4189 matches found
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in QRadar SIEM and in the QRadar Assistant App. A malicious party could potentially exploit them for attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerability found in Cisco Identity Services Engine (ISE)
A vulnerability has been found in Cisco Identity Services Engine ISE. A malicious party could potentially exploit it to access and delete files stored on the vulnerable system. Successful exploitation requires authenticated access to the management interface required. It is good practice to make...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the following products:...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root privileges Access to sensitive...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive data Oracle has fixed vulnerabilities i...
Vulnerability fixed in Oracle Hyperion
Oracle has fixed a vulnerability in Oracle Hyperion Infrastructure Technology. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code to execute under the application's permissions. Oracle has fixed vulnerabilities in the following products: - Oracle...
Vulnerability fixed in Palo Alto PAN-OS
Palo Alto has fixed a vulnerability in PAN-OS. The vulnerability allows a malicious person to remotely bypass authentication and impersonate an existing PAN-OS Administrator. This allows the malicious party with administrator privileges to perform actions and execute arbitrary code. Palo Alto...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to impersonate another user. The vulnerability with attribute CVE-2022-37968 has a CVSS of 10.0. If an unauthenticated malicious person uses the randomly generat...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in RUGGEDCOM, among others, SCALANCE, SIMATIC, and Logo! products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of...
Vulnerabilities fixed in IBM Tivoli Monitoring
IBM has fixed vulnerabilities in Tivoli Monitoring. The vulnerabilities are in underlying software, such as Java Runtime, zlib and Eclipse and allow a malicious person to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Tivoli...
Vulnerabilities found in Microsoft Exchange Sever
GTSC, a Vietnamese security company has found vulnerabilities in Microsoft Exchange Server 1. The vulnerabilities allow a malicious party able to execute a Server-Side Request Forgery and to execute arbitrary code. The vulnerabilities have similarities to the Exchange vulnerability from 2021 call...
Vulnerabilities fixed in SolarWinds Orion
Vulnerabilities have been fixed in SolarWinds Orion. The vulnerabilities allow an authenticated malicious person with access to the network is able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access t...
Vulnerabilities fixed in Matrix SDKs
Matrix has fixed vulnerabilities in the following SDKs; matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2. These SDKs are used in a number of Matrix-based clients including the popular Element. The vulnerabilities allow a malicious able to perform attacks that result in the following categori...
Vulnerabilities fixed in Autodesk AutoCAD and Design Review
Vulnerabilities have been fixed in Autodesk AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code by having AutoCAD and Design Review process a rogue file to be processed. Autodesk has released updates to address the vulnerabilities. fix. More informatio...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication Remote code execution Administrator/Root rights Access to...
Vulnerabilities fixed in Sophos Firewall
Sophos has fixed vulnerabilities in Sophos Firewall. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks leading to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Microsoft Azure
A vulnerability has been fixed in Microsoft Azure. A authenticated malicious party could potentially abuse it to obtain elevated privileges and execute arbitrary code under root privileges. Microsoft indicates that proof-of-concept code is known for this vulnerability. Microsoft has made updates...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Aruba has fixed vulnerabilities in ClearPass Policy Manager CPPM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Remote code execution Administrator/Roo...
Vulnerabilities fixed in WatchGuard firewalls
Several vulnerabilities have been fixed in WatchGuard firewall products. An unauthenticated remote malicious agent could vulnerability potentially exploit it to execute arbitrary code under root privileges. To be exploited, however, the management interface, however, must be accessible via the...
Vulnerabilities fixed in Foxit PDF Editor
Vulnerabilities have been fixed in Foxit PDF Editor. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, to obtain sensitive data, or to execute arbitrary code in the scope of the application. This requires the malicious party to trick the victim into opening a rogue...
Vulnerabilities fixed in SonicWall SMA100
Sonicwall has fixed two vulnerabilities in the firmware of SMA100 systems. An authenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service, or to gain access to system data. The vulnerability that could lead to access to system data has not been assigned...
Vulnerabilities fixed in Cisco NX-OS and FXOS
Cisco has fixed vulnerabilities in NX-OS and FXOS for various Firepower, Nexus and UCS hardware. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or use command-injection to execute commands on the vulnerable system with root privileges. To exploit the...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in the underlying software of QRadar SIEM. The vulnerabilities are in supporting software, such as Expat, Eclipse, the Kernel and SASL. For the vulnerabilities, previous security advisories have been issued. These updates to QRadar SIEM are a bundle. A malicious part...
Vulnerabilities fixed in Splunk
Splunk has fixed vulnerabilities in Splunk Enterprise and Universal Forwarder. A malicious party could potentially exploit them to cause a denial-of-service, bypassing security measures or to gain access to system data. The most serious vulnerability involves causing a Denial-of-Service. For this...
Vulnerabilities fixed in ArcGis products
Esri has fixed vulnerabilities in ArcGis Portal and ArcReader. A malicious party could exploit the vulnerabilities to obtain system information, access sensitive data without prior authorization, or to perform a cross-site scripting XSS attack. Such attacks can lead to the execution of JavaScript...
Vulnerabilities fixed in HP Integrated Lights-out (ILO)
HP has fixed vulnerabilities in the firmware of HP Integrated Lights-out of several HP Apollo, Proliant, Edgeline and StoreEasy server systems. A local malicious person with access to the systems, or the physical management infrastructure, could exploit them to cause a denial-of-service, the...
Vulnerability fixed in Zoom for macOS
Zoom has fixed a vulnerability in the Zoom Client for macOS. A local malicious person with user privileges could exploit to execute arbitrary code under privileges of root. The vulnerability is located in Zoom's installer and makes it possible to substitute the zoom client update for any other...
Vulnerabilities fixed in Emerson DeltaV
Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the vulnerabilities to execute arbitrary code and manipulating...
Vulnerabilities fixed in Tenable Nessus Agent
Vulnerabilities have been fixed in Tenable Nessus Agent. The vulnerabilities allow a malicious person with elevated privileges to able to execute arbitrary code under administrator privileges and the read arbitrary files on the underlying system. Tenable has released a new version of Nessus Agent...
Vulnerabilities fixed in Google Android and Samsung Mobile (Android)
Google has fixed several vulnerabilities in Android. In addition to the vulnerabilities fixed by Google, Samsung has also fixed 21 additional vulnerabilities fixed specifically for Samsung Mobile hardware. A malicious party could potentially exploit them to cause the following categories of damag...
Vulnerabilities fixed in Trend Micro Apex One
Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to increase its permissions and thereby load untrusted files. load. Trend Micro has released updates to fix the vulnerabilities fixes in Apex One. For more information, see:...
Vulnerabilities fixed in Ctrix ADC and Gateway
Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. The vulnerabilities allow a remote malicious party able to effect a denial-of-service DoS. For CVE-2022-27508 does not require authentication, while CVE-2022-27507 does. The CVE-2022-27507 vulnerability is only exploitable when...
Vulnerability fixed in Cisco IOS XR
A vulnerability has been fixed in Cisco IOS XR. The vulnerability in the health check RPM of Cisco IOS XR software could allow an unauthenticated, remote malicious party to gain access gain access to the Redis environment. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For...
Vulnerability fixed in BIND
ISC has fixed a vulnerability in BIND. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party must prematurely break a TLS connection to the vulnerable server. TLS is used for both DNS over TLS DoT and DNS over HTT...
Vulnerability fixed in SonicWall SMA100
SonicWall has fixed a vulnerability in the SMA100. The vulnerability allows an authenticated remote malicious person potentially be able to use the management interface to execute arbitrary commands execute as "root" on the underlying system, or to cause a denial-of-service. SonicWall has release...
Vulnerabilities fixed in SUSE Linux Enterprise kernel
SUSE has fixed vulnerabilities in the Linux kernel. A authenticated malicious person could potentially exploit them to cause a denial-of-service or to obtain elevated privileges. -= SUSE =- SUSE has made updates available to fix the vulnerability fixes in SUSE 12 and 15. You can install these...
Vulnerabilities fixed in HPE Integrated Lights-Out
HPE has fixed a vulnerability in Integrated Lights-Out. The vulnerability allows an authenticated remote malicious party to able to cause a denial-of-service. Few substantive details about the vulnerability publicly available made available. HPE has released updates to fix the vulnerability. For...
Vulnerabilities fixed in switches from Avaya and Aruba Networks
Researchers at cybersecurity firm Armis have discovered vulnerabilities discovered in implementations of the NanoSSL library. Armis has discovered that in certain network equipment from Aruba and Avaya error messages are not properly processed causing security problems. Previously, Armis has foun...
Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition
Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation ...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...
Vulnerabilities fixed in Autodesk products
Autodesk has fixed vulnerabilities in several products including AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code under rights of the application. To do this, the malicious party needs to victim to open a rogue file. Autodesk has released updates to...
Vulnerabilities fixed in Asterisk
Vulnerabilities have been fixed in Asterisk and Certified Asterisk. These vulnerabilities potentially allow a malicious party to perform an SQL injection attack, issue arbitrary requests or download send arbitrary requests or download larger than allowed files. Asterisk has made updates available...
Vulnerabilities fixed in Apache Subversion (SVN)
Apache has fixed vulnerabilities in Subversion SVN. The vulnerabilities allow an unauthenticated remote malicious agent to remotely capable of causing a denial-of-service or obtain system information. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Spoofing Access to sensitive data The tables below provide an...
Vulnerabilities fixed in VMware products
Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Bypassing authentication Circumvention of security measure Remote code...
Vulnerabilities fixed in MediaWiki
There are vulnerabilities in MediaWiki. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To exploit, the malicious party must be able to modify page titles or only be able to modify a specially prepared URI to visit. A malicious party can exploi...
Vulnerability fixed in ABB 800xA for AC. 800MCompact
ABB has fixed a vulnerability in 800xA, Control Software for AC 800MCompact. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to perform a denial-of-service. ABB has released updates to fix the vulnerability. Mitigating measures have als...