4189 matches found
Vulnerabilities fixed in Fortinet FortiNAC
Fortinet has fixed vulnerabilities in FortiNAC. A unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code or manipulate files on the FortiNAC system. This requires malicious network traffic must be sent to TCP port 1050 or 5555. Fortinet has released updates t...
Vulnerabilities fixed in Apple macOS, iOS, iPadOS and Safari
Apple has fixed vulnerabilities in macOS, iOS, iPadOS and Safari. An unauthenticated malicious person could exploit them to execute arbitrary code on the vulnerable system. The most serious vulnerability has been assigned attribute CVE-2023-32434 assigned and allows a malicious person to execute...
Vulnerabilities fixed in Mattermost
The developers of Mattermost have fixed vulnerabilities in Mattermost. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, bypass, manipulate the operation of the application and thus gain access gain access to channels and conversations to...
Vulnerabilities fixed in Liferay Portal and DXP
Liferay has fixed vulnerabilities in Portal and DXP. A malicious party can exploit the vulnerabilities for various redirection attacks, such as Cross-site Scripting XSS and Cross-Source-Request-Forgery CSRF. Such attacks can lead to execution of script code in the context of the victim's browser,...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A local malicious party can exploit the vulnerabilities to gain elevated permissions and affect the operation of Apex One, or to execute arbitrary code with elevated privileges. Trend Micro has released updates to address the vulnerabilities fixe...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange. A authenticated malicious person with the ability to Powershell scripts can execute the vulnerabilities exploit them to execute arbitrary code with permissions from the application. Microsoft Exchange Server:...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Power Apps and Dynamics. An authenticated malicious person could exploit the vulnerabilities to impersonate another user and execute arbitrary code execute arbitrary code with privileges of that user. Microsoft Power Apps:...
Vulnerabilities fixed in VMware Aria Operations Networks
VMware has fixed vulnerabilities in Aria Operations Networks aka vRealize Network Insight. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code on the underlying system. The most serious vulnerability has been labeled CVE-2023-20887 an...
Vulnerability fixed in Cisco ASA and Firepower Threat defense
Cisco has fixed a vulnerability in ASA and FTD. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the vulnerable system. The vulnerability is in the way ASA and FTD handle SSL/TLS traffic. Cisco has released updates to fix the vulnerability i...
Vulnerabilities fixed in GeoServer
GeoServer has fixed vulnerabilities in the OGC filters of GeoServer and GeoTools. A malicious party can exploit exploit the vulnerabilities to improperly access publicly access publicly accessible data or execute arbitrary SQL code on the underlying database. execute arbitrary SQL code on the...
Vulnerabilities fixed in IBM Aspera Connect and Aspera Cargo
IBM has fixed vulnerabilities in Aspera Connect and Aspera Cargo. A malicious party could exploit the vulnerabilities to access gain access to login credentials, or to be able to execute arbitrary code execute with application privileges. IBM has released updates to fix the vulnerabilities in...
Vulnerability fixed in VMWare Workspace ONE and Identity Manager
VMWare has fixed a vulnerability in Workspace ONE and Identity Manager vIDM. A malicious party could exploit it for a redirect attack, thus tricking the victim into trick the victim into contacting a server under its own control. This may allow the malicious party to obtain login credentials and...
Vulnerabilities fixed in Joomla!
Joomla! has fixed vulnerabilities in the MultiFactor Authentication system of Joomla! CMS. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack, or to use brute force to access the account. forcing to gain access to a user's account and...
Vulnerabilities fixed in Dell EMC Powerpath
Dell has fixed vulnerabilities in Powerpath. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute code with SYSTEM privileges, or to gain access to the license key and thereby perform unauthorized new installations. Dell has released updat...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Tracker Software PDF-Xchange
Tracker Software has fixed vulnerabilities in PDF-Xchange. A malicious party could exploit the vulnerabilities to cause a denial-of-service and potentially execute code with privileges of the victim. This requires the malicious party to trick the victim into opening a malicious file to open...
Vulnerability fixed in Netapp SnapCenter
Netapp has fixed a vulnerability in SnapCenter. A unauthenticated malicious party could exploit the vulnerability to gain access to the backup environment with administrator privileges. This allows the malicious party to gain access to sensitive information, manipulate data or cause a...
Firmware and Intel Boot Guard keys leaked in ransomware attack on MSI
In late March, hardware manufacturer MSI was hit by a ransomware attack. As a result of this ransomware attack, private keys were according to security firm Binarly, private keys were leaked that are used to digitally sign firmware for motherboards. Also compromised were private keys used by Inte...
Vulnerability fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person with user privileges could exploit the vulnerability to use a GraphQL endpoint to install rogue runners in any project within the environment and thus execute arbitrary code execute. GitL...
Vulnerabilities fixed in Xwiki
The developers of Xwiki have released updates to fix the vulnerabilities fixed in Xwiki 15.0-rc-1, 14.10.1, 14.4.8 & 13.10.11. For more information, see: https://github.com/xwiki/xwiki-platform/security/advisories /GHSA-jgrg-qvpp-9vwr https://github.com/xwiki/xwiki-platform/security/advisories...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards products. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User Rights Access to...
Vulnerabilities fixed in Oracle Peoplesoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data...
Vulnerabilities fixed in Oracle Essbase
Oracle has fixed vulnerabilities in Oracle Essbase. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to gain access to sensitive data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerabilities fixed in IBM AIX
IBM has fixed vulnerabilities in AIX. The vulnerabilities allow a local, authenticated user to execute arbitrary execute commands on the system. Even those for which the malicious user is not initially authorized to do. IBM has released updates to fix the vulnerabilities in AIX. For more...
Vulnerabilities fixed in Fortinet FortiSandbox
Fortinet has fixed vulnerabilities in FortiSandbox. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, or to gain access to sensitive data from within the underlying system. Fortinet has released updates to fix the vulnerabilities in FortiSandbox. For mo...
Vulnerabilities fixed in FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious person with access to the management interface can exploit the vulnerability with attribute CVE-2022-41330 to exploit it to perform a cross-site scripting XSS attack. Such an attack can lead to execution of arbitrary code i...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in the Azure components Service Connector and Machine Learning. A malicious party could exploit the vulnerabilities to bypass internal firewall rules, or to gain access to logging data. The malicious party must be authenticated with the appropriate...
Vulnerabilities fixed in Dell EMC Networker
Dell has fixed vulnerabilities in EMC Networker. A authenticated malicious person could exploit the vulnerabilities to bypass security measures or execute arbitrary code execute application privileges on the underlying system. Under normal circumstances, the application runs with limited...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root righ...
Vulnerability fixed in Adobe Creative Cloud Desktop Application
Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A local malicious person could abuse the vulnerability to execute arbitrary code. The malicious party does not need prior authorizations on the application. Adobe has released updates to fix the vulnerability in Creative Cloud...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A local malicious person could exploit the vulnerabilities to execute arbitrary code execute with application privileges, or to access gain access to sensitive data in the context of the application. Adobe has released updates to fix the vulnerabiliti...
Vulnerability fixed in FortiOS
FortiNet has fixed a vulnerability in FortiOS. The vulnerability is located in the management environment and allows an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, or execute arbitrary code on the...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...
Vulnerability fixed in Cisco Finesse and Unified Contact Center
Cisco has fixed a vulnerability in Finesse and Unified Contact Center. The vulnerability is in the nginx component. When configured as a reverse proxy, an unauthenticated remote malicious person could exploit it to cause a denial-of-service on the system. Cisco has released updates to fix the...
Vulnerabilities fixed in HP Serviceguard
HP has fixed vulnerabilities in Serviceguard. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or possibly to execute arbitrary code with application privileges. HP has released updates to fix the vulnerabilities in Serviceguard linux A.15.00.00 and A.12.80.05. F...
Vulnerabilities fixed in IBM MQ Operator and Queue Manager
IBM has fixed vulnerabilities in MQ Operator and Queue Manager. An unauthenticated malicious person could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system. The vulnerabilities are located in the underlying libksba and sqlite libraries. IBM...
Vulnerabilities fixed in Git and GitLab
The Git community has fixed vulnerabilities in Git. A malicious party with a repository under its control could exploit the vulnerabilities to gain access to sensitive data, or overwrite arbitrary files on the system of the victim's system. The vulnerability is in the way Git handles symbolic...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office components. For an overview of the vulnerabilities, see list below. The most serious vulnerability is in MS Word and has attribute CVE-2023-21716 assigned. This vulnerability allows a remote malicious person to execute arbitrary code with user...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in IBM Qradar SIEM
IBM has fixed several vulnerabilities in Qradar SIEM. The vulnerabilities are in underlying third-party products and have been previously fixed by the relevant developers and already previously described in previous security advisories. IBM is now bundling these updates now in the latest version ...
Vulnerability fixed in Dell EMC Networker
Dell has fixed a vulnerability in EMC Networker client. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. The vulnerability can be exploited when the Networker Client uses the oldauth authentication method. Dell has released...
Vulnerability fixed in Dell Repository Manager
Dell has fixed a vulnerability in Repository Manager. A local malicious person could exploit the vulnerability to execute arbitrary code on the underlying operating system. The vulnerability can be exploited during the installation of systems. Dell has released updates to fix the vulnerability in...
Vulnerabilities fixed in F5 BIG-IP
F5 has incorporated several vulnerabilities into BIG-IP. A malicious party could exploit the vulnerabilities to bypass security measures to enable traffic that is not permitted. Also, a malicious party could exploit the vulnerabilities to cause a denial-of-service on sub-processes of the BIG-IP...
Vulnerability fixed in VMware vRealize Operations
A vulnerability has been fixed in VMware vRealize Operations. A malicious person with user privileges within the same network is able to able to bypass Cross-Site Request Forgery CSRF protection. As a result, a malicious party may be able to launch a CSRF attack cross-site request forgery attack ...
Vulnerability remedied in Keycloak
A vulnerability has been fixed in Keycloak. A malicious party can exploit the vulnerability to gain access via path-traversal to sensitive data. The vulnerability is caused by the fact that URL redirects where the client accepts wildcards are not correctly are processed correctly. -= Red Hat =- R...
Vulnerability found in KeePass
A vulnerability has been found in KeePass. A malicious person could potentially exploit the vulnerability to gain access to data stored in a KeePass database. This could include usernames, passwords and email addresses. Successful misuse requires that the malicious party have access to the system...
Vulnerabilities fixed in Juniper Junos OS
Juniper has fixed vulnerabilities in Junos OS for several products. A malicious party could potentially exploit them to cause a denial-of-service. The vulnerabilities CVE-2023-22391, CVE-2023-22396, CVE-2023-22399 and CVE-2023-22403 can be exploited by an unauthenticated malicious person via the...