4190 matches found
Vulnerabilities fixed in Microsoft Developer tools
Microsoft has fixed vulnerabilities in .NET and PowerShell. A malicious party could exploit the vulnerabilities to cause a denial-of-service or grant themselves elevated privileges within an application using the vulnerable .NET. .NET: |----------------|------|------------------------------------...
Vulnerabilities fixed in Cisco Secure Firewall systems
Cisco has fixed several vulnerabilities in Cisco Secure Firewall including ASA and FTD software. The vulnerabilities include SQL injection, privilege escalation, denial-of-service, cross-site scripting, and improper management of entries in various Cisco Secure Firewall components. Authenticated...
Vulnerabilities fixed in Fortinet FortiSandbox, FortiAuthenticator and FortiClient
Fortinet has fixed vulnerabilities in FortiSandbox versions 4.4.8 and 5.0.5, FortiAuthenticator versions 6.3 to 6.6.6 and FortiClient versions 7.0, 7.2 and 7.4. The vulnerability in FortiSandbox involves Cross-site Scripting, which allows unauthenticated attackers to execute arbitrary commands vi...
Vulnerabilities fixed in n8n
n8n has fixed vulnerabilities in versions 1.114.3, 1.115.0, 1.123.17, 2.5.2, 1.122.5, 1.123.2, 1.123.18, 2.5.0, 1.123.10, 2.5.0, 2.2.1, 1.123.9, 1.123.12, 2.4.0, 1.118.0, 2.4.0, 2.4.8, and 1.120.3. The vulnerabilities include the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow, which can lea...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in Oracle E-Business Suite. The vulnerabilities are in several components of Oracle E-Business Suite, including Scripting, Workflow, Applications DBA and Configurator. These vulnerabilities can be exploited by unauthenticated or highly privileged attackers, leadin...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Specifically for versions 29.8.3, 30.0 and earlier. The vulnerabilities are in the way Adobe Illustrator handles specially crafted files. The first vulnerability involves an Unreliable Search Path issue that can lead to arbitrary code execution...
Vulnerability in Cisco AsyncOS
Cisco has a vulnerability in Cisco AsyncOS. The vulnerability is in devices using Cisco AsyncOS software in conjunction with Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Exploitation requires the service to be accessible from the Internet and the Spam Quarantine feature to b...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3 and macOS Tahoe 26.2. The vulnerabilities covered a wide range of issues, including memory corruption, logging problems, and unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicio...
Vulnerability fixed in GeoServer
OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange. An authenticated malicious party can exploit the vulnerabilities to impersonate another user or grant themselves elevated privileges, potentially gaining access to sensitive data that the malicious party is not initially authorized to access...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and potentially gain access to sensitive data. Successful exploitation requires the malicious...
Vulnerabilities fixed in Cisco Unified Contact Center Express
Cisco has fixed vulnerabilities in Cisco Unified Contact Center Express CCX. The vulnerabilities are in the Java RMI process and the Contact Center Express Editor of Cisco Unified CCX. Unauthenticated attackers can exploit these vulnerabilities to upload files, execute commands with root privileg...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server. An authenticated malicious party can exploit the vulnerability to use specially prepared SQL statements SQL Injection to grant themselves elevated privileges and thus gain access to sensitive information that the malicious party is not initially...
Vulnerabilities fixed in Rockwell Automation COMMS
Rockwell Automation has fixed vulnerabilities in COMMS NATR systems. The vulnerabilities include multiple broken authentication issues that pose serious risks, including denial-of-service attacks, possible takeovers of admin accounts and improper changes to NAT rules. In addition, there is a Stor...
Vulnerabilities fixed in BIND 9
ISC has fixed vulnerabilities in BIND 9 Specifically for versions 9.16.0 to 9.16.50, 9.18.0 to 9.18.39, 9.20.0 to 9.20.13, and 9.21.0 to 9.21.12. The vulnerabilities are located in BIND 9's DNS resolvers. The first vulnerability allows attackers to inject forged DNS records into the cache, which...
Vulnerabilities fixed in Oracle Java
Oracle has fixed vulnerabilities in Oracle Java SE and Oracle GraalVM Specifically for versions 21.0.8 and 25 of Oracle Java SE, and version 21.3.15 of Oracle GraalVM Enterprise Edition. The vulnerabilities allow unauthenticated attackers with network access to compromise systems, which can lead ...
Vulnerabilities fixed in Oracle Commerce
Oracle has fixed vulnerabilities in several subcomponents of Oracle Commerce products, including Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated...
Vulnerabilities fixed in Juniper Networks Junos Space
Juniper has fixed vulnerabilities in Junos Space Specifically for all versions prior to 24.1R4. The vulnerabilities are in the way Juniper Networks Junos Space processes user input. Attackers can inject malicious scripts into various pages, such as the Device Template Definition, Global Search, a...
Vulnerability fixed in Oracle E-Business Suite
Oracle has fixed a vulnerability in the Oracle Configurator component of Oracle E-Business Suite Specific to versions 12.2.3 through 12.2.14. The vulnerability is located in the Oracle Configurator component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE versions 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2. The vulnerabilities included an issue where specially constructed GraphQL queries could make large repository blobs unresponsive, and a flaw that allowed authenticated users with read-on...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Apogee, Industial Edge, RUGGEDCOM, SIMATIC, SIMOTION and SINAMICS. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulati...
Vulnerability fixed in CrushFTP
CrushFTP has fixed a vulnerability in versions 10 through 10.8.5 and 11 through 11.3.423. The vulnerability is located in CrushFTP's AS2 validation. This vulnerability allows an attacker to gain administrative access via HTTPS, especially when the DMZ proxy feature is not used. The vulnerability...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.8, 29.6.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...
Vulnerability fixed in FortiWeb
Fortinet has fixed a vulnerability in FortiWeb. The vulnerability allows unauthenticated attackers to execute unauthorized SQL commands by sending specially crafted HTTP requests. This could compromise the integrity and confidentiality of data managed by FortiWeb. For successful misuse, the...
Vulnerabilities fixed in Schneider Electric EcoStruxture IT Datacenter Expert
Schneider Electric has fixed vulnerabilities in EcoStruxture IT Datacenter Expert. The vulnerabilities include insufficient control over special elements in OS commands, which can result in unauthenticated external code execution. In addition, there is an issue with insufficient entropy in passwo...
Vulnerabilities fixed in Adobe Commerce
Adobe has fixed vulnerabilities in Adobe Commerce Versions 2.4.8 and earlier. The vulnerabilities are in Adobe Commerce's security mechanisms, allowing both high- and low-privileged attackers to bypass security measures. This can lead to unauthorized access to sensitive information and execution ...
Vulnerabilities fixed in Ivanti Workspace Control
Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person could exploit the vulnerabilities to execute arbitrary code with victim privileges. Since it cannot be ruled out that developers work with elevated privileges, it is plausible that execution of arbitrary code could...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code in the victim's context, potentially gaining access to sensitive data in the victim's context. Successful exploitation...
Vulnerability fixed in IBM Tivoli Monitoring
IBM has fixed a vulnerability in IBM Tivoli Monitoring version 6.3.0.7 through Service Pack 19. The vulnerability is in the improper validation of an index within a dynamically allocated array. This issue could allow a malicious person to execute arbitrary code on affected systems. IBM has releas...
Vulnerabilities fixed in Infoblox NETMRI
Infoblox has fixed vulnerabilities in NETMRI Specific for versions prior to 7.6.1. The vulnerabilities include a critical vulnerability that allows remote authenticated users to access arbitrary files with root privileges, an unauthenticated remote command injection vulnerability that allows...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools versions 8.60, 8.61 and 8.62, Talent Acquisition Manager version 9.2 and Enterprise CC Common Application Objects version 9.2. The vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools, Talent Acquisition Manag...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.2. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated malicious actors to access the system via HTTP, which can lead to unauthorized access to and manipulation of...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in Oracle Analytics. The vulnerabilities allow unauthenticated malicious actors to gain access to sensitive data, attack denial-of-service, and even gain complete control of systems. Specific vulnerabilities in Oracle Business Intelligence Enterprise Edition can...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed multiple vulnerabilities in several products, including the Utilities Application Framework, WebLogic Server, and Fusion Middleware. The vulnerabilities allow unauthenticated malicious actors to gain access to critical data, cause denial-of-service DoS, and in some cases even gai...
Vulnerabilities fixed in Oracle Financial Services
Oracle fixed vulnerabilities in several Financial Services products The vulnerabilities allow unauthenticated malicious parties to access critical data via HTTP, which can lead to unauthorized data access and other security risks. Malicious parties can also exploit misconfigurations and...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for versions 12.2.3 to 12.2.14. The vulnerabilities are in several components of the Oracle E-Business Suite, including the Enterprise Command Center Framework, CRM Technical Foundation, iSupplier Portal, iStore, User...
Vulnerability fixed in Gladinet CentreStack
Gladinet has fixed a vulnerability in CentreStack Versions up to 16.1.10296.56315. The vulnerability is in the way hard-coded machineKeys and cryptographic keys are used, resulting in a serious deserialization vulnerability. The vulnerability allows a malicious party to generate rogue ViewState...
Vulnerability fixed in FortiSwitch
Fortinet has fixed a vulnerability in the FortiSwitch GUI. The vulnerability with reference CVE-2024-48887, is located in the FortiSwitch GUI, which allows a remote, unauthenticated malicious person to change admin passwords via specially crafted requests. This security issue can lead to...
Vulnerability fixed in CrushFTP
CrushFTP has fixed a vulnerability in versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. The vulnerability allows a malicious party to gain unauthenticated remote access via HTTP requests, which can lead to unauthorized access. Systems using CrushFTP's DMZ Proxy instance are not vulnerable...
Vulnerabilities fixed in Kubernetes Ingress NGINX Controller
Kubernetes has fixed a number of vulnerabilities in the Ingress NGINX Controller. These vulnerabilities allow malicious actors to perform unauthenticated remote code execution RCE. The vulnerabilities are located in the ingress-nginx controller. These vulnerabilities include a critical remote cod...
Vulnerability fixed in Next.js
Vercel has fixed a vulnerability in Next.js Specific to versions 14.2.25 and 15.2.3 Next.js is a popular framework for developing Web applications. The vulnerability is in the way Next.js handles authentication checks in its own middleware. This allows malicious actors to bypass these controls,...
Vulnerability fixed in Veeam Backup & Replication
Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...
Fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb.
Fortinet has fixed a vulnerability in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb. The vulnerability is in how certain Fortinet products handle HTTP and HTTPS requests. A malicious party with certain privileges can send specially crafted requests that lead to the execution of unauthorize...
Vulnerabilities fixed in Mattermost
Mattermost fixed vulnerabilities in versions 10.4.x, 9.11.x, 10.3.x, 10.2.x and 10.1.x. The vulnerabilities include failure to invalidate active sessions when converting to a bot, incorrect input validation during board patching and duplication, SQL injection attacks due to lack of prepared...
Vulnerability fixed in XWiki
XWiki has fixed a vulnerability in the system. The vulnerability is in the way XWiki handles the SolrSearch request. This allows a guest to execute arbitrary external code, compromising the confidentiality, integrity and availability of the system. The documentation provides specific steps for...
Vulnerabilities fixed in Palo Alto Networks PAN OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an authentication bypass that allows unauthenticated malicious actors to invoke specific PHP scripts through the management Web interface, an unauthenticated file deletion that allows malicious actors to delete...
Vulnerability fixed in Fortinet FortiOS
Fortinet has fixed a vulnerability in FortiOS Specifically for versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. The vulnerability is in the way FortiOS handles UDP packets. A malicious party, if stack protection is bypassed and the fabric service is active on the exposed interface, can execute arbitra...