4189 matches found
Vulnerabilities fixed in Oracle Communications Applications
Oracle has fixed vulnerabilities in the following products: Communications ASAP Communications Billing and Revenue Management Communications BRM - Elastic Charging Engine Communications Design Studio Communications Instant Messaging Server Communications Offline Mediation Controller Communication...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Oracle Fusion Middleware products: Fusion Middleware HTTP Server Fusion Middleware MapViewer BI Publisher formerly XML Publisher BAM Business Activity Monitoring WebCenter Portal Business Intelligence Enterprise Edition Data Integrator WebLogic...
Vulnerabilities fixed in VMware ESXi
VMware has fixed two vulnerabilities in ESXi. The vulnerability with reference CVE-2021-21994 is located in the Small Footprint CIM Broker SFCB and allows a remote malicious person to bypass authentication. This requires rogue network traffic be sent to port 5989 of the ESXi server. The...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: Cause a denial-of-service, Bypass security measures, Execute arbitrary code, Obtain elevated privileges, Access sensitive data. The vulnerabilities marked CVE-2021-26867 CVSS...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A remote malicious person could potentially exploit them to execute arbitrary code, to obtain elevated privileges obtain elevated privileges, to access sensitive data or to perform a denial-of-service attack. Below is a summary of the various...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...
Vulnerabilities fixed in GitLab Enterprise and Community Editions
GitLab has fixed several vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure...
Vulnerabilities fixed in FortiNet FortiOS
FortiNet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Access to sensitive data Increased user privileges With the...
Vulnerabilities fixed in Tracker software PDF-Xchange
Tracker Software has fixed several vulnerabilities in PDF-Xchange. The vulnerabilities are located in the various filters for graphics files and allow a malicious party to cause a denial-of-service, or potentially execute arbitrary code execute with user privileges. Abuse requires the malicious...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in IOS XR. A malicious person could exploit the vulnerabilities to circumvent a security measure bypass, cause a denial-of-service, or execute arbitrary execute arbitrary code on the vulnerable system. To successfully execute arbitrary code, the malicious party mus...
Vulnerabilities fixed in Cisco IOS XE
Cisco has fixed vulnerabilities in IOS XE. An authenticated malicious party could exploit the vulnerabilities to gain access to system data, cause a denial-of-service, or to grant themselves elevated privileges and potentially execute arbitrary execute arbitrary code on the vulnerable system. To...
Vulnerabilities fixed in Dell PowerEdge
Dell has fixed vulnerabilities in PowerEdge Server based on the AMD EPYC platform. The vulnerabilities allow a local malicious party to cause a denial-of-service, access gain access to sensitive data or potentially execute code. Dell has released updates to fix the vulnerabilities. For more...
Vulnerabilities fixed in F5 products
Vulnerabilities have been fixed in products from F5, including BIG-IP and Traffix SDC. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Aruba has fixed vulnerabilities in ClearPass Policy Manager CPPM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of...
Vulnerabilities fixed in Aruba AOS-CX switches
Vulnerabilities have been fixed in Aruba AOS-CX switches. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Remote code execution...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in Microsoft SQL Server. The vulnerability allows a malicious party to launch Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attack. execute. By combining the two methods, an attacker can execute arbitrary code on the server under the privileges o...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Google Android. The most serious of these vulnerabilities is a critical security issue in the Media Framework component that allows an external malicious party can execute arbitrary code within the context of an authorized process. Google released update...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Specifically for Ventura 13.7.6, Sequoia 15.5 and Sonoma 14.7.6. The vulnerabilities include several issues, such as memory damage from processing maliciously created Web content, unauthorized access to sensitive user data, and unexpected system...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform The vulnerabilities allow low-privileged users to abuse higher user privileges, which can lead to unauthorized actions and access to sensitive information. This can occur through phishing attacks and Cross-Site Request...
Vulnerabilities fixed in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in several products, including FortiOS, FortiProxy, FortiPAM, FortiSwitchManager, FortiSandbox, FortiManager and FortiAnalyzer. The vulnerabilities include the ability for privileged attackers to execute arbitrary code or commands by sending specially crafted...
Vulnerabilities fixed in Fortinet FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary code, gain access to sensitive data or to elevate privileges. The vulnerability with reference CVE-2024-23112 applies to FortiOS and FortiProxy SSLVPN, and allows...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Manipulation of data. Circumvention of security measure Spoofing Access to sensitive data...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed several vulnerabilities in Illustrator 2021 and 2022. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application, or to gain access to sensitive data. The malicious party must trick the victim into opening a rogue file. Adobe ha...
Vulnerability fixed in Fortinet products
Vulnerabilities have been fixed in several products from Fortinet. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Fusion Middleware products: Business Intelligence Enterprise Edition Business Process Management Suite Coherence Data Integrator HTTP Server Helidon Identity Manager Identity Manager Connector Internet Directory JDeveloper Managed File Transfer...
Vulnerabilities fixed in Autodesk products
Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities potentially allow a malicious person to execute code under the application's permissions. To exploit requires a malicious party to trick a user into opening a rogue file open. The vulnerabilities are in two modules...
Vulnerabilities fixed in Autodesk products
Autodesk has fixed vulnerabilities in several products. The vulnerabilities allow an unauthenticated remote malicious person to remote user to execute arbitrary code under privileges of the user and to manipulate data. To exploit the vulnerabilities exploit, the malicious party must induce the...
Vulnerabilities fixed in Cisco Unified Communications Manager
Vulnerabilities have been fixed in Cisco Unified Communications Manager. An authenticated malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-1478 potentially exploit it to cause a Denial-of-Service attack. To do so, the Java Management Extensions JMX network...
Vulnerabilities fixed in MongoDB
Vulnerabilities have been fixed in MongoDB. The vulnerabilities allow an unauthorized remote malicious person to obtain opportunity to obtain sensitive data. The malicious party must perform a successful man-in-the-middle attack that undoes the encryption of data is undone. Exploiting this...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS SQL Injection Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Bypassing...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.8, 2022.6 and earlier. The vulnerabilities in Adobe Framemaker are related to several types of vulnerabilities, including Heap-based Buffer Overflow, Integer Underflow, and NULL Pointer Dereference. These vulnerabilities can lead t...
Vulnerabilities fixed in Gitlab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data, or execute code in the context of another user, potentially including users with administrator...
Vulnerabilities fixed in Oracle VirtualBox
Oracle has fixed vulnerabilities in VirtualBox. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data For successf...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Remote code execution...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Bypassing security measure SQL...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Increased user privileges...
Vulnerability fixed in Cisco Meeting Server
A vulnerability has been fixed in Cisco Meeting Server. The vulnerability has been labeled CVE-2021-40122 and allows an unauthenticated remote malicious party to cause a Denial-of-Service DoS attack. By sending a large amount of messages to the vulnerable API Call Bridge, a malicious party can...
Vulnerabilities fixed in Microsoft Office products
Microsoft fixes multiple vulnerabilities in Microsoft Office and OneDrive products. A malicious party could potentially exploit them to execute arbitrary code, to obtain elevated privileges gain access to sensitive data, or for performing a Cross-Site-Scripting XSS attack. This could include if t...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in the command-line interface CLI of Cisco IOS XR, which allows authenticated local attackers to execute arbitrary root-level commands or obtain full administrative privileges. In addition, there is a problem with t...
Multiple vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed vulnerabilities in Spectrum Protect and software bundled with Spectrum Protect. The bundled software covers previously fixed vulnerabilities in underlying products and libraries such as Golang, DB2, Node.js, PostgreSQL, OpenSSH, OpenSSH and others. Previous security advisories...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed several vulnerabilities in its products, including Oracle Fusion Middleware, Oracle WebLogic Server, and Oracle HTTP Server. The vulnerabilities are in several Oracle products, including Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, which allow unauthenticated...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to circumvent a security measure, gain access to arbitrary files on the vulnerable system and execute arbitrary code. Adobe has released updates to fix the vulnerabilities in Adobe Commerc...
Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS
Aruba Networks has fixed vulnerabilities in systems running run on ArubaOS and InstantOS. An unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to system data or execute code on the underlying system with user privileges. To exploit the...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution User Rights...
Vulnerabilities fixed in Cisco ASA and FTD
Vulnerabilities have been fixed in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS...
Vulnerabilities fixed in NVIDIA GPU Display Drivers
NVidia has fixed vulnerabilities in the GPU Display Driver, and supporting software. The vulnerabilities allow a local malicious party to carry out attacks resulting in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Acrobat, After Effects, Photoshop and Reader. The vulnerabilities allow a malicious person to able to execute arbitrary code within the context of the user. The vulnerabilities in Acrobat and Reader additionally allow a malicious party the ability to view...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication. Remote code execution...