4192 matches found
Vulnerabilities fixed in Solarwinds Web Helpdesk
Solarwinds fixed vulnerabilities in Web Helpdesk A malicious party can exploit the vulnerabilities to execute code on the system using Java deserialization. A malicious party can also use hardcoded credentials to gain access to data and functionality. Solarwinds developers have released a hotfix ...
Vulnerabilities fixed in GitHub Enterprise Server
GitHub has fixed vulnerabilities in the Enterprise Server. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Also, under certain, unspecified conditions, a malicious party can use rogue SAML traffic to gain access to any account, including...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Commerce and Magento. A malicious person could exploit the vulnerabilities to bypass security measures, grant themselves elevated privileges and execute arbitrary code with application privileges. Adobe has made updates available to fix the vulnerabilities. See...
Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges and gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogu...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victi...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to impersonate another user, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data in the victim's context. Successful exploitation require...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in two Developer tools. Successful exploitation requires the malicious party to trick the victim into opening and processing a rogue file. Azure IoT SDK: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Azure components
Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges or impersonate another user. For successful abuse, the malicious party needs prior access to the vulnerable environment, or the malicious part...
Vulnerabilities fixed in Cisco Small Business IP Phones
Cisco has fixed vulnerabilities in the firmware of Small Business IP Phone systems. A malicious party could exploit the vulnerabilities to execute arbitrary code on the vulnerable system without prior authentication. For successful exploitation, the malicious party must have access to the...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to sensitive data. Access to system data Manipulation of data Oracle has made updates available to fix the...
Vulnerability fixed in GitLab CE/EE
GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...
Vulnerabilities fixed in Fortinet
Fortinet has fixed a number of vulnerabilities in FortiAIOps, Fortinet FortiPortal, FortiWeb and Fortinet FortiExtender. The most serious vulnerabilities are CVE-2024-23663, CVE-2024-27782 and CVE-2024-27784. Which are in Fortinet FortiExtender and FortiAIOps. Fortinet FortiExtender: Fortinet...
Vulnerability fixed in GeoServer
The developers of GeoServer have fixed a vulnerability. Proof-of-Concept PoC code for this vulnerability has appeared on the Internet. The vulnerability resides in the way XPath expressions are processed by the API and allows a malicious person to use specially prepared XPath expressions to execu...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...
Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder
Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe has released updates to fix the...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...
Vulnerabilities fixed in Veeam Backup Enterprise Manager
Veeam has fixed vulnerabilities in Backup Enterprise Manager. A malicious party could exploit the vulnerabilities to access user accounts active within Enterprise Manager without prior authentication to gain access to sensitive data within the context of the acquired account, and potentially...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate VPN traffic, or potentially execute code on the management interface. For successful execution of arbitrary code, the malicious party must have access to the...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Remote code execution Administrator/Root rights - Remote code execution User rights - Access to...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla fixed vulnerabilities in Firefox and Thunderbird A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution User rights Mozilla has released...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of security measure - Remote code execution User rights - Remote cod...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in several PeopleSoft products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution User Rights Access to sensitive data...
Vulnerability fixed in Adobe Media Encoder
Adobe has fixed a vulnerability in Media Encoder. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into opening a rogue media file. Adobe has...
Vulnerabilities fixed in Microsoft Azure products
Microsoft has fixed vulnerabilities in Azure and various applications within Azure. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including Netweaver, HANA, Fiori and Business Objects. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...
Vulnerability fixed in liblzma (XZ Utils)
Malicious code has been found in liblzma XZ Utils software. XZ Utils is used for compression of data and may be present in Linux distributions. The vulnerability has been labeled CVE-2024-3094 and has been found in versions 5.6.0 and 5.6.1 of XZ Utils. A malicious party can exploit the...
Vulnerabilities fixed in MISP
The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities allow a malicious person to to bypass security measures. The MISP community has released updates to fix the vulnerabilities fixes in MISP. For more information, see: https://github.com/MISP/MISP/commit...
Vulnerabilities fixed in Fortinet FortiManager, FortiAnalyzer and FortiClient-EMS
Vulnerabilities have been fixed in Fortinet FortiManager, FortiAnalyzer and FortiClient-EMS. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: SQL Injection; Manipulation of data; Remote code execution User Rights; Circumvention of...
Vulnerabilities fixed in Microsoft System Center
Microsoft has fixed vulnerabilities in two System Center components. A malicious party could exploit the vulnerabilities to bypass security measures, grant himself elevated privileges grant themselves elevated privileges or execute arbitrary code. Open Management Infrastructure:...
Vulnerabilities fixed in Nvidia GPU driver
Nvidia has fixed vulnerabilities in its driver for GPU chipsets and associated controller software. A local malicious party could exploit the vulnerabilities to cause a denial-of-service cause, or to grant themselves elevated privileges in order to execute arbitrary code with privileges from SYST...
Vulnerabilities fixed in ISC BIND
ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND 9.19.21, 9.18.24 S1, 9.16.48 S1 For more information, see: https://kb.isc.org/docs/cve-2023-4408...
Vulnerabilities fixed in Adobe Acrobat and Reader
Adobe has fixed vulnerabilities in Adobe Acrobat and Reader. A malicious party can exploit the vulnerabilities to cause a denial-of-service DoS, execute arbitrary code execute with the victim's privileges and to gain access to sensitive data in the victim's context. To exploit the exploit...
Vulnerabilities fixed in VMware Aria Operations Networks
VMWare has fixed vulnerabilities in Aria Operations Networks, formerly known as vRealize Network Insight. A malicious party could exploit the vulnerabilities to gain access to sensitive data, to elevate privileges or to launch a Cross-Site Scripting XSS attack. The vulnerability marked...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in Oracle Siebel CRM
Oracle has fixed vulnerabilities in Siebel CRM. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service. Oracle has made updates available to fix the vulnerabilities. fix. For more information, see: https://www.oracle.com/security-alerts/cpujan2024.html...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS, as used in FortiProxy and FortiPAM. An unauthenticated malicious person could exploit the vulnerability with reference CVE-2023-47536 to exploit a security measure to bypass and route traffic through the system that should not be allowed should be...
Vulnerability fixed in Apache Struts
Apache Foundation has fixed a vulnerability in Struts. A malicious person with rights to upload files can exploit the exploit the vulnerability to upload a rogue file to potentially potentially execute or cause to be executed arbitrary code within the application using Struts. Apache Foundation h...
Vulnerabilities fixed in QlikTech Qlik Sense Vulnerabilities fixed in QlikTech Qlik Sense
QlikTech has fixed vulnerabilities in Qlik Sense Enterprise. An unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code on the system where Qlik Sense is installed, potentially taking over that system. take over. Qlik Sense reports having received reports that...
Vulnerabilities fixed in Adobe Photoshop
Adobe has fixed vulnerabilities in Photoshop. A malicious person can exploit the vulnerabilities to execute arbitrary code with privileges of the victim and to gain access to sensitive data in the victim's context. Successful exploitation requires the malicious party to trick the victim into...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products including. SIMATIC, SINEC, SIPROTEC and RUGGEDCOM. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention o...
Vulnerabilities fixed in Ivanti Secure Access Client
Ivanti has fixed vulnerabilities in Secure Access Client formerly Pulse Secure Desktop Client. A local malicious person could exploit the vulnerabilities to grant himself elevated privileges granted and thus execute code with potentially system privileges and/or gain access to sensitive data...
Vulnerability fixed in Apache ActiveMQ
The Apache Foundation has fixed a vulnerability in ActiveMQ. A malicious party could exploit the vulnerability to execute arbitrary execute arbitrary code on the system where ActiveMQ is installed. Apache Foundation has released updates to fix the vulnerability fix in ActiveMQ 5.15.16, 5.16.7,...
Vulnerability fixed in Oracle JD Edwards
A vulnerability has been fixed in Oracle JD Edwards products. A malicious party could exploit the vulnerability to gain access gain access to sensitive data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerabilities fixed Node.js
Several vulnerabilities have been fixed in Node.js. A malicious party could potentially exploit the vulnerabilities remotely to cause a denial-of-service DoS, bypass of authentication and/or gaining access to sensitive data. The vulnerability with attribute CVE-2023-44487 is a Denial-of-Service D...
Vulnerabilities fixed in NetScaler ADC and NetScaler Gateway
Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to obtain sensitive information or cause a denial-of-service attack. Citrix has released updates to fix the vulnerabilities. For more information, see:...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. Although a total of 10 vulnerabilities have been fixed, Google has made some information of only 3 vulnerabilities made some information available. The listed vulnerabilities allow a malicious party to cause a denial-of-service, or to execute arbitrary...
Vulnerabilities fixed in Notepad++
Vulnerabilities have been fixed in Notepad++. A malicious person could exploit the vulnerabilities to gain access to memory locations to which the malicious party is not authorized, or potentially execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious...