4190 matches found
Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition
Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation ...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...
Vulnerabilities fixed in Autodesk products
Autodesk has fixed vulnerabilities in several products including AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code under rights of the application. To do this, the malicious party needs to victim to open a rogue file. Autodesk has released updates to...
Vulnerabilities fixed in Asterisk
Vulnerabilities have been fixed in Asterisk and Certified Asterisk. These vulnerabilities potentially allow a malicious party to perform an SQL injection attack, issue arbitrary requests or download send arbitrary requests or download larger than allowed files. Asterisk has made updates available...
Vulnerabilities fixed in Apache Subversion (SVN)
Apache has fixed vulnerabilities in Subversion SVN. The vulnerabilities allow an unauthenticated remote malicious agent to remotely capable of causing a denial-of-service or obtain system information. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Spoofing Access to sensitive data The tables below provide an...
Vulnerabilities fixed in VMware products
Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Bypassing authentication Circumvention of security measure Remote code...
Vulnerabilities fixed in MediaWiki
There are vulnerabilities in MediaWiki. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To exploit, the malicious party must be able to modify page titles or only be able to modify a specially prepared URI to visit. A malicious party can exploi...
Vulnerability fixed in ABB 800xA for AC. 800MCompact
ABB has fixed a vulnerability in 800xA, Control Software for AC 800MCompact. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to perform a denial-of-service. ABB has released updates to fix the vulnerability. Mitigating measures have als...
Vulnerabilities fixed in Salt
Several vulnerabilities have been fixed in Salt. The vulnerabilities allow a malicious person to perform the following attacks execute: - altering piller data sent by the master to the minion - denial-of-service on a minion process by impersonating a rogue master - resending file server...
Vulnerability found in Atlassian Confluence Datacenter
A vulnerability has been found in Atlassian Confluence Datacenter. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code. Confluence Datacenter systems are only vulnerable when using the cluster functionality. Confluence...
Vulnerabilities fixed in BIND
The Internet Systems Consortium ISC has fixed vulnerabilities in BIND. An unauthenticated remote malicious person can exploit the exploit the vulnerabilities to perform a cache-poisoning attack or cause a denial-of-service. One of the fixed vulnerabilities has been given the attribute CVE-2022-06...
Vulnerability fixed in PAN-OS
A vulnerability has been fixed in PAN-OS. The vulnerability with reference CVE-2022-0022 allows a malicious person with access to the system's password hashes, to crack the hashes to crack and thus gain access to the passwords. This vulnerability arose because PAN-OS uses a weak cryptographic...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Photoshop, Illustrator and After Effects. The vulnerabilities allow a malicious person to to execute arbitrary code within the context of the user, or gain access to sensitive data. To exploit the vulnerabilities, an attacker must entice a user to open a rogue...
Vulnerabilities fixed in Intel processors
Intel has fixed vulnerabilities in processors from the Atom, Core, Celeron and Atom families. A malicious person with physical access to the system could exploit the vulnerability to, among other things access sensitive data and potentially gain elevated privileges, among other things. obtain...
Vulnerabilities fixed in Bitdefender products
Vulnerabilities have been fixed in Bitdefender products. The vulnerabilities allow a local malicious agent to cause a denial-of-service or to obtain elevated privileges. obtained. Bitdefender has released updates to address the vulnerabilities. fixes. More information can be found on the pages...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed two vulnerabilities in JunOS for the MX and SRX series systems. An unauthenticated remote malicious person could exploit the vulnerabilities to cause a denial-of-service on the systems that have SIP Application Layer Gateway SIP ALG active. This gateway is active when the system...
Vulnerability fixed in Adobe After Effects
Adobe has fixed a vulnerability in After Effects. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the...
Vulnerabilities fixed in Siemens products
Several vulnerabilities have been fixed in Siemens products. The vulnerabilities potentially allow a malicious party to gain access to sensitive data or cause a denial-of-service cause. To exploit the vulnerabilities, the malicious party must have access to the production environment. It is good...
Vulnerability fixed in F5 BIG-IP
F5 has fixed a vulnerability in BIG-IP. A malicious person with rights to execute regular expressions could exploit the exploit the vulnerability to cause a denial-of-service, or potentially execute arbitrary code on the system. F5 has released updates to fix the vulnerability in BIG-IP 16.1.2,...
Vulnerability fixed in XWiki
A vulnerability has been fixed in XWiki. A malicious party can exploit the exploit the vulnerability to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. For the vulnerabilit...
Vulnerability fixed in Zoho ManageEngine Desktop Central
A vulnerability has been fixed in Zoho ManageEngine Desktop Central. The vulnerability allows a logged-in user to change passwords of other users, including users with elevated privileges. Zoho has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Cisco Small Business RV routers
Cisco has fixed vulnerabilities in Small Business RV routers. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerability fixed in Arista EOS
A vulnerability has been fixed in Arista EOS. Arista EOS is a Linux-based operating system installed on network equipment from Arista. With eAPI it is possible to remotely manage and configure Arista's network equipment. When authentication is based on certificates, it is possible that eAPI...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious person to perform attacks leading to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Access to system data The vulnerability with attribute...
Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor
Vulnerabilities have been fixed in the PDF Reader and PDF Editor from Foxit. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data This...
Vulnerabilities fixed in Trend Micro Deep Security
Two vulnerabilities have been fixed in Trend Micro Deep Security Agent for Linux. The vulnerability with attribute CVE-2022-23119 can be exploited if access is gained to the Deep Security Manager or on devices on which the agent is not yet not yet activated or configured. The vulnerability with...
Vulnerabilities fixed in Oracle Virtualization
Oracle has fixed vulnerabilities in VM VirtualBox. A malicious party needs local access rights to exploit the vulnerabilities. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------| |...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in the following Oracle E-Business Suite products: Configurator Time and Labor iStore Trade Management Partner Management Installed Base Sourcing Project Costing The vulnerabilities enable a malicious person to carry out attacks execute attacks that result in the...
Vulnerabilities fixed in Expat
Developers have fixed vulnerabilities in Expat. The vulnerabilities allow a remote malicious person to perform a Denial-of-Service. To do this, the malicious party must send an XML tag with an overflow of attributes to the vulnerable XML server send or trigger an integer overflow on various...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Increased user privileges Cisco has released updates to fix the...
Vulnerability fixed in Microsoft Developer Tools
Microsoft has fixed a vulnerability in the .NET Framework. A malicious person with access to the network can exploit the vulnerability potentially exploit it to launch a denial-of-service attack. .NET Framework: |----------------|------|-------------------------------------| | CVE ID | CVSS |...
Vulnerabilities fixed in SonicOS
SonicWall has fixed two vulnerabilities in SonicOS. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code execute arbitrary code on the underlying system with the privileges of the logged-in user. To accomplish this, the...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges This update also fixes vulnerabilities...
Vulnerabilities fixed in HCL Technologies Digital Experience
A Server Side Request Forgery SSRF vulnerability has been fixed in HCL Technologies Digital Experience formerly known as IBM WebSphere Portal. The vulnerability potentially allows a malicious person able to gain access to systems that they initially should not have access to. The researchers who...
Vulnerabilities fixed in NetBSD
Vulnerabilities have been fixed in NetBSD's IP stack. Because the randomizer for IP packet ID is not turned on by default, and the randomizer is not random enough when it is enabled, a malicious party can analyze the IP traffic and possibly gain access to sensitive data via a man-in-the-middle...
Vulnerabilities fixed in IBM MQ for HPE NonStop Server
Vulnerabilities have been fixed in IBM MQ used in the HPE NonStop Server. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges IBM has released updates to f...
Vulnerabilities fixed in Bentley View and Microstation
Bentley Systems has fixed several vulnerabilities in Bentley View and Microstation. A malicious party could potentially exploit them to cause a denial-of-service, or to execute arbitrary code with the victim's privileges. The malicious party does not need prior authentication, but must entice the...
Vulnerabilities fixed in Dell EMC CloudLink
Vulnerabilities have been fixed in Dell EMC CloudLink. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution application rights...
Vulnerability fixed in Trend Micro Antivirus for Mac
Trend Micro has released updated versions of the Trend Micro Antivirus for macOS. Abuse of this vulnerability may result in increased user privileges as a result. Trend Micro has released updates to address the vulnerabilities. fix. More information can be found on the page below:...
Vulnerability fixed in Sophos SG UTM
A SQL injection vulnerability has been fixed in the user portal of Sophos SG UTM. An authenticated user could potentially execute arbitrary code. Sophos has released updates to fix the vulnerabilities. For more information, see: https://www.sophos.com/en-us/security-advisories...
Vulnerabilities fixed in Dell Wyse Management Suite
Dell has fixed two vulnerabilities in Wyse Management Suite. An unauthenticated malicious person could exploit them to execute arbitrary code on the vulnerable system. Also, through a man-in-the-middle attack to gain access to sensitive data. This update also includes previously fixed...
Vulnerabilities fixed in IBM MQ
IBM has fixed vulnerabilities in MQ. The vulnerabilities allow a malicious person potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data The vulnerability with attribute CVE-2021-28165 ha...
Vulnerabilities found in Veritas Enterprise Vault
Vulnerabilities have been found in Veritas Enterprise Vault. A malicious party could potentially exploit the vulnerabilities to run execute arbitrary code on an Enterprise Vault server. To do this, the malicious party must send malicious network traffic to the vulnerable server. To successfully...
Vulnerabilities fixed in Palo Alto PAN-OS and GlobalProtect
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Microsoft Office. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code under user privileges or circumvent a security measure to bypass Excel. The vulnerability with reference CVE-2021-42292 has been actively exploited...
Vulnerabilities fixed in Citrix ADC, Gateway and SD-WAN WANOP Edition
Citrix has fixed two vulnerabilities in Citrix Application Delivery Controller ADC, Citrix Gateway and Citrix SD-WAN WANOP Edition. The vulnerabilities allow a remote malicious party to able to cause a denial-of-service DoS. The vulnerability with reference CVE-2021-22955 is located in Citrix ADC...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to perform a denial-of-service DoS execution. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6513681...
Vulnerability fixed in FortiWeb
A vulnerability has been fixed in FortiWeb. The vulnerability allows an unauthenticated malicious person who is in the network of the victim is able to execute arbitrary code by sending a rogue HTTP request. Fortinet made few substantive details available. Fortinet has released updates to fix the...