4189 matches found
Vulnerabilities fixed in Samsung Mobile
Samsung has fixed several vulnerabilities in its Android distribution. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...
Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel
Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...
Vulnerabilities discovered in HMI Panels
Because SIMATIC HMI panels do not properly handle repeated login attempts correctly, they are susceptible to Brute-force attacks. A malicious party can use them to retrieve user names and passwords find out and thus issue random commands with permissions from the affected user account. To exploit...
Multiple vulnerabilities fixed in Microsoft browsers
There are multiple vulnerabilities in the Scripting Engine, Microsoft Edge and Microsoft Internet Explorer. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code or to obtain elevated privileges. The vulnerability with the highest rating has the attribute...
Vulnerability fixed in Ansible
A vulnerability has been fixed in Ansible. The vulnerability allows a malicious person to bypass a security measure. To exploit the vulnerability, the malicious party must get a system administrator to get a rogue installation package to install. Ansible has released updates to fix the...
Vulnerability fixed in Cisco IOS XR
Cisco has fixed a vulnerability in the Distance Vector Multicast Routing Protocol DVMRP functionality in IOS XR. The vulnerability allows an unauthenticated remote malicious person able to cause a Denial-of-Service on the vulnerable device. To do so, the malicious party needs to send rogue IGMP...
Vulnerability fixed in Apache SOLR
SOLR's developers have fixed a vulnerability. The vulnerability allows a malicious party to gain access to sensitive data because the API of the Replication Handler accepts any location as the target location of the backup, restore and deletebackup commands. This allows a malicious party can...
Vulnerabilities fixed in Microsoft browsers
Microsoft has fixed several vulnerabilities in Internet Explorer and Edge. All of the vulnerabilities allow a malicious person to able to execute arbitrary code in the context of the user when he manages to trick the user into opening a malicious Web site or document to open. Below is an overview...
Vulnerability fixed in TeamViewer
A vulnerability has been fixed in TeamViewer. The vulnerability allows an unauthenticated remote malicious party to opportunity to cause TeamViewer to send out an NTLM request. The malicious party to do this must induce the victim to visit a rogue website. The NTLM request can be captured by the...
Vulnerabilities fixed in Jenkins
Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data -= Apple =- Apple has made...
Vulnerabilities fixed in MobileIron
MobileIron has fixed multiple vulnerabilities in MobileIron Core and Sentry. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Bypassing authentication Remote code execution Accessing sensitive data MobileIron has made little...
Vulnerability fixed in Pulse Secure Client for Windows
A vulnerability has been fixed in Pulse Secure Client for Windows. The vulnerability allows a locally authenticated malicious party the ability to obtain elevated SYSTEM privileges. obtain. Security researcher Red Timmy Security has published a write-up regarding the vulnerability published at:...
Vulnerabilities fixed in libexif
Several vulnerabilities have been fixed in libexif. A local malicious party could potentially exploit the vulnerabilities to gain access to sensitive information or obtain of elevated privileges on the vulnerable system. In addition, a remote malicious party could potentially exploit the...
Vulnerabilities fixed in VMware vRealize Operations Manager
There are two vulnerabilities in VMware vRealize Operations Manager. These vulnerabilities, if exploited, can lead to the execute arbitrary code with administrator privileges on the Application Remote Collector ARC and all virtual systems on which an ARC Telegraph agent is installed. VMWare has...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious party to perform Cross-Site Scripting and cause a Denial-of-Service. To exploit the vulnerabilities, the malicious party must have access to the production network. It is good practice the production networ...
Vulnerability fixed in Microsoft SQL Server Reporting Services
There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to improper processing of page requests. If successfully exploited, the vulnerability allows an authenticated remote malicious person to execute arbitrary execu...
Vulnerability discovered in F5 BIG-IP and BIG-IQ
F5 has discovered a vulnerability in BIG-IP and BIG-IQ products. The vulnerability is located in lodash version 4.17.12, a javascript programming library. A malicious person with access to the Traffic Management User Interface TMUI or the iControl REST API could exploit the vulnerability to execu...
Vulnerability fixed in TNEF
A new patch of TNEF has been released, in which a vulnerability has been fixed. The vulnerability allows a malicious person able to execute arbitrary code under the privileges of the user. TNEF has made available a patch that fixes the vulnerability. fix. More information can be found on the...
Vulnerability fixed in glib
A vulnerability has been fixed for Glib in Ubuntu. The vulnerabilities allow a malicious person to perform attacks that lead to the following categoriesn of damage: - Denial-of-Service DoS; - Manipulation of data; - Circumvention of security measure; - Access to sensitive data; - Access to system...
Kwetsbaarheid verholpen in Cisco Catalyst SD-WAN Manager
Cisco has identified a vulnerability in the Cisco Catalyst SD-WAN Manager. This vulnerability resides in the web user interface of the Cisco Catalyst SD-WAN Manager and involves a directory traversal flaw. This flaw is caused by improper input validation during the file upload process. An...
vulnerabilities present in Oracle E-Business Suite
Oracle has identified vulnerabilities in the Oracle E-Business Suite. These vulnerabilities exist in various components of the Oracle E-Business Suite, including Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning, and Oracle Flow...
Vulnerabilities fixed in Cisco IOS XE Software
Cisco has fixed vulnerabilities in Cisco IOS XE Software, specifically for several products such as Catalyst 9000 Series Switches, Catalyst CW9800 Family, and Cisco Meraki. The vulnerabilities include several issues, such as a memory leak in the IKEv2 implementation, vulnerabilities in the DHCP...
Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway
Citrix has fixed vulnerabilities in their software related to insufficient input validation and a race condition in session management. The input validation vulnerability occurs because the software does not correctly check for input sizes or limits, which can lead to memory overreads. This can...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Quotation Management Insurance and SAP NetWeaver. Some of the fixed vulnerabilities are in third-party products - such as Oracle - that are incorporated into SAP products. The vulnerabilities include a code injection flaw, missing...
Vulnerabilities fixed in Foxit PDF Reader
Foxit has fixed vulnerabilities in Foxit PDF Reader Specifically for versions prior to 2025.2.1, 14.0.1 and 13.2.1 on Windows and macOS. The vulnerabilities include a local privilege escalation, a use-after-free vulnerability and a memory corruption related to insufficient boundary checking when...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in its Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated users to cause Denial of Service DoS conditions by submitting malicious JSON requests. In addition, unauthenticated users could join arbitra...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Adobe Photoshop Desktop versions 26.8.1 and earlier. The vulnerability is in the way Adobe Photoshop handles files. This vulnerability can lead to arbitrary code execution when a user opens a malicious file. Adobe has released updates to fix the vulnerability. S...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixed vulnerabilities in Dynamics The vulnerabilities are in Dynamics 365 On Premise and Dynamics Field Service and allow a malicious person to access sensitive data, or impersonate another user. Microsoft has made updates available that fix the described vulnerabilities. We encourage y...
Vulnerability fixed in Mozilla Firefox
Mozilla has fixed a vulnerability in Firefox Specific for versions before 144.0.2 The vulnerability is in how a compromised child process can exploit a use-after-free issue in the GPU or browser process via WebGPU-related IPC calls. This can lead to a sandbox escape, which compromises the browser...
Vulnerabilities fixed in Microsoft System Center
Microsoft has fixed vulnerabilities in System Center Configuration Manager. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, potentially gaining access to sensitive data or executing arbitrary code with elevated privileges. For successful misuse, the...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange Server. A malicious person could exploit the vulnerabilities to impersonate another user and grant themselves elevated privileges. For successful abuse, the malicious party must have prior authentication. Microsoft has made updates available that fi...
Vulnerabilities fixed in Cisco NX-OS Software
Cisco has fixed vulnerabilities in Cisco NX-OS Software for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software, including IS-IS, PIM6, logging, command-line interface CLI, and the REST API of the Nexus Dashboard. These vulnerabilities can ...
Vulnerability fixed in FreePBX
FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...
Vulnerabilities fixed in IBM Cognos Command Center
IBM has fixed vulnerabilities in IBM Cognos Command Center Versions 10.2.4.1 and 10.2.5. The vulnerabilities in IBM Cognos Command Center allow malicious actors to hijack victims' click actions by tricking them into navigating to a malicious Web site. This can lead to further attacks that...
Vulnerabilities fixed in Xerox FreeFlow Core
Xerox has fixed vulnerabilities in Xerox FreeFlow Core. The vulnerabilities include a Path Traversal vulnerability that can be exploited by attackers to gain access to unauthorized files, leading to Remote Code Execution RCE. There is also a vulnerability due to improper processing of XML input,...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Desktop Versions 12.3, 8 and earlier. The vulnerability is in how Photoshop Desktop handles opening maliciously crafted files. This vulnerability allows attackers to execute arbitrary code within the application. Adobe has released updates to fix the...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in the Apex One management console. The vulnerability in the management console allows a remote attacker without authentication to arbitrarily upload code and execute commands on affected installations. Both CVEs are similar, it just affects different CPU...
Vulnerabilities fixed in Rockwell Automation Arena
Rockwell Automation has fixed vulnerabilities in Arena Simulation. The vulnerabilities are in the way Arena Simulation processes files, with this it is possible to manipulate and read memory. The vulnerabilities allow malicious actors to reveal sensitive information and execute arbitrary code whe...
Vulnerabilities fixed in Cisco ISE and ISE-PIC
Cisco has fixed vulnerabilities in Cisco ISE and ISE-PIC. The vulnerabilities are in the way Cisco ISE and ISE-PIC process files through APIs and validate user input. Unauthenticated attackers with access to the API interface can exploit these vulnerabilities to upload and execute arbitrary files...
Vulnerabilities fixed in Zoom Clients
Zoom has fixed vulnerabilities in Zoom Clients Specifically versions for Linux, Windows, iOS and macOS. The vulnerabilities include incorrect certificate validation in Zoom Workplace for Linux, a buffer overflow in specific Zoom Clients for Windows, cross-site scripting in Zoom Clients for Window...
Vulnerability fixed in Juniper SRX300 Series
Juniper has fixed a vulnerability in the Routing Protocol Daemon rpd of its Junos OS, specifically for the SRX300 Series. The vulnerability is in how the Routing Protocol Daemon rpd on vulnerable SRX300 Series systems processes BGP updates. Unauthenticated attackers can send a specially crafted B...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure Service Fabric and Monitor Agent. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or to execute arbitrary code. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS...
Vulnerability fixed in Cisco Unified Communications Manager
Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to version 7.5.0 Update Package 12. The vulnerabilities include an ability for an authorized user to modify critical configuration files, which could lead to uploading malicious autoupdate files and executing arbitrary commands within the...
Vulnerability fixed in Cisco Identity Services Engine for cloud platforms
Cisco has fixed a vulnerability in Identity Services Engine ISE for cloud platforms. The vulnerability involves a flaw in automatic password generation when Cisco ISE is installed on a cloud platform. This causes the same passwords to be used in different ISE cloud environments. This allows an...
Vulnerability fixed in Siemens SiPass Integrated
Siemens has fixed a vulnerability in SiPass Integrated. The vulnerability is in the server applications of the SiPass Integrated system, specifically in the way it handles out-of-bounds reads. This can lead to a denial-of-service DoS, compromising the availability of services that depend on the...
Vulnerability fixed in Cisco Identity Services Engine
Cisco has fixed a vulnerability in Cisco Identity Services Engine ISE. The vulnerability is in the way Cisco ISE handles RADIUS messages. Unauthenticated remote attackers can exploit this vulnerability, which can lead to a denial-of-service DoS situation on affected devices, compromising their...
Vulnerabilities fixed in Cisco Webex
Cisco has fixed vulnerabilities in Cisco Webex. The vulnerabilities are in the way Cisco Webex filters user input. Unauthenticated attackers can exploit these vulnerabilities to perform cross-site scripting XSS attacks by convincing users to click on malicious links. Such an attack can lead to...
Vulnerabilities fixed in VMware Cloud Foundation
Broadcom has fixed vulnerabilities in VMware Cloud Foundation. The vulnerabilities include a directory traversal vulnerability that allows unauthorized access to internal services by attackers with network access to port 443. In addition, a vulnerability that could expose sensitive information to...