4190 matches found
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange Server. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code under permissions from the process of Exchange Server itself. As a rule, Exchange Server runs with restricted privileges. Microsoft Exchange Server:...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...
Vulnerabilities fixed in SolarWinds Database Performance Analyzer
SolarWinds has fixed vulnerabilities in Database Performance Analyzer DPA. An authenticated malicious party can exploit the exploit the vulnerabilities to gain access to sensitive data or perform a cross-site scripting attack. SolarWinds has released updates to address the vulnerabilities fixes i...
Vulnerability fixed in JFrog Artifactory
A vulnerability has been fixed in JFrog Artifactory. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication to gain elevated user privileges. To do so, the malicious party must send a specially prepared request to the Artifactory instance. JFrog has...
Vulnerability discovered in pfSense pfBlockerNG
Researchers have discovered a vulnerability in the pfBlockerNG package of pfSense. A malicious person could exploit it to execute arbitrary OS commands on the vulnerable system, when the malicious party has access to the web console of pfSense. It is good practice not to have such a console...
Vulnerabilities fixed in Zimbra Collaboration
Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party could exploit the vulnerabilities to use a Cross-site scripting attack to gain access to sensitive data, or to execute arbitrary code on the system. To execute arbitrary code, the malicious party needs prior authenticatio...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in MQ Internet Pass-Thru. The vulnerability allows a local malicious party to potentially see sensitive information in trace files of the application when this feature is enabled. IBM has released updates to fix the vulnerabilities in MQ. For more information, see:...
Vulnerabilities fixed in IBM Db2
IBM has released updates to fix vulnerabilities in DB2. With the exception of CVE-2022-22390, the vulnerabilities are located in the log4j component of the application. For more information about the log4j vulnerabilities, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2021-1052 The...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A malicious party could exploit the vulnerabilities to grant themselves elevated user privileges and/or gain access to sensitive data. To exploit the vulnerabilities, the malicious party needs prior privileges to execute arbitrary code with...
Vulnerabilities fixed in GitLab enterPrise Edition and Community Edition
GitLab has fixed several vulnerabilities in GitLab Enterprise Edition and Community Edition. An authenticated malicious person can exploit the vulnerabilities for attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a local malicious person to perform attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges The tables below provide an...
Vulnerabilities fixed in Aruba ArubaOS and InstantOS
Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS, which are used in various access points from Aruba Networks. A malicious party can exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. To cause a...
Vulnerabilities fixed in Nessus Agent
Tenable has fixed two vulnerabilities in Nessus Agent. A authenticated malicious person with the ability and knowledge to create custom audit files could exploit the vulnerabilities to execute code with administrator privileges, or to access gain access to arbitrary system files of the underlying...
Vulnerability fixed in Atlassian Bitbucket
Atlassian has fixed a vulnerability in Bitbucket Server and Data Center. A malicious party could exploit the vulnerability to execute arbitrary code via API calls with permissions from the application. To exploit, the malicious party only needs access to a public repository, or if it is a private...
Vulnerability fixed in VMWare Tools
VMWare has fixed a vulnerability in VMWare Tools. A malicious person with user privileges in a virtual machine VM can exploit the vulnerability to grant himself elevated privileges and execute code with local administrator privileges in the vulnerable virtual machine. As far as is known, the...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges For ma...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Remote code execution Administrator/Ro...
Vulnerabilities fixed in Oracle JD Edwards products
Oracle has fixed vulnerabilities in the following JD Edwards products: EnterpriseOne Orchestrator EnterpriseOne Tools A malicious party can exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in the following E-Business Suite applications: - Oracle Workflow - Oracle E-Business Suite Information Discovery - Oracle iReceivables - Oracle iRecruitment - Oracle Applications Framework - Oracle User Management The vulnerabilities potentially enable a maliciou...
Vulnerabilities fixed in Microsoft Azure Site Recovery and Azure Storage Library
Vulnerabilities have been fixed in Azure Storage Library and Azure Site Recovery. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Red Hat Satellite
Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User Rights Access to...
Vulnerability fixed in Adobe RoboHelp Server
Adobe has fixed a vulnerability in RoboHelp Server. A malicious party, with prior authentication and user authorization, could potentially exploit the vulnerability to grant themselves elevated privileges. The malicious party can through manipulation of API requests, perform actions that are...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure components. A malicious party could exploit the vulnerabilities to obtain elevated privileges, or to gain access to sensitive data in the context of the victim. Microsoft states for several of the vulnerabilities listed below to be in possession ...
Vulnerability fixed in SonicWall SMA100 series
A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code under root privileges or cause a denial-of-service attack. To exploit the vulnerability the malicious party must have access to the...
Vulnerability found in Mitel MiVoice Connect
A vulnerability has been found in the Service Appliance component of MiVoice Connect. This vulnerability allows a remote malicious remote user to execute arbitrary code with the permissions with which the Service Appliance component is running. Mitel has made mitigating measures available to fix...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in the following Hyperion products: Hyperion BI+ Hyperion Data Relationship Management Hyperion Financial Management Hyperion Infrastructure Technology Hyperion Planning Hyperion Profitability and Cost Management Hyperion Calculation Manager Hyperion Tax Provision...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise FIN Cash Management PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise PRTL Interaction Hub PeopleSoft Enterprise CS Academic Advisement The vulnerabilities potentially enable a malicious person to execute...
Vulnerability fixed in Zoho ManageEngine ADSelfService Plus
Zoho has fixed a vulnerability in ManageEngine ADSelfService Plus. An authenticated malicious person could potentially potentially exploit it to execute arbitrary code. The vulnerability is located in the password reset functionality. Systems are vulnerable only when custom scripts are enabled fo...
Vulnerabilities fixed in Citrix products
Citrix has fixed several vulnerabilities in Citrix SD-WAN, Storefront, Endpoint Management and Gateway Plug-in. The vulnerabilities allow a remote malicious party to cause a Denial-of-Service DoS attack. The vulnerabilities with characteristics CVE-2022-27505 and CVE-2022-27506 are located in...
Vulnerability fixed in Apache Struts
A vulnerability has been fixed in Apache Struts. This vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code under privileges of the Struts application. OGNL evaluation must be enabled to exploit the vulnerability to be exploited. This vulnerability is an...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. Abuse of the vulnerabilities potentially enable a malicious party to be able to obtain elevated privileges or cause a denial-of-service cause. The tables below list the vulnerabilities fixed by Microsoft with the corresponding CVSSv3...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Access to sensitive data Access to system dat...
Vulnerabilities fixed in Tomcat for Ubuntu
Vulnerabilities have been fixed in Tomcat. The vulnerabilities potentially allow a malicious party to cause a denial-of-service cause, access sensitive data or execute code execute code with privileges from the vulnerable application. These vulnerabilities have already been described in several...
0day vulnerability discovered in Spring Core Framework
A vulnerability has been discovered in Spring Core Framework. Spring Core Framework is a set of Java libraries that can be used to develop applications in a structured way to develop applications that can can then run either standalone or in Web application environments such as Tomcat. A maliciou...
Vulnerabilities fixed in mariadb
Vulnerabilities have been fixed in mariadb 10.2.43. Due to an error in the handling and validation of database queries, a local attacker is able to crash the application or increase the user privileges to service account privileges. -= SUSE =- SUSE has made updates available to address the...
Vulnerabilities fixed in Icinga Web 2
Several vulnerabilities have been fixed in Icinga Web 2. The vulnerability with the attribute CVE-2022-24716 allows an unauthenticated malicious party to use a path-traversal to obtain to obtain files that may contain database credentials. The vulnerabilities with attributes CVE-2022-24714 and...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Exchange Server. A malicious party could potentially exploit the vulnerabilities to access gain access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. Exploitation of both vulnerabilities requires...
Vulnerabilities fixed in IBM Spectrum Control
IBM has fixed vulnerabilities in several components of IBM Spectrum Control. These include vulnerabilities in third-party software parties such as Apache Log4j, Dojo, Java SE, Gson and Websphere Liberty. A malicious party could exploit the vulnerabilities to cause damage cause damage in the...
Vulnerabilities fixed in Intel Wi-Fi chipset firmware
Intel has fixed several vulnerabilities in various Intel PROSet/Wireless Wi-Fi and Intel Active Management Technology AMT Wireless chipsets. The vulnerabilities allow a local malicious party to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Access to...
Vulnerability fixed in Adobe Magento
Adobe has fixed a vulnerability in Magento. A malicious party could potentially exploit the vulnerability to execute arbitrary code without authentication to execute arbitrary code under the privileges of the application. Adobe indicates that targeted exploits have been observed on Adobe Commerce...
Vulnerability fixed in Fortinet FortiMail
A vulnerability has been fixed in FortiMail. The vulnerability allows an unauthenticated remote malicious party to launch a Cross-Site Scripting attack by sending specially prepared HTTP GET requests to the FortiGuard URI protection service. Fortinet has released updates to fix the vulnerability...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in the following products: Enterprise Manager Base Platform Application Testing Suite APM - Application Performance Management Enterprise Manager Ops Center The vulnerabilities potentially enable a malicious party to execute attacks that result in the following...
Vulnerabilities fixed in JBoss Enterprise Application Platform
Red Hat has fixed vulnerabilities in JBoss Enterprise Application Platform. A remote malicious person could vulnerabilities potentially exploit them to cause a denial-of-service or to gain access to sensitive data. Red Hat has released updates to fix the vulnerabilities in JBoss Enterprise...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code...
Vulnerabilities remedied in Dell PowerEdge VRTX and X-Series firmware
Dell has fixed vulnerabilities in VRTX switch module firmware. By exploiting these vulnerabilities, an unauthenticated malicious person remotely retrieve another user's login credentials retrieve another user's login credentials and thereby gain elevated privileges. It is also it is possible to...
Vulnerabilities fixed in Microsoft Azure products
Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities allow a malicious party to gain elevated permissions and to obtain sensitive data. Azure RTOS: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Apple macOS
Apple has fixed a large number of vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed three vulnerabilities in Adobe Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must tric...
Vulnerabilities fixed in Oracle Java SE and GraalVM
Oracle has fixed vulnerabilities in Java SE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Circumvention of security measure. Denial-of-Service DoS. Remote code execution User Rights Acces...
Vulnerabilities fixed in Trend Micro Apex One
Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service or execute arbitrary code with SYSTEM privileges. Trend Micro has released updates to address the vulnerabilities fixes in Apex One. For more...