ColdFusion handles input validation, authentication, access and deserialization of untrusted data. Malicious parties can exploit these vulnerabilities t...
Vulnerability fixed in Apache Tomcat
Apache has fixed a vulnerability in Apache Tomcat Specifically for versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. The vulnerability is in the way the server handles HTTP PUT requests. By sending a malicious PUT request, an attacker can upload arbitrary files and...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openin...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft fixed vulnerabilities in Visual Studio and .NET A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and/or execute arbitrary code with developer privileges. Because developers tend to work under elevated privileges, it cannot be ruled out that...
Vulnerabilities fixed in IBM Cognos Controller
IBM has fixed vulnerabilities in IBM Cognos Controller Versions 11.0.0 to 11.0.1 FP3 and 11.1.0. The vulnerabilities allow a malicious person to perform attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Cross-Site-Scripting XSS. - Circumvention of a security...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with developer privileges. Successful exploitation requires the malicious party to trick the victim into opening...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed vulnerabilities in Adobe Connect Versions 12.6, 11.4.7 and earlier. The vulnerabilities include both stored and reflected Cross-Site Scripting XSS that allow attackers to insert and execute malicious scripts in users' browsers. This can lead to unauthorized actions in the context ...
Vulnerabilities fixed in Mitel MiCollab
Mitel has fixed vulnerabilities in Mitel MiCollab Specifically the Unified Messaging and Conferencing components. The vulnerabilities are in the way Mitel MiCollab components handle user input. An attacker can exploit these vulnerabilities to gain unauthorized access to user data and system...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products such as Jira, Bamboo and Confluence. The vulnerabilities are in several third-party components from developers such as Oracle, RedHat and the Apache consortium. These vulnerabilities can lead to memory exhaustion and denial-of-service DoS du...
Vulnerabilities fixed in SonicWall SMA100 SSLVPN
SonicWall has fixed vulnerabilities in the SMA100 SSLVPN Specifically for firmware versions 10.2.1.13-72sv and earlier. The vulnerabilities in the SonicWall SMA100 SSLVPN include a heap-based buffer overflow, a stack-based buffer overflow, and a problem with the certificate requirement during...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Circumvention of security measure Apple...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in MySQL. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to access and potentially manipulate sensitive data in the database. Oracle has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in Analytics products. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service - Manipulation of data - Execution of arbitrary code User Rights - Execution of arbitrary code...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Commerce and Magento. The vulnerabilities allow a malicious person to launch attacks that result in the following categories of damage: Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Remote code executi...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to launch attacks that result in the following categories of damage: - Denial-of-Service DoS - Remote code execution User rights - Access to system data Adobe has released updates to fix the...
Vulnerabilities fixed in Zabbix
Vulnerabilities have been fixed in Zabbix. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data, or potentially execute arbitrary code with application privileges. To execute arbitrary code, the malicious party needs prior elevated...
Vulnerabilities fixed in Siemens Omnivise
Siemens Energy has fixed vulnerabilities in Omnivise T3000. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges on the vulnerable system and thus execute arbitrary code, possibly with system privileges. For successful abuse, the malicious party must be...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remo...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including Business Objects, HANA, CRM and NetWeaver. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Bypassing authentication - Cross-Site...
Vulnerabilities fixed in Schneider Electric Sage RTU systems
Schneider Electric has fixed vulnerabilities in Sage RTU devices. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Bypassing authentication - Circumvention of security...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's browser, potentially gaining access to sensitive data in the context of the victim's browser. Google says it has received reports of limited and targeted abuse o...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Excel and Sharepoint. A malicious party can exploit the vulnerabilities to execute arbitrary code execute with the victim's privileges, or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products including. Parasolid, Ruggedcom, SIMATIC, SICAM and Tecnomatix. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to bypass security measures to gain access to sensitive data or, under specific circumstances, to take over an account ta...
Vulnerability fixed in MongoDB Compass
MongoDB developers have fixed a vulnerability in MongoDB Compass. A malicious party could exploit the vulnerability to use a Man-in-the-Middle attack to gain access to sensitive data, or impersonate another user. MongoDB has released updates to fix the vulnerability in Compass 1.42.1. For more...
Vulnerabilities Fixed in Lexmark Multifunctionals
Lexmark has fixed vulnerabilities in the firmware of several types of multifunction devices. A malicious person could exploit them to bypass a security measure and thus provide the vulnerable system with outdated, or potentially rogue, firmware, or to execute arbitrary code on the system. Lexmark...
Vulnerabilities fixed in Aruba Networks Clearpass Policy Manager
Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. A malicious party could exploit the vulnerabilities to execute digital attacks that can result in the following categories of damage: Remote code execution User rights; Remote code execution Administrator/Root rights; Cross-Sit...
Vulnerabilities fixed in QNAP QTS and QTS Hero
QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to bypass security measures, grant himself elevated privileges granted and execute code with administrator privileges and gain access to sensitive data on the vulnerable system. Successful misuse...
Vulnerabilities fixed in Jenkins
Several vulnerabilities have been fixed in Jenkins core and modules. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Circumvention of security...
Vulnerabilities fixed in Oracle Database products
Oracle has fixed vulnerabilities in several Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system da...