4190 matches found
Vulnerability fixed in Veeam
Veeam has fixed a vulnerability in the Veeam Updater component. The vulnerability is in how the Veeam Updater component validates TLS certificates. Insufficient validation can allow Man-in-the-Middle attackers to execute arbitrary code on affected servers. This can lead to unauthorized access and...
Vulnerability fixed in CrowdStrike Falcon sensor
CrowdStrike has fixed a vulnerability in its Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability is in the Falcon sensor's validation logic, which could lead to a man-in-the-middle attack. While there is no evidence of exploitation relat...
Vulnerability fixed in Apple iOS and iPadOS
Apple has fixed a vulnerability in iOS and iPadOS. A malicious person with physical access to the vulnerable device can exploit the vulnerability to bypass USB restrictions, even when the system is locked. This allows the malicious party to install arbitrary software on the device. Successful abu...
Vulnerabilities fixed in Rockwell Automation FactoryTalk
Rockwell Automation has fixed vulnerabilities in FactoryTalk View Site. The vulnerabilities are related to improper permissions settings on the remote debugger port, allowing unauthenticated users to access system configurations. This can lead to unauthorized changes. In addition, there is a loca...
Vulnerabilities fixed in Rockwell Automation FactoryTalk
Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the vulnerable system elevated privileges. For successful exploitation, the malicious party must ha...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for the Advanced Outbound Telephony, Project Foundation, Customer Care and Workflow components. The vulnerabilities are in several components of the Oracle E-Business Suite. The Advanced Outbound Telephony component contains...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle fixed vulnerabilities in Oracle Enterprise Manager A malicious party could exploit the vulnerabilities to gain access to sensitive data or cause a Denial-of-Service. Oracle has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 134 and 128.6. The vulnerabilities include client-side path traversal, privilege escalation and use-after-free conditions. These vulnerabilities can be exploited by malicious parties to gain unauthorized...
Vulnerability fixed in Microsoft Dynamics Power Automate
Microsoft has fixed a vulnerability in Power Automate for Desktops. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure products. A malicious person with prior authentication could exploit the vulnerabilities to gain access to sensitive data in the victim's context. Successful misuse requires the victim to log in, where the malicious person manages to win a race...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Ivanti Connect Secure Specific for versions prior to 22.7R2.4 and Policy Secure Specific for versions prior to 22.7R1.2. The vulnerabilities are in the Secure Application Manager component and the IPSEC component of Ivanti Connect Secure and Policy Secure and d...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. UPDATE: Researchers have published proof of concept PoC code demonstrating the vulnerability with attribute CVE-2024-49113. Successful exploitation requires the malicious party to have access to both a DC with LDAP and a rogue server under their own...
Vulnerability fixed in Palo Alto Networks PAN OS
Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS processes specially crafted DNS packets from attackers. This can lead to a device reboot and, on repeated attempts, the firewall can enter maintenance mode. Palo Alto says it has received reports from...
Vulnerabilities fixed in Rockwell Automation Power Monitor 1000
Rockwell Automation has fixed vulnerabilities in the Power Monitor 1000. The vulnerabilities are in the API of the Power Monitor 1000, which allows unauthorized users to configure new Policyholder users with high privileges. This allows attackers to edit existing users, create new administrators...
Vulnerability fixed in Fortinet FortiWLM
Fortinet has fixed a vulnerability in FortiWLM Specifically for versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4. The vulnerability is located in FortiWLM's relative path-traversal functionality, which allows remote, unauthenticated attackers to execute unauthorized code via specially crafted Web...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 11.0 to 17.6.2. The vulnerabilities are located in several versions of GitLab CE/EE and allow attackers to create groups with names that match existing unique domains, which can lead to domain confusion. In addition, users...
Vulnerability fixed in Adobe After Effects
Adobe has fixed a vulnerability in Adobe After Effects Specifically for versions 24.6.2, 25.0.1 and earlier. The vulnerability is in the way Adobe After Effects handles files. When a user opens a maliciously crafted file, it can cause a buffer overflow, which can result in the execution of...
Vulnerabilities fixed in Adobe InDesign Desktop
Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID19.5, ID18.5.4 and earlier. The vulnerabilities include stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read, all of which can lead to code execution when a user opens a malicious file. Thes...
Vulnerabilities fixed in IBM Security Verify Access Appliance
IBM has fixed vulnerabilities in IBM Security Verify Access Appliance Versions 10.0.0 to 10.0.8. The vulnerabilities include an ability for remote authenticated attackers to execute arbitrary commands on the system, privilege escalation for locally authenticated non-administrative users through...
Vulnerabilities discovered in Veritas Enterprise Vault
Vulnerabilities have been discovered in Veritas Enterprise Vault Specifically for versions earlier than 15.2. The vulnerabilities are in how Veritas Enterprise Vault handles the deserialization of untrusted data sent through a .NET Remoting TCP port. This enables malicious actors to execute...
Vulnerability fixed in Oracle Agile PLM Framework
Oracle has fixed a vulnerability in version 9.3.6 of the Agile PLM Framework. The vulnerability allows unauthenticated attackers with network access to gain access to sensitive data. Oracle has released an out-of-band update to fix the vulnerability. See attached references for more information...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...
Vulnerabilities fixed in Fortinet FortiClient
Fortinet has fixed vulnerabilities in FortiClient for Windows and macOS. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary commands on the system. Fortinet has released updates to fix the vulnerabilities. See attached references for...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS Cross-Site Scripting XSS. Increased user privileges Remote code execution User...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass a security measure and execute arbitrary code with user privileges, potentially gaining access to sensitive data in the victim's context. For successful abuse, the malicio...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco fixed vulnerabilities in Identity Services Engine ISE The vulnerabilities are located in the management interface and allow a malicious person to perform a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive...
Vulnerability fixed in Cisco Catalyst access points
Cisco has fixed a vulnerability in the Unified Industrial Wireless Software for Catalyst Heavy Duty Access Points. A malicious party could exploit the vulnerability to execute arbitrary commands on the underlying operating system without prior authentication. The vulnerability is located in the...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in Enterprise Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code User privileges - Execution of arbitrary code Administrator...
Vulnerabilities fixed in Oracle Commerce
Oracle has fixed vulnerabilities in Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code User privileges - Executio...
Vulnerabilities fixed in Oracle Peoplesoft
Oracle has fixed vulnerabilities in Peoplesoft. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service DoS, or to access and potentially manipulate personal sensitive data in the database. Oracle has released updates to fix the vulnerabilities. See attached references fo...
Vulnerabilities fixed in Moxa systems
Moxa has fixed vulnerabilities in several network components. A malicious party could exploit the vulnerabilities to modify configurations and execute arbitrary code on the vulnerable system. Moxa has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Juniper JunOS and JunOS Evolved
Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service by sending malformed BGP traffic. Juniper has made updates available to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Ivanti Cloud Services Appliance
Ivanti has fixed three vulnerabilities in Cloud Services Appliance. An authenticated malicious person who already has admin rights can exploit the vulnerabilities to remotely execute code and SQL statements, or bypass restrictions through path traversal. Ivanti reports that users of version 4.6...
Vulnerabilities fixed in Microsoft System Center
Microsoft has fixed vulnerabilities in System Center. A malicious person could exploit the vulnerabilities to impersonate another user, or execute arbitrary code with administrator privileges. To successfully achieve code execution, the malicious party must have LAN access to the system on which...
Vulnerabilities fixed in Microsoft Azure components
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges or execute code with administrator privileges. Azure Monitor: |----------------|------|-------------------------------------| | CVE ID | CVS...
Vulnerabilities fixed in Aruba Networks ArubaOS
Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the vulnerable system without prior authentication. For successful abuse, the malicious party must have access to the PAPI port udp 8211. It is good practice n...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges, access sensitive data or execute code with potentially SYSTEM privileges. Successful exploitation of the...
Vulnerability fixed in Kemp LoadMaster
Kemp Technologies has fixed a vulnerability in Kemp LoadMaster and Progress LoadMaster. A malicious party could exploit the vulnerability to execute arbitrary commands on the vulnerable system without prior authentication via specially prepared HTTP calls. For successful abuse, the malicious part...
Vulnerability fixed in Kubernetes
A vulnerability has been fixed in Kubernetes. The vulnerability is in the ingress-nginx module and allows a malicious person with permissions to create ingress objects to bypass a security measure to execute arbitrary code with permissions from the ingress-nginx controller. In a standard...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A malicious party could exploit the vulnerability to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file...
Vulnerabilities fixed in Docker Moby
A vulnerability has been fixed in Docker Moby. The vulnerability allows a malicious party to increase privileges via an API request by bypassing a security measure. This vulnerability is only exploitable when using an AuthZ plugin to manage access rights. The Docker team has released an update to...
Vulnerability fixed in Broadcom Symantec Privileged Access Management
Broadcom has fixed vulnerabilities in Broadcom Symantec Privileged Access Management. A malicious person could exploit the vulnerabilities to execute arbitrary code on the system or manipulate the operation of the system. The vulnerabilities with characteristics CVE-2024-36455, CVE-2024-36456 and...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle Virtualization. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Remote code execution User rights Oracle has made updates available to...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...
Vulnerability fixed in Oracle Hyperion
A vulnerability has been fixed in Oracle Hyperion. A malicious party could exploit the vulnerability to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Oracle has made updates available to fix the vulnerabilities. See the references for more...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to cause a Denial-of-Service. Successful exploitation requires the malicious party to win a race condition. .NET and Visual...
Vulnerabilities fixed in Microsoft Windows SQL Server
Microsoft has fixed vulnerabilities in Windows SQL Server. The vulnerabilities are in the Native Client of SQL Server and allow a malicious person to execute arbitrary code in the victim's context, potentially gaining access to sensitive data in Database environments to which the victim has acces...
Vulnerability fixed in Juniper JunOS
Juniper has fixed a vulnerability in JunOS Specifically for SRX series systems The vulnerability is in how the Packet Forwarding Engine PFE on vulnerable SRX systems processes traffic. Certain, albeit legitimate, traffic can cause the PFE to crash. A malicious party can exploit the vulnerability ...
Vulnerability fixed in OpenSSH
The developers of OpenSSH have fixed a vulnerability in OpenSSH The vulnerability allows a malicious party to execute arbitrary code with privileges of the sshd process without prior authentication. It cannot be ruled out that the ssh process is running with elevated privileges, making it possibl...