4190 matches found
Vulnerabilities fixed in Microsoft Edge
Microsoft has made updates available to fix vulnerabilities fixes in Microsoft Edge. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...
Vulnerabilities fixed in Google Android
Google has fixed vulnerabilities in Android. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges Few technical...
Vulnerabilities fixed in Samsung Mobile
Vulnerabilities have been fixed in Android as used by Samsung Mobile products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access t...
Vulnerability discovered in Microsoft Windows
Researchers have discovered a vulnerability in Microsoft Windows 10 build 1809 and later. A local, authenticated malicious person could exploit the vulnerability to read the local SAM database and execute arbitrary code with SYSTEM privileges. -= Microsoft =- Microsoft has not yet made updates...
Vulnerabilities fixed in Siemens SIMATIC
Siemens has fixed vulnerabilities in Simatic products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...
Vulnerability fixed in Veeam Backup & Replication
A vulnerability has been fixed in Veeam Backup & Replication. The vulnerability potentially allows a malicious party to execute arbitrary code to execute arbitrary code because the Veeam application was vulnerable to a flaw in the deseralization logic of .NET remoting. Veeam's developers have mad...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution User Rights Spoofing Increased user rights Jenkins...
Vulnerabilities fixed in AVEVA System Platform
AVEVA has fixed vulnerabilities in System Platform. The vulnerabilities allow a remote malicious person to gain gain unauthenticated access to the system and to cause a denial-of-service. AVEVA has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Vulnerabilities have been fixed in Aruba ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Red Hat JBoss Web Server
Vulnerabilities have been fixed in Red Hat JBoss Web Server. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive data obtain. Red Hat has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in IBM DB2
Vulnerabilities have been fixed in IBM DB2. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data IBM has released updates to fix the vulnerabilities. More...
Vulnerabilities fixed in Red Hat Openshift Container Platform
Red Hat has released updates to a large number of packages for its OpenShift Container Platform. The packages include several applications for which security advisories have previously been written, but for which Red Hat is now releasing a bundle for OpenShift 4.7.13 Malicious parties can exploit...
Vulnerabilities fixed in Joomla!
Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Access to system data Joomla! has released updates to fix the vulnerabilities. More...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Increased user privileges .NET Core & Visual Studio:...
Vulnerability fixed in Citrix ShareFile
A vulnerability has been fixed in the storage zones controller of Citrix ShareFile. The vulnerability allows an unauthenticated remote malicious party to obtain a sensitive data obtain. It is good practice to place these storage zone controllers in the in-house network with DMZ tooling to protect...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in SUSE Linux Enterprise kernel
SUSE developers have fixed several vulnerabilities in the Linux kernel as used in SUSE Linux Enterprise. The vulnerabilities potentially enable a local malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...
Vulnerabilities fixed in Joomla
Several vulnerabilities have been fixed in Joomla. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure The vulnerability with...
Multiple vulnerabilities fixed in F5 BIG-IP products
F5 has fixed several vulnerabilities in BIG-IP. Malicious parties can exploit the vulnerabilities to cause a denial-of-service or perform cross-site scripting attacks. Authenticated malicious actors can exploit some of the vulnerabilities exploit them to bypass security measures and gain access...
Vulnerabilities fixed in Jackson databind
A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. These vulnerabilities are only in the 2.9 versions of Jackson databind. If you are using version 2.10 or higher mitigation measures are already included in the software. Faster:XML h...
Vulnerabilities fixed in F5 BIG-IP
Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data F5 has released updates...
Vulnerabilities fixed in Android 11
Vulnerabilities have been fixed in Android 11. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication. Remote code execution User Rights Accessing sensitive data Access to...
Vulnerabilities fixed in WordPress
WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...
Vulnerabilities fixed in Juniper Networks Junos OS
Juniper Networks has fixed vulnerabilities in Junos OS. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to cause a denial-of-service. Juniper Networks categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 7.5. Juniper Networ...
Vulnerability fixed in Spring Framework
There is a vulnerability in the Spring Framework that enables a Reflected File Download RFD attack. This vulnerability has already been patched NCSC-2015-0888, but researchers have found a way to bypass the mitigation. Pivotal has released new versions of the Spring Framework in which the...
Vulnerabilities fixed in Jira
Vulnerabilities have been fixed in Jira Server and Data Center. The vulnerabilities allow a malicious party to obtain sensitive data and to launch a denial-of-service attack. execute. Atlassian has released updates to address the vulnerabilities. fixes. More information can be found on the pages...
Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel
Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. A malicious party could potentially exploit them to cause a denial-of-service or to obtain elevated privileges on the vulnerable system. -= Oracle =- Oracle has made updates available for Oracle Linux 6. You can instal...
Vulnerabilities fixed in Android
Google has fixed several vulnerabilities in the Android operating system. The vulnerabilities allow a malicious person to able to perform attacks that can lead to the following types of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Google has...
Multiple vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party could potentially exploit the vulnerabilities for attacks that could lead to the following types of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple =- Apple has made...
Multiple vulnerabilities fixed in Oracle Java
Oracle has fixed multiple vulnerabilities in Oracle Java. By these vulnerabilities, a malicious person can, if rogue data by a java application are deserialized arbitrary code can execute arbitrary code, gain access to sensitive data or cause a Denial-of-Service cause. Oracle has made updates...
Vulnerabilities are addressed through Rancher Labs in Rancher.
Rancher Labs has identified vulnerabilities in Rancher versions 2.13.0 through 2.13.7, and 2.14.0 through 2.14.3. The first vulnerability relates to SAML authentication replay issues in the Assertion Consumer Service ACS handler in Rancher versions 2.14.0 onwards, but not including 2.14.3. The AC...
Vulnerabilities found in Apple iOS and iPadOS
Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...
Vulnerabilities handled in the MISP platform
MISP has addressed several vulnerabilities in its platform. These vulnerabilities involve unauthorized users being able to manipulate client-provided primary and foreign keys, leading to unauthorized data overwrites, ownership transfers, and changes to record scopes. Additionally, there were...
Vulnerability avoidance in the Linux kernel cryptographic subsystem
The Linux kernel has a vulnerability in the algifaead crypto module of the cryptographic subsystem. This vulnerability resides in the algifaead crypto module of the Linux kernel, where a mistake occurred during the in-place operation when the source and destination mappings differed. This allows ...
vulnerabilities in Oracle PeopleSoft
Oracle has identified vulnerabilities in Oracle PeopleSoft. These vulnerabilities enable unauthorized attackers to gain access to sensitive data and modify it. In some cases, these vulnerabilities can even lead to a denial-of-service attack on the affected products. Oracle has released updates to...
The vulnerability exploited in Microsoft’s ASP.NET Core framework
Microsoft has identified a vulnerability in ASP.NET Core. This vulnerability arises due to incorrect verification of cryptographic signatures within ASP.NET Core. As a result, an unauthorized attacker can elevate their privileges by circumventing security checks and gaining unauthorized access wi...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit these vulnerabilities by having multiple Azure and Microsoft components fail to validate input adequately or process untrusted data insecurely, allowing an authorized attacker to increase privileges...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass security measures, impersonate another user and thus gain elevated privileges and access to sensitive data. For successful abuse, the malicious party must trick the victim...
Vulnerabilities fixed in Microsoft Developer tools
Microsoft has fixed vulnerabilities in .NET, .NET Framework, Visual Studio and PowerShell. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Accessing sensitive data - Circumvention of a security...
Vulnerabilities fixed in Cisco Secure Firewall Management Center
The vulnerability with reference CVE-2026-20079 is located in the web interface of Cisco Secure Firewall Management Center. An unauthenticated remote malicious party can bypass authentication controls by exploiting an incorrect system process created at startup. The malicious party can exploit th...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple fixed vulnerabilities in iOS 15 & 16 and iPadOS 15 & 16 The vulnerabilities are in the way memory is managed in various Apple products. An attacker could exploit these vulnerabilities by processing malicious Web content, which could lead to memory damage and possibly execute arbitrary code...
Vulnerability fixed in pac4j-jwt
Pac4j has fixed a vulnerability in the pac4j-jwt library specifically for versions before 4.5.9, 5.7.9 and 6.3.3. The vulnerability is located in the JwtAuthenticator module of the pac4j-jwt library. This vulnerability allows an attacker with access to the server's RSA public key to forge JWT...
Vulnerabilities fixed in GitLab
GitLab fixed vulnerabilities in versions 18.9.2, 18.8.6 and 18.7.6 The vulnerabilities included several issues, including incorrect authorization checks that allowed authenticated users to access sensitive data, such as metadata from private repositories, and enabling denial-of-service situations...
Vulnerabilities fixed in Fortinet FortiWeb
Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...
Vulnerabilities fixed in Fortinet FortiManager and FortiAnalyzer
Fortinet has fixed vulnerabilities in FortiAnalyzer and FortiManager including cloud variants. The vulnerability with reference CVE-2025-54820 is in FortiManager. This vulnerability allows a remote unauthenticated malicious person to execute unauthorized commands via a stack-based buffer overflow...
Vulnerabilities fixed in Microsoft Developer tools
Microsoft has fixed vulnerabilities in .NET and PowerShell. A malicious party could exploit the vulnerabilities to cause a denial-of-service or grant themselves elevated privileges within an application using the vulnerable .NET. .NET: |----------------|------|------------------------------------...
Vulnerabilities fixed in Cisco Secure Firewall systems
Cisco has fixed several vulnerabilities in Cisco Secure Firewall including ASA and FTD software. The vulnerabilities include SQL injection, privilege escalation, denial-of-service, cross-site scripting, and improper management of entries in various Cisco Secure Firewall components. Authenticated...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Google Chrome for versions prior to 145.0.7632.75. The vulnerability is in the way Google Chrome handles CSS and involves a use-after-free issue. This can lead to remote code execution via specially crafted HTML pages. Both Google Chrome and Microsoft Edge base...
Vulnerabilities fixed in Fortinet FortiSandbox, FortiAuthenticator and FortiClient
Fortinet has fixed vulnerabilities in FortiSandbox versions 4.4.8 and 5.0.5, FortiAuthenticator versions 6.3 to 6.6.6 and FortiClient versions 7.0, 7.2 and 7.4. The vulnerability in FortiSandbox involves Cross-site Scripting, which allows unauthenticated attackers to execute arbitrary commands vi...
Vulnerabilities fixed in n8n
n8n has fixed vulnerabilities in versions 1.114.3, 1.115.0, 1.123.17, 2.5.2, 1.122.5, 1.123.2, 1.123.18, 2.5.0, 1.123.10, 2.5.0, 2.2.1, 1.123.9, 1.123.12, 2.4.0, 1.118.0, 2.4.0, 2.4.8, and 1.120.3. The vulnerabilities include the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow, which can lea...