4190 matches found
Vulnerabilities fixed in Sophos UTM Up2Date
Sophos has fixed multiple vulnerabilities in Up2Date for Sophos UTM. The vulnerabilities allow a remote malicious person potentially able to cause a denial-of-service or gain access gain access to sensitive information. Sophos has released updates to fix the vulnerabilities in Sophos UTM Up2Data...
Vulnerabilities fixed in Kaspersky Security Center
Kaspersky has fixed multiple vulnerabilities in Kaspersky Security Center. The vulnerabilities allow a local malicious able to cause a denial-of-service or obtain elevated privileges obtain elevated privileges on the local system. Not all of the vulnerabilities have assigned a CVE number. Kaspers...
Vulnerabilities fixed in OpenSUSE kernel
The developers of OpenSUSE have fixed several vulnerabilities fixed in the OpenSUSE Linux kernel. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data...
Vulnerability in Autodesk 3ds max actively exploited
Autodesk says it is actively observing abuse of a vulnerability in 3ds max software. A variant of the MAXScript exploit "PhysXPluginMfx" allows a remote malicious person to to execute arbitrary code within the context of the application. To do this, the malicious party must entice the victim to...
Vulnerabilities fixed in Apache HTTP server
Vulnerabilities have been fixed in Apache. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data -= Ubuntu =- Canonical has...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication Circumvention of security...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code, to gain elevated privileges or to perform a denial-of-service DoS attack. Below is a summary of the various vulnerabilities described by...
Vulnerabilities fixed in Apache HTTP Server
Vulnerabilities have been fixed in Apache HTTP Server. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial of Service Apache has made updates available to address the vulnerabilities. fixes. More information can ...
Vulnerabilities fixed in GRUB2
Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...
Multiple vulnerabilities fixed in macOS
Apple has fixed several vulnerabilities in macOS. The vulnerabilities allow a malicious person remote or otherwise to perform able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root...
Vulnerabilities fixed in Cisco products
Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Cisco has released updates to fix the vulnerabilities. More...
Vulnerability fixed in Microsoft SQL Server Reporting Services
There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to improper processing of page requests. If successfully exploited, the vulnerability allows an authenticated remote malicious person to execute arbitrary execu...
Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products
Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...
Vulnerability fixed in Spring Framework
A vulnerability has been fixed in Spring Framework. The vulnerability allows a malicious party to perform a reflected file download RFD attack. The developers of Spring Framework have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerabilities fixed in Nginx
A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...
Vulnerabilities fixed in Jackson databind
Debian has fixed vulnerabilities in Jackson databind. The vulnerabilities allow a malicious party to execute arbitrary code execute under user privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to the deserialization of an...
Vulnerability fixed in PostgreSQL
Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...
Multiple vulnerabilities fixed in Aruba networks products
Multiple vulnerabilities have been discovered in various Aruba Networks products including Instant and ArubaOS access points, the Airwave management platform and the PAPI protocol that these systems mutually use. Some vulnerabilities have been fixed, others will be fixed in a future update, and f...
Vulnerabilities in GitHub Enterprise Server
GitHub has identified several vulnerabilities in GitHub Enterprise Server, particularly in versions prior to 3.21 and 3.22. The first vulnerability involves stored XSS attacks, where authenticated attackers can inject malicious JavaScript payloads into discussion titles. These scripts are execute...
The vulnerabilities in libssh2 are addressed through libssh.
LibSSH has vulnerabilities in libssh2, including versions up to 1.11.1. The first vulnerability involves a denial-of-service attack during the pre-authentication phase, within the SSHMSGEXTINFO handler. A malicious SSH server can send a specially constructed extensioncount value, causing the clie...
Vulnerabilities are managed in Oracle Enterprise Manager
Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...
Kwetsbaarheid verholpen in Cisco Catalyst SD-WAN Manager
Cisco has identified a vulnerability in the Cisco Catalyst SD-WAN Manager. This vulnerability resides in the web user interface of the Cisco Catalyst SD-WAN Manager and involves a directory traversal flaw. This flaw is caused by improper input validation during the file upload process. An...
Vulnerabilities in Oracle Identity Manager Connector
Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...
Lack of vulnerability awareness in Cisco WebEx Services
Cisco has identified a vulnerability in Cisco Webex Services, specifically in the SSO integration with Control Hub. The vulnerability lies in the incorrect validation of certificates during the SSO integration of Cisco Webex Services through Control Hub. An unauthenticated external attacker can...
Vulnerabilities in Microsoft SQL Server
Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...
Vulnerability fixed in Juniper Networks Junos OS Evolved
Juniper has fixed a vulnerability in Junos OS Evolved running on PTX Series devices. A malicious party can exploit this vulnerability to increase privileges. The vulnerability is in the Flexible PIC Concentrators FPCs of Juniper Networks Junos OS Evolved on PTX systems. The vulnerability can lead...
Vulnerabilities fixed in Cisco Integrated Management Controller
Cisco has fixed several vulnerabilities in Cisco Integrated Management Controller IMC. The vulnerabilities are in Cisco IMC's Web-based management interface. An unauthorized remote attacker can bypass authentication through password change functionality by sending specially formatted HTTP request...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in versions 18.8.7, 18.9.3, and 18.10.1. The vulnerabilities included denial-of-service scenarios that could be triggered by authenticated users via specific Webhook configurations and continuous integration inputs. In addition, there were issues with improper...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome versions before 146.0.7680.75. The vulnerabilities are in Google Chrome's V8 engine and Skia graphics library. The vulnerability in the V8 engine allows a malicious person to execute arbitrary code within the browser's sandboxed environment via a...
Vulnerabilities fixed in Veeam Backup & Replication
Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities allow an authenticated domain user to remotely execute code on the backup server, which can lead to unauthorized control of backup operations. This issue is present in the backup server environment and can be...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and potentially execute SQL Statements with Sysadmin privileges. For successful abuse, the malicious party must have prior authorizations as a user. Of th...
Vulnerability fixed in Juniper Junos OS Evolved
Juniper has fixed a vulnerability in Junos OS Evolved Specifically for PTX Series devices. The vulnerability is in the On-Box Anomaly detection framework of Junos OS Evolved that runs on PTX Series devices. The cause is an incorrect assignment of permissions that allows unauthenticated remote...
Vulnerability fixed in Cisco TelePresence Collaboration Endpoint
Cisco has fixed a vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software. The vulnerability is in how the text viewer system does not perform sufficient input control. This can be exploited by unauthenticated remote attackers, leading to a denial-of-service DoS and affecti...
Vulnerabilities fixed in Adobe Dreamweaver Desktop
Adobe has fixed vulnerabilities in Dreamweaver Desktop Versions 21.6 and earlier. The vulnerabilities are in the way Dreamweaver Desktop validates input. This can lead to unauthorized file manipulation and execution of arbitrary code. Exploitation of these vulnerabilities requires user interactio...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server A malicious party can exploit the vulnerability to gain unauthorized access to DEBUG functionality and thereby generate, among other things, memory dumps. These dumps can also involve memory outside the scope of SQL Server, allowing the malicious...
Vulnerabilities fixed in QNAP operating systems
QNAP has fixed vulnerabilities in QTS and QuTS hero The vulnerabilities include a critical flaw in argument separator processing, a NULL pointer dereference that can lead to denial-of-service DoS attacks, an SQL injection that enables unauthorized code execution, and an authentication bypass that...
Vulnerability fixed in Cisco Identity Services Engine
Cisco has fixed a vulnerability in Cisco Identity Services Engine. The vulnerability is located in the RADIUS setting of Cisco Identity Services Engine, which can be exploited by unauthenticated remote attackers. This vulnerability allows attackers to cause a logic error, potentially leading to a...
Vulnerability fixed in Progress MOVEit Transfer
Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions 2025.0.0 to 2025.0.3, 2024.1.0 to 2024.1.7, and 2023.1.0 to 2023.1.16. The vulnerability involves uncontrolled resource consumption that can lead to resource depletion, which can affect the performance and availabilit...
Vulnerabilities fixed in Oracle JD Edwards EnterpriseOne Tools
Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.4. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated attackers to compromise the system via HTTP, which can lead to unauthorized access and modification of...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Versions 29.7, 28.7.9 and earlier. The vulnerabilities are in how Adobe Illustrator handles malicious files. A malicious party can exploit these vulnerabilities by tricking a user into opening a malicious file, which can lead to the execution o...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.9, 2022.7 and earlier. The vulnerabilities are in versions 2020.9, 2022.7 and earlier of Adobe Framemaker. The first vulnerability involves a Use After Free, which can lead to arbitrary code execution when a user opens a specially...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. The vulnerabilities include an insecure deserialization, a path traversal and multiple SQL injection vulnerabilities. The insecure deserialization can be exploited by local, authenticated attackers to gain elevated privileges, leading t...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in the JDBC driver for SQL Server. A malicious party could exploit the vulnerability to gain access to sensitive data, such as login credentials, through a Server-in-the-Middle attack. For successful exploitation, the malicious party must trick the victim into...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange Server. A malicious person could exploit the vulnerabilities to impersonate another user and grant themselves elevated privileges. For successful abuse, the malicious party must have prior authentication. Microsoft has made updates available that fi...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention o...
Vulnerabilities fixed in Redis
Redis has fixed vulnerabilities in versions 8.2.1 and below. The vulnerabilities are in Redis' Lua scripting engine, which can be exploited by authenticated users. This can lead to remote code execution, out-of-bounds data access or server crashes. The vulnerabilities could compromise the integri...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include several problems such as unauthorized access to sensitive user data, memory management issues, and vulnerabilities that could lead to denial-of-service or unexpected application crashes. These vulnerabilities could be...
Vulnerabilities fixed in Cisco NX-OS Software
Cisco has fixed vulnerabilities in Cisco NX-OS Software for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software, including IS-IS, PIM6, logging, command-line interface CLI, and the REST API of the Nexus Dashboard. These vulnerabilities can ...
Vulnerabilities fixed in Cisco IOS XR Software
Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in how Cisco IOS XR Software handles management interface ACL processing, the installation process and ARP implementation. A malicious party can exploit these vulnerabilities to bypass configured access control list...
Vulnerability fixed in Adobe Commerce and Magento
Adobe has fixed a vulnerability in Adobe Commerce and Magento. The vulnerability is in the way input is validated in Adobe Commerce and Magento. This vulnerability allows attackers to perform session takeover attacks without any user interaction, which can compromise the confidentiality and...