4190 matches found
Vulnerability fixed in Juniper JunOS
Juniper has fixed a vulnerability in JunOS Specifically for SRX series systems The vulnerability is in how the Packet Forwarding Engine PFE on vulnerable SRX systems processes traffic. Certain, albeit legitimate, traffic can cause the PFE to crash. A malicious party can exploit the vulnerability ...
Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder
Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Endpoint Manager. A malicious party can exploit the vulnerabilities to execute arbitrary code on the system using SQL Injection. For successful abuse, the malicious party must have access to the local infrastructure where the EPM system is implemented...
Vulnerability fixed in Adobe Creative Cloud Desktop Application
Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A malicious person could exploit the vulnerability to execute arbitrary code with the victim's privileges. For successful abuse, the malicious party must trick the victim into opening a rogue file. Adobe has released updates t...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro fixed vulnerabilities in Apex One A local malicious party could exploit the vulnerabilities to cause a denial-of-service DoS, or grant themselves elevated privileges and potentially execute arbitrary code on the local system. Trend Micro has released updates to fix the vulnerabilities...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including NetWeaver, Business Objects, HANA and SAP GUI. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Denial-of-Service DoS. - Manipulation ...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or gain access to sensitive data. Adobe has released updates to fix the vulnerabilities in Acrobat Reader DC 24.002.20759 and Acrobat Read...
Vulnerability fixed in Microsoft Edge
Microsoft has fixed a vulnerability in Edge. A malicious party could exploit the vulnerability to gain access to system data. For successful abuse, the malicious party must trick the victim into opening a rogue link. This update also includes the vulnerabilities marked CVE-2024-4558, CVE-2024-455...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant himself elevated privileges granted, thus executing code with the victim's privileges or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...
Vulnerabilities fixed in Cisco IP phones
Cisco has fixed vulnerabilities in the firmware of several IP Phone systems. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data on the vulnerable device and thus potentially manipulate phone calls. Cisco has released updates to fix t...
Vulnerabilities fixed in QNAP QTS and QTS Hero
QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Bypassing authentication. Circumvention of security measure Remote code execution Administrator/Root right...
Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA) and Firepower Threat defense (FTD).
Cisco has fixed actively exploited vulnerabilities in Adaptive Security Appliance and Firepower Threat defense FTD. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Remote code executi...
Vulnerabilities fixed in Oracle Supply Chain products
Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in several Java products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in several Analytics products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...
Vulnerability discovered in Palo Alto PAN-OS
Palo Alto has discovered a vulnerability in PAN-OS. A unauthenticated malicious person can exploit the vulnerability to execute arbitrary code on the vulnerable system with root privileges. The vulnerability is found only in PAN-OS versions 10.2, 11.0 and 11.1, if both the GlobalProtect Gateway a...
Vulnerabilities fixed in Broadcom Brocade Fabric OS
Broadcom has fixed vulnerabilities in Brocade Fabric OS. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code on the system, or to manipulate the operation of the system manipulate. To do this, the malicious party does not need prior authentication...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed vulnerabilities in Identity Services Engine. The vulnerabilities are located in the management interface and allow a malicious person with access to that interface to perform a Server-Side-Request-Forgery, or a Cross-Site-Request-Forgery to perform execution. Such an attack can le...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or grant themselves elevated privileges to gain gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into followi...
Vulnerability fixed in Flexera Software FlexNet Publisher
Flexera Software has fixed a vulnerability in FlexNet Publisher. A local malicious person could exploit the vulnerability to grant itself elevated privileges and execute code with elevated privileges. To exploit the vulnerability, a malicious party must load a specially prepared SSL configuration...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS GitLab has released updates to fix th...
Vulnerabilities fixed in Synology Surveillance Station
Synology has fixed vulnerabilities in Surveillance Station. A malicious party can exploit the vulnerabilities to execute arbitrary code via SQL injection to execute arbitrary code, or gain access to sensitive data. Synology has released updates to fix the vulnerabilities in Surveillance Station...
Vulnerabilities fixed in SugarCRM
Vulnerabilities have been fixed in SugarCRM. A malicious party could exploit the vulnerabilities to launch cross-site scripting or SQL injection attacks, manipulate data or execute code execute code. No CVE IDs have yet been disclosed for the vulnerabilities. SugarCRM has released updates to fix...
Vulnerabilities fixed in Splunk
Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Circumvention of security measure. Accessing sensitive data Access to system data Splunk has released...
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed vulnerabilities in Adobe Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...
Vulnerability fixed in Adobe ColdFusion
Adobe has fixed a vulnerability in ColdFusion. A malicious party can exploit the vulnerability to bypass a security measure to bypass the vulnerability and thus gain access to sensitive data in the affected Adobe ColdFusion application. Adobe has released updates to fix the vulnerability in...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Manipulation of data; Circumvention of security measure; Accessing sensitive data. For successful exploitatio...
Vulnerability fixed in SonicWall SSL-VPN products
SonicWall has fixed a vulnerability in SMA 100 series SSL VPNs. An authenticated malicious party can exploit the vulnerability exploit the vulnerability to establish a link to the mobile MFA device of another user and thus potentially gain access to sensitive data in the victim's context. SonicWa...
Vulnerabilities fixed in ISC BIND
ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND 9.19.21, 9.18.24 S1, 9.16.48 S1 For more information, see: https://kb.isc.org/docs/cve-2023-4408...
Vulnerability fixed in Adobe Audition
Adobe has fixed a vulnerability in Adobe Audition. The vulnerability allows a malicious person to execute arbitrary code execute arbitrary code with the victim's privileges. Successful exploit requires user interaction from the victim. Adobe has released updates to fix the vulnerabilities in...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of the...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Increased user privileges Successful misuse requires...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...
Vulnerabilities fixed iin Oracle JD Edwards
Oracle has fixed vulnerabilities in JD Edwards. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Oracle has fixed the...
Vulnerabilities fixed in Apache OpenOffice
Apache has fixed vulnerabilities in OpenOffice. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the application, with permissions from the victim, or to bypass a security measure. Apache has released updates to fix the...
Vulnerability fixed in IBM Informix
IBM has fixed a vulnerability in the JDBC driver of Informix. A malicious person with rights to use the API could can exploit the vulnerability to execute arbitrary code execute code with permissions from the application using the JDBC driver. Because it cannot be estimated with what permissions...
Vulnerabilities fixed in Fortinet FortiSandbox
Fortinet has fixed vulnerabilities in FortiSandbox. A malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in After Effects. A malicious party could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. The malicious party does not need any prior authorizations required. Adobe has released updates to fix t...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a denial-of-service DoS cause, manipulate data, or launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary co...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code with privileges of the browser, or to access sensitive data in the context of the browser. Successful exploitation requires the malicious party to trick the victim into openi...
Vulnerabilities fixed in Adobe Premiere Pro
Adobe has fixed vulnerabilities in Premiere Pro. A malicious party could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in components of Azure. A malicious party could exploit the vulnerabilities to circumvent a security measure, execute arbitrary code with the victim's privileges or gain access to sensitive data. Azure:...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, bypass, grant himself elevated privileges or impersonate impersonate another user. Successful exploitation requires the...
Maladies fixed in Qnap QTS and QuTS Hero
QNAP has fixed vulnerabilities in QTS and QuTS Hero. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code on the system. QNAP has released updates to fix the vulnerabilities in QTS and QuTS Hero. For more information, see:...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed the vulnerabilities in the followin...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security measure Oracle has...
Vulnerabilities fixed in Cisco IOS
Cisco has fixed vulnerabilities in the IOS firmware of several systems, such as Catalyst, Aironet, Integrated Routers, Analog Voice Gateways. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service...
Vulnerability fixed in Atlassian Confluence
Atlassian has fixed a vulnerability in Confluence. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the application. Atlassian has released updates to fix the vulnerability in Confluence 8.6.0, 8.5.1 and 7.19.14. For more information, see:...