4190 matches found
Vulnerability fixed in Adobe Creative Cloud Desktop Application
Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A local malicious person could abuse the vulnerability to execute arbitrary code. The malicious party does not need prior authorizations on the application. Adobe has released updates to fix the vulnerability in Creative Cloud...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A local malicious person could exploit the vulnerabilities to execute arbitrary code execute with application privileges, or to access gain access to sensitive data in the context of the application. Adobe has released updates to fix the vulnerabiliti...
Vulnerability fixed in FortiOS
FortiNet has fixed a vulnerability in FortiOS. The vulnerability is located in the management environment and allows an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, or execute arbitrary code on the...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. A remote malicious person could exploit the vulnerabilities to perform execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerability fixed in Cisco Finesse and Unified Contact Center
Cisco has fixed a vulnerability in Finesse and Unified Contact Center. The vulnerability is in the nginx component. When configured as a reverse proxy, an unauthenticated remote malicious person could exploit it to cause a denial-of-service on the system. Cisco has released updates to fix the...
Vulnerabilities fixed in HP Serviceguard
HP has fixed vulnerabilities in Serviceguard. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or possibly to execute arbitrary code with application privileges. HP has released updates to fix the vulnerabilities in Serviceguard linux A.15.00.00 and A.12.80.05. F...
Vulnerabilities fixed in Cisco Firepower and UCS Fabric Interconnect systems
Cisco has fixed vulnerabilities in FX-OS, as used in Firepower and UCS Fabric systems. The vulnerability with reference CVE-2023-20016 allows a malicious person with access to backups to gain access to the backup data from the vulnerable devices. This allows the malicious party gain access to the...
Vulnerabilities fixed in IBM MQ Operator and Queue Manager
IBM has fixed vulnerabilities in MQ Operator and Queue Manager. An unauthenticated malicious person could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system. The vulnerabilities are located in the underlying libksba and sqlite libraries. IBM...
Vulnerabilities fixed in ClamAV
ClamAV has fixed two vulnerabilities in ClamAV. A unauthenticated remote malicious person could exploit them to obtain sensitive information, or to execute arbitrary code with privileges from ClamAV. ClamAV has released updates to fix the vulnerabilities in ClamAV 1.0.1, 0.105.2 and 0.103.8. For...
Vulnerabilities fixed in Git and GitLab
The Git community has fixed vulnerabilities in Git. A malicious party with a repository under its control could exploit the vulnerabilities to gain access to sensitive data, or overwrite arbitrary files on the system of the victim's system. The vulnerability is in the way Git handles symbolic...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office components. For an overview of the vulnerabilities, see list below. The most serious vulnerability is in MS Word and has attribute CVE-2023-21716 assigned. This vulnerability allows a remote malicious person to execute arbitrary code with user...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in IBM Qradar SIEM
IBM has fixed several vulnerabilities in Qradar SIEM. The vulnerabilities are in underlying third-party products and have been previously fixed by the relevant developers and already previously described in previous security advisories. IBM is now bundling these updates now in the latest version ...
Vulnerabilities fixed in Apple macOS, iOS, iPadOS and Safari
Apple has fixed vulnerabilities in macOS Ventura, iOS, iPadOS and Safari for Big Sur and Monterey. A malicious party could exploit vulnerabilities to execute arbitrary code, or to gain access to sensitive data. To execute code with kernel privileges, or to gain access to sensitive data, the...
Vulnerability fixed in Dell EMC Networker
Dell has fixed a vulnerability in EMC Networker client. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. The vulnerability can be exploited when the Networker Client uses the oldauth authentication method. Dell has released...
Vulnerability fixed in Dell Repository Manager
Dell has fixed a vulnerability in Repository Manager. A local malicious person could exploit the vulnerability to execute arbitrary code on the underlying operating system. The vulnerability can be exploited during the installation of systems. Dell has released updates to fix the vulnerability in...
Vulnerabilities fixed in F5 BIG-IP
F5 has incorporated several vulnerabilities into BIG-IP. A malicious party could exploit the vulnerabilities to bypass security measures to enable traffic that is not permitted. Also, a malicious party could exploit the vulnerabilities to cause a denial-of-service on sub-processes of the BIG-IP...
Vulnerability fixed in VMware vRealize Operations
A vulnerability has been fixed in VMware vRealize Operations. A malicious person with user privileges within the same network is able to able to bypass Cross-Site Request Forgery CSRF protection. As a result, a malicious party may be able to launch a CSRF attack cross-site request forgery attack ...
Vulnerability remedied in Keycloak
A vulnerability has been fixed in Keycloak. A malicious party can exploit the vulnerability to gain access via path-traversal to sensitive data. The vulnerability is caused by the fact that URL redirects where the client accepts wildcards are not correctly are processed correctly. -= Red Hat =- R...
Vulnerability found in KeePass
A vulnerability has been found in KeePass. A malicious person could potentially exploit the vulnerability to gain access to data stored in a KeePass database. This could include usernames, passwords and email addresses. Successful misuse requires that the malicious party have access to the system...
Vulnerabilities fixed in Juniper Junos OS
Juniper has fixed vulnerabilities in Junos OS for several products. A malicious party could potentially exploit them to cause a denial-of-service. The vulnerabilities CVE-2023-22391, CVE-2023-22396, CVE-2023-22399 and CVE-2023-22403 can be exploited by an unauthenticated malicious person via the...
Vulnerability fixed in Azure Service Fabric
A vulnerability has been fixed in Microsoft Azure Service Fabric Container. The vulnerability potentially allows a malicious party to able to take over the vulnerable Service Fabric cluster. Azure Service Fabric Container: |----------------|------|-------------------------------------| | CVE ID |...
Vulnerability fixed in MISP
A vulnerability has been fixed in MISP. The vulnerability allows an authenticated malicious person to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application being visited. CIRCL has released an...
Vulnerabilities fixed in HCL Lotus Notes
HCL has fixed vulnerabilities in Lotus Notes. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or to potentially execute arbitrary execute arbitrary code with user privileges. HCL has released updates to fix the vulnerabilities in Lotus Notes 9.0....
Vulnerability fixed in HP OfficeConnect 1820 and 1850 switches
HPO has fixed a vulnerability in the firmware of its OfficeConnect 1820 and 1850 switches. An unauthenticated malicious party could, by exploiting the vulnerability, perform a directory traversal and thereby gain access to system data. This data could potentially be used to setting up further...
Vulnerability fixed in NetApp OnCommand Insight
NetApp has fixed a vulnerability in OnCommand Insight. A unauthenticated malicious person with access to the management interface, could exploit the vulnerability to obtain system data and cause a denial-of-service cause. The vulnerability does not allow the malicious party to access the collecte...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious party to obtain elevated privileges or to obtain sensitive data. The vulnerabilities marked CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023 are vulnerabilities in RC4-HMAC that were previously fixed by Microsoft. Th...
Vulnerability fixed in Exact Synergy
A vulnerability has been fixed in Exact Synergy Enterprise. The vulnerability allows a malicious party to use Cross-Site Scripting XSS to execute arbitrary code under the rights of the user. A malicious party needs to be authenticated to be able to see within the application a profile picture, in...
Vulnerabilities fixed in Lansweeper
Vulnerabilities have been fixed in Lansweeper. The vulnerabilities allow a malicious party to access sensitive data and to execute arbitrary code execute arbitrary code under administrator/root privileges. The vulnerabilities marked CVE-2022-32573 and CVE-2022-29517 are exploited by sending a rog...
Vulnerabilities fixed in Sophos firewall
Sophos has fixed several vulnerabilities in Sophos firewall. A malicious party could exploit the vulnerabilities to obtain system data through API calls and Cross-Site-Scripting XSS attacks. In addition, arbitrary code can be executed if the malicious party has gained management rights or gained...
Vulnerabilities fixed in SolarWinds products
Vulnerabilities have been fixed in several SolarWinds products, including Platform and Orion. The vulnerabilities allow an authenticated malicious person able to execute arbitrary code execute under application permissions or to elevate permissions. SolarWinds has released updates to address the...
Vulnerability fixed in Zoom
A vulnerability has been fixed in Zoom. The vulnerability allows a local malicious party to gain access to sensitive data, such as meeting data and chat messages sent during meetings. This is caused by a combination of insufficient cleaning of the data after the meeting is closed and the use of a...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in QRadar SIEM and in the QRadar Assistant App. A malicious party could potentially exploit them for attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in ArubaOS and SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and Aruba Mobility Conductor formerly Mobility Master which are used in various Aruba Networks access points. A malicious party can exploit the vulnerabilities to execute arbitrary code on the vulnerable system. execute arbitrary code on the...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerability found in Cisco Identity Services Engine (ISE)
A vulnerability has been found in Cisco Identity Services Engine ISE. A malicious party could potentially exploit it to access and delete files stored on the vulnerable system. Successful exploitation requires authenticated access to the management interface required. It is good practice to make...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the following products:...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive data Oracle has fixed vulnerabilities i...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root privileges Access to sensitive...
Vulnerability fixed in Oracle Hyperion
Oracle has fixed a vulnerability in Oracle Hyperion Infrastructure Technology. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code to execute under the application's permissions. Oracle has fixed vulnerabilities in the following products: - Oracle...
Vulnerability fixed in Palo Alto PAN-OS
Palo Alto has fixed a vulnerability in PAN-OS. The vulnerability allows a malicious person to remotely bypass authentication and impersonate an existing PAN-OS Administrator. This allows the malicious party with administrator privileges to perform actions and execute arbitrary code. Palo Alto...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to impersonate another user. The vulnerability with attribute CVE-2022-37968 has a CVSS of 10.0. If an unauthenticated malicious person uses the randomly generat...
Vulnerabilities fixed in IBM Tivoli Monitoring
IBM has fixed vulnerabilities in Tivoli Monitoring. The vulnerabilities are in underlying software, such as Java Runtime, zlib and Eclipse and allow a malicious person to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Tivoli...
Vulnerabilities found in Microsoft Exchange Sever
GTSC, a Vietnamese security company has found vulnerabilities in Microsoft Exchange Server 1. The vulnerabilities allow a malicious party able to execute a Server-Side Request Forgery and to execute arbitrary code. The vulnerabilities have similarities to the Exchange vulnerability from 2021 call...
Vulnerabilities fixed in Autodesk AutoCAD and Design Review
Vulnerabilities have been fixed in Autodesk AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code by having AutoCAD and Design Review process a rogue file to be processed. Autodesk has released updates to address the vulnerabilities. fix. More informatio...
Vulnerabilities fixed in SolarWinds Orion
Vulnerabilities have been fixed in SolarWinds Orion. The vulnerabilities allow an authenticated malicious person with access to the network is able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access t...
Vulnerabilities fixed in Matrix SDKs
Matrix has fixed vulnerabilities in the following SDKs; matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2. These SDKs are used in a number of Matrix-based clients including the popular Element. The vulnerabilities allow a malicious able to perform attacks that result in the following categori...
Vulnerabilities fixed in IBM WebSphere Application Server and QRadar
IBM has fixed vulnerabilities in WebSphere Application Server and QRadar User Behavior Analytics. The vulnerabilities allow a malicious party able to gain access to system data or execute a Server-Side Request Forgery. Both vulnerabilities require that a malicious party already has access to the...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication Remote code execution Administrator/Root rights Access to...
Vulnerabilities fixed in Sophos Firewall
Sophos has fixed vulnerabilities in Sophos Firewall. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks leading to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights Remote...