4189 matches found
Vulnerabilities fixed in OTRS
OTRS developers have fixed vulnerabilities in OTRS 7 and 8. An authenticated malicious person can exploit the vulnerabilities exploit them to perform a cross-site scripting XSS attack, execute commands in the context of the application, or to gain access to sensitive data. OTRS has released updat...
Vulnerabilities fixed in Expat
Vulnerabilities have been fixed in Expat. Combining exploiting these vulnerabilities allows a remote malicious person able to execute arbitrary code or cause a Denial-of-Service cause. Expat's developers have made updates available to address the vulnerabilities. For more information, see:...
Vulnerabilities fixed in Mattermost Server
Two vulnerabilities have been fixed in Mattermost Server. A unauthenticated malicious person can exploit the vulnerabilities to cause a denial-of-service. To do so, a malicious file needs to be uploaded or a malicious POST request needs to be sent be sent to the server. For the latter, no...
Vulnerabilities fixed in pfSense
Netgate has fixed vulnerabilities in pfSense. The vulnerabilities marked CVE-2022-26019, CVE-2021-41282 and CVE-2022-24299 allow a malicious party to execute arbitrary code or cause a denial-of-service. To exploit these vulnerabilities requires administrator privileges on the vulnerable device...
Vulnerabilities fixed in macOS
Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...
Vulnerabilities fixed in Microsoft Azure Site Recovery
Vulnerabilities have been fixed in Microsoft Azure Site Recovery. The vulnerabilities allow a malicious party to obtain elevated rights or to execute arbitrary code. With the exception of CVE-2022-24469, an attacker already needs need elevated privileges to one or more of the components that are...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Exchange Server. A malicious party could potentially exploit the vulnerabilities to access gain access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. Exploitation of both vulnerabilities requires...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools products. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing In order to exploit these vulnerabilities, a...
Vulnerability fixed in pfSense
NetGate has fixed a vulnerability in pfSense versions lower than and equal to 2.5.2. A malicious person with user privileges within the same network is able to write arbitrary code to the system. Due to the lack of Cross-Site Request Forgery Protection CSRF on the vulnerable system, it is possibl...
Vulnerability fixed in Cisco Email Security Appliance
Cisco has fixed a vulnerability in the Email Security Appliance ESA. A malicious party could potentially exploit it to cause a denial-of-service. To exploit this vulnerability, a malicious party must send a specially prepared e-mail to a vulnerable device. By default, DANE validation is not enabl...
Vulnerabilities fixed in Intel Wi-Fi chipset firmware
Intel has fixed several vulnerabilities in various Intel PROSet/Wireless Wi-Fi and Intel Active Management Technology AMT Wireless chipsets. The vulnerabilities allow a local malicious party to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Access to...
Vulnerability fixed in Adobe Creative Cloud Desktop
Adobe has fixed a vulnerability in the Creative Cloud Desktop Application. A malicious party could exploit the vulnerability to execute arbitrary code with the victim's privileges. The malicious party needs to trick the victim into opening a rogue file. Adobe has released updates to fix the...
Vulnerability fixed in Kibana
A vulnerability has been fixed in Kibana. The vulnerability allows an authenticated malicious person to perform a Cross-Site Scripting attack on users with higher privileges within the application. Elastic has made version 7.17.0 available for Kibana to fix the vulnerability. For more information...
Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform
Vulnerabilities have been fixed in Red Hat JBOSS Enterprise Application Platform. The vulnerabilities allow a remote malicious person to remotely capable of causing a denial-of-service or execute arbitrary code. Red Hat has released updates to fix the vulnerabilities. More information can be foun...
Vulnerability fixed in Fortinet FortiMail
A vulnerability has been fixed in FortiMail. The vulnerability allows an unauthenticated remote malicious party to launch a Cross-Site Scripting attack by sending specially prepared HTTP GET requests to the FortiGuard URI protection service. Fortinet has released updates to fix the vulnerability...
Vulnerability fixed in Micro Focus Operations Agent
A vulnerability has been fixed in Micro Focus Operational Agent. The vulnerability allows a local malicious agent to access gain access to system data. Micro Focus indicates that mitigating measures are available that eliminate the vulnerability. For more information see:...
Vulnerabilities fixed in Lexmark printers
Vulnerabilities have been fixed in Lexmark devices. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Remote code execution User Right...
Vulnerability fixed in IBM FileNet Content Manager
A vulnerability has been fixed in IBM FileNet Content Manager. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6509840...
Vulnerability fixed in SonicWall SMA100 series
A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to access some management APIs in order to view meta-data of configurations. SonicWall has released updates to fix the vulnerability. fix. More information can be...
Vulnerability fixed in VMware Workspace ONE UEM
VMware has fixed a vulnerability in Workspace ONE UEM. A unauthenticated malicious person could exploit this vulnerability to perform a same-site request forgery SSRF attack and thereby gain access to sensitive data. For successful exploitation requires network access to the Workspace ONE UEM...
Vulnerability fixed in DBeaver
A vulnerability has been fixed in DBeaver. The vulnerability allows a local malicious agent to obtain sensitive data. This is possible because the loading of external XML entities is not properly is not properly captured. For this vulnerability Proof-of-Concept code is available. DBeaver's...
Vulnerabilities fixed in IBM Cognos Analytics
IBM has fixed a large number of vulnerabilities in underlying software provided with Cognos Analytics. The vulnerabilities were previously fixed and released by the vendors in question previously fixed and released. IBM has in this update bundled the affected vulnerabilities for Cognos. A malicio...
Vulnerabilities remedied in Dell PowerEdge VRTX and X-Series firmware
Dell has fixed vulnerabilities in VRTX switch module firmware. By exploiting these vulnerabilities, an unauthenticated malicious person remotely retrieve another user's login credentials retrieve another user's login credentials and thereby gain elevated privileges. It is also it is possible to...
Vulnerabilities fixed in VMware vCenter
VMware has fixed vulnerabilities in vCenter server. A malicious party on the local network, with access to port 443 could exploit the vulnerabilities to gain access to sensitive data. VMware did not release further details. VMWare has released updates to fix the vulnerabilities in vCenter server...
Vulnerabilities fixed in Xen
Xen has released updates to fix vulnerabilities in its hypervisor. Under specific circumstances, a virtualized system "guest" exploit the vulnerabilities to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Adobe has released updates to fix the...
Vulnerabilities fixed in HP LaserJet
Vulnerabilities have been fixed in HP Laserjet. The vulnerabilities allow a remote malicious person to cause a denial-of-service and to bypass a security measure. circumvention. HP has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Oracle Communications Applications
Oracle has fixed vulnerabilities in the following Communications Applications products: Communications Billing and Revenue Management Communications MetaSolv Solution Communications Offline Mediation Controller Communications Design Studio Communications Calendar Server Communications Messaging...
Vulnerabilities fixed in Oracle Peoplesoft products
Oracle has fixed vulnerabilities in the following PeopleSoft products: PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise CS SA Integration Pack PeopleSoft Enterprise SCM Purchasing PeopleSoft Enterprise CS Academic Advisement PeopleSoft Enterprise CS Student Records. PeopleSoft Enterpris...
Vulnerabilities fixed in Oracle Java SE and GraalVM
Oracle has fixed vulnerabilities in Java SE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Circumvention of security measure. Denial-of-Service DoS. Remote code execution User Rights Acces...
Vulnerabilities fixed in Trend Micro Apex One
Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service or execute arbitrary code with SYSTEM privileges. Trend Micro has released updates to address the vulnerabilities fixes in Apex One. For more...
Vulnerabilities fixed in Juniper Junos OS
Vulnerabilities have been fixed in Juniper Junos OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Increased user rights Juniper...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Access to system...
Vulnerability fixed in Sonatype Nexus
Sonatype has fixed a vulnerability in Nexus Repository. A unauthenticated malicious party could potentially gain access to sensitive information via an HTTP header injection to potentially gain access to sensitive information. Sonatype has released little further substantive information. Sonatype...
Vulnerabilities fixed in Ubuntu kernel
Vulnerabilities have been fixed in Ubuntu kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing sensitive data Accessing system data -= Ubuntu ...
Vulnerabilities fixed in FortiSandbox
Due to a session expiration vulnerability in FortiSandbox allows a malicious party to reuse the non-expired session IDs of an administrator reuse to obtain information about other users. obtain. CVE-2020-29012 Due to a vulnerability in the input validation of the sniffer interface of FortiSandbox...
Vulnerabilities fixed in Apache Tomcat
Vulnerabilities have been fixed in Apache Tomcat that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data The developers of Apache Tomcat have made updates available made available. For more information, see the following page: https://tomcat.apache.org...
Vulnerabilities fixed in Dell iDRAC
Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...
Vulnerability fixed in Nessus agent
Nessus Agent 8.3.0 and earlier contains multiple local vulnerabilities that would allow an authenticated, local administrator to execute specific executable code on the Nessus Agent host could execute. Tenable has made updates available for Nessus to address the vulnerability. More information ca...
Vulnerabilities fixed in ArubaOS and Aruba SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Access-Points and SD-WAN Gateways. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damag...
Vulnerabilities fixed in Cisco Application Policy Infrastructure Controller (APIC).
Vulnerabilities have been fixed in Cisco Application Policy Infrastructure Controller APIC. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution Administrator/Root right...
Vulnerability fixed in Joomla! media manager
Joomla has fixed a vulnerability in the Joomla! media!! manager. Due to improper access control, a user could without being authorized to do so could delete arbitrary content from the media directory. Joomla has released updates to fix the vulnerability in Joomla! 4.0.1. For more information, see...
Vulnerability fixed in Red Hat JBoss Enterprise Application Platform
A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. A remote malicious agent could vulnerability potentially exploit it to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Autodesk Licensing Service
A vulnerability has been fixed in the Autodesk Licensing Service. This service is present on all of Autodesk's flagship products. The vulnerability allows a malicious person with local access to obtain elevated privileges. Autodesk has released updates to fix the vulnerability. More information c...
Vulnerabilities fixed in SolarWinds products
Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root privileges SQL Injection Increased user...
Vulnerability fixed in Citrix ShareFile
Citrix has fixed a vulnerability caused by the CTX269106 mitigation tool for Citrix ShareFile storage zones controller. The tool disabled encryption when it was enabled. This would have allowed data to be stored and transmitted. Citrix has released updates to fix the vulnerability. More informati...
Vulnerabilities fixed in Oracle Linux Unbreakable Enterprise kernel
Oracle has fixed vulnerabilities in the Unbreakable Enterprise Linux kernel. The vulnerabilities potentially enable a malicious person able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Connectors MySQL Server MySQL Enterprise Monitor The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in t...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed vulnerabilities in Jira Server. A remote malicious person could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. The vulnerability with CVE attribute...
Vulnerabilities fixed in Oracle Siebel Suite
Oracle has fixed vulnerabilities in Siebel CRM and Siebel Apps. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Acce...