4190 matches found
Vulnerabilities fixed in GitHub Enterprise Server
GitHub has fixed vulnerabilities in the Enterprise Server. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Also, under certain, unspecified conditions, a malicious party can use rogue SAML traffic to gain access to any account, including...
Vulnerabilities fixed in Cisco Small Business IP Phones
Cisco has fixed vulnerabilities in the firmware of Small Business IP Phone systems. A malicious party could exploit the vulnerabilities to execute arbitrary code on the vulnerable system without prior authentication. For successful exploitation, the malicious party must have access to the...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has made updates available to fix the vulnerabilities. See the...
Vulnerabilities fixed in Oracle Supply Chain
Vulnerabilities have been fixed in Oracle Supply Chain. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User righ...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to sensitive data. Access to system data Manipulation of data Oracle has made updates available to fix the...
Vulnerability fixed in GitLab CE/EE
GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...
Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder
Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Endpoint Manager. A malicious party can exploit the vulnerabilities to execute arbitrary code on the system using SQL Injection. For successful abuse, the malicious party must have access to the local infrastructure where the EPM system is implemented...
Vulnerability fixed in Adobe Creative Cloud Desktop Application
Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A malicious person could exploit the vulnerability to execute arbitrary code with the victim's privileges. For successful abuse, the malicious party must trick the victim into opening a rogue file. Adobe has released updates t...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro fixed vulnerabilities in Apex One A local malicious party could exploit the vulnerabilities to cause a denial-of-service DoS, or grant themselves elevated privileges and potentially execute arbitrary code on the local system. Trend Micro has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Veeam Backup Enterprise Manager
Veeam has fixed vulnerabilities in Backup Enterprise Manager. A malicious party could exploit the vulnerabilities to access user accounts active within Enterprise Manager without prior authentication to gain access to sensitive data within the context of the acquired account, and potentially...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including NetWeaver, Business Objects, HANA and SAP GUI. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Denial-of-Service DoS. - Manipulation ...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or gain access to sensitive data. Adobe has released updates to fix the vulnerabilities in Acrobat Reader DC 24.002.20759 and Acrobat Read...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate VPN traffic, or potentially execute code on the management interface. For successful execution of arbitrary code, the malicious party must have access to the...
Vulnerability fixed in Microsoft Edge
Microsoft has fixed a vulnerability in Edge. A malicious party could exploit the vulnerability to gain access to system data. For successful abuse, the malicious party must trick the victim into opening a rogue link. This update also includes the vulnerabilities marked CVE-2024-4558, CVE-2024-455...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant himself elevated privileges granted, thus executing code with the victim's privileges or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...
Vulnerabilities fixed in Cisco IP phones
Cisco has fixed vulnerabilities in the firmware of several IP Phone systems. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data on the vulnerable device and thus potentially manipulate phone calls. Cisco has released updates to fix t...
Vulnerabilities fixed in QNAP QTS and QTS Hero
QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Bypassing authentication. Circumvention of security measure Remote code execution Administrator/Root right...
Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA) and Firepower Threat defense (FTD).
Cisco has fixed actively exploited vulnerabilities in Adaptive Security Appliance and Firepower Threat defense FTD. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Remote code executi...
Vulnerabilities fixed in Oracle Supply Chain products
Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in several Java products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in several Analytics products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...
Vulnerability discovered in Palo Alto PAN-OS
Palo Alto has discovered a vulnerability in PAN-OS. A unauthenticated malicious person can exploit the vulnerability to execute arbitrary code on the vulnerable system with root privileges. The vulnerability is found only in PAN-OS versions 10.2, 11.0 and 11.1, if both the GlobalProtect Gateway a...
Vulnerabilities fixed in Broadcom Brocade Fabric OS
Broadcom has fixed vulnerabilities in Brocade Fabric OS. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code on the system, or to manipulate the operation of the system manipulate. To do this, the malicious party does not need prior authentication...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed vulnerabilities in Identity Services Engine. The vulnerabilities are located in the management interface and allow a malicious person with access to that interface to perform a Server-Side-Request-Forgery, or a Cross-Site-Request-Forgery to perform execution. Such an attack can le...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or grant themselves elevated privileges to gain gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into followi...
Vulnerability fixed in Flexera Software FlexNet Publisher
Flexera Software has fixed a vulnerability in FlexNet Publisher. A local malicious person could exploit the vulnerability to grant itself elevated privileges and execute code with elevated privileges. To exploit the vulnerability, a malicious party must load a specially prepared SSL configuration...
Vulnerability fixed in liblzma (XZ Utils)
Malicious code has been found in liblzma XZ Utils software. XZ Utils is used for compression of data and may be present in Linux distributions. The vulnerability has been labeled CVE-2024-3094 and has been found in versions 5.6.0 and 5.6.1 of XZ Utils. A malicious party can exploit the...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS GitLab has released updates to fix th...
Vulnerabilities fixed in Synology Surveillance Station
Synology has fixed vulnerabilities in Surveillance Station. A malicious party can exploit the vulnerabilities to execute arbitrary code via SQL injection to execute arbitrary code, or gain access to sensitive data. Synology has released updates to fix the vulnerabilities in Surveillance Station...
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed vulnerabilities in Adobe Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...
Vulnerability fixed in Adobe ColdFusion
Adobe has fixed a vulnerability in ColdFusion. A malicious party can exploit the vulnerability to bypass a security measure to bypass the vulnerability and thus gain access to sensitive data in the affected Adobe ColdFusion application. Adobe has released updates to fix the vulnerability in...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...
Vulnerability fixed in SonicWall SSL-VPN products
SonicWall has fixed a vulnerability in SMA 100 series SSL VPNs. An authenticated malicious party can exploit the vulnerability exploit the vulnerability to establish a link to the mobile MFA device of another user and thus potentially gain access to sensitive data in the victim's context. SonicWa...
Vulnerabilities fixed in ISC BIND
ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND 9.19.21, 9.18.24 S1, 9.16.48 S1 For more information, see: https://kb.isc.org/docs/cve-2023-4408...
Vulnerability fixed in Adobe Audition
Adobe has fixed a vulnerability in Adobe Audition. The vulnerability allows a malicious person to execute arbitrary code execute arbitrary code with the victim's privileges. Successful exploit requires user interaction from the victim. Adobe has released updates to fix the vulnerabilities in...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of the...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Increased user privileges Successful misuse requires...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...
Vulnerabilities fixed iin Oracle JD Edwards
Oracle has fixed vulnerabilities in JD Edwards. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Oracle has fixed the...
Vulnerabilities fixed in Apache OpenOffice
Apache has fixed vulnerabilities in OpenOffice. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the application, with permissions from the victim, or to bypass a security measure. Apache has released updates to fix the...
Vulnerability fixed in IBM Informix
IBM has fixed a vulnerability in the JDBC driver of Informix. A malicious person with rights to use the API could can exploit the vulnerability to execute arbitrary code execute code with permissions from the application using the JDBC driver. Because it cannot be estimated with what permissions...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS, as used in FortiProxy and FortiPAM. An unauthenticated malicious person could exploit the vulnerability with reference CVE-2023-47536 to exploit a security measure to bypass and route traffic through the system that should not be allowed should be...
Vulnerabilities fixed in Fortinet FortiSandbox
Fortinet has fixed vulnerabilities in FortiSandbox. A malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in After Effects. A malicious party could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. The malicious party does not need any prior authorizations required. Adobe has released updates to fix t...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a denial-of-service DoS cause, manipulate data, or launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary co...