4190 matches found
Vulnerability fixed in Apache SOLR
SOLR's developers have fixed a vulnerability. The vulnerability allows a malicious party to gain access to sensitive data because the API of the Replication Handler accepts any location as the target location of the backup, restore and deletebackup commands. This allows a malicious party can...
Vulnerabilities fixed in Microsoft browsers
Microsoft has fixed several vulnerabilities in Internet Explorer and Edge. All of the vulnerabilities allow a malicious person to able to execute arbitrary code in the context of the user when he manages to trick the user into opening a malicious Web site or document to open. Below is an overview...
Vulnerability fixed in TeamViewer
A vulnerability has been fixed in TeamViewer. The vulnerability allows an unauthenticated remote malicious party to opportunity to cause TeamViewer to send out an NTLM request. The malicious party to do this must induce the victim to visit a rogue website. The NTLM request can be captured by the...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data -= Apple =- Apple has made...
Vulnerabilities fixed in Jenkins
Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...
Vulnerabilities fixed in MobileIron
MobileIron has fixed multiple vulnerabilities in MobileIron Core and Sentry. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Bypassing authentication Remote code execution Accessing sensitive data MobileIron has made little...
Vulnerability fixed in Pulse Secure Client for Windows
A vulnerability has been fixed in Pulse Secure Client for Windows. The vulnerability allows a locally authenticated malicious party the ability to obtain elevated SYSTEM privileges. obtain. Security researcher Red Timmy Security has published a write-up regarding the vulnerability published at:...
Vulnerabilities fixed in libexif
Several vulnerabilities have been fixed in libexif. A local malicious party could potentially exploit the vulnerabilities to gain access to sensitive information or obtain of elevated privileges on the vulnerable system. In addition, a remote malicious party could potentially exploit the...
Vulnerabilities fixed in VMware vRealize Operations Manager
There are two vulnerabilities in VMware vRealize Operations Manager. These vulnerabilities, if exploited, can lead to the execute arbitrary code with administrator privileges on the Application Remote Collector ARC and all virtual systems on which an ARC Telegraph agent is installed. VMWare has...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious party to perform Cross-Site Scripting and cause a Denial-of-Service. To exploit the vulnerabilities, the malicious party must have access to the production network. It is good practice the production networ...
Vulnerability discovered in F5 BIG-IP and BIG-IQ
F5 has discovered a vulnerability in BIG-IP and BIG-IQ products. The vulnerability is located in lodash version 4.17.12, a javascript programming library. A malicious person with access to the Traffic Management User Interface TMUI or the iControl REST API could exploit the vulnerability to execu...
Vulnerability fixed in TNEF
A new patch of TNEF has been released, in which a vulnerability has been fixed. The vulnerability allows a malicious person able to execute arbitrary code under the privileges of the user. TNEF has made available a patch that fixes the vulnerability. fix. More information can be found on the...
Vulnerability fixed in glib
A vulnerability has been fixed for Glib in Ubuntu. The vulnerabilities allow a malicious person to perform attacks that lead to the following categoriesn of damage: - Denial-of-Service DoS; - Manipulation of data; - Circumvention of security measure; - Access to sensitive data; - Access to system...
vulnerabilities found in Apple MacOS
Apple has addressed several vulnerabilities in macOS Tahoe. These vulnerabilities included out-of-bounds access, use-after-free errors, memory handling issues, type confusion, double-free operations, stack overflows, insufficient input validation, and race conditions. These vulnerabilities could...
Kwetsbaarheid verholpen in Cisco Catalyst SD-WAN Manager
Cisco has identified a vulnerability in the Cisco Catalyst SD-WAN Manager. This vulnerability resides in the web user interface of the Cisco Catalyst SD-WAN Manager and involves a directory traversal flaw. This flaw is caused by improper input validation during the file upload process. An...
vulnerabilities present in Oracle E-Business Suite
Oracle has identified vulnerabilities in the Oracle E-Business Suite. These vulnerabilities exist in various components of the Oracle E-Business Suite, including Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning, and Oracle Flow...
Vulnerabilities fixed in Cisco IOS XE Software
Cisco has fixed vulnerabilities in Cisco IOS XE Software, specifically for several products such as Catalyst 9000 Series Switches, Catalyst CW9800 Family, and Cisco Meraki. The vulnerabilities include several issues, such as a memory leak in the IKEv2 implementation, vulnerabilities in the DHCP...
Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway
Citrix has fixed vulnerabilities in their software related to insufficient input validation and a race condition in session management. The input validation vulnerability occurs because the software does not correctly check for input sizes or limits, which can lead to memory overreads. This can...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Quotation Management Insurance and SAP NetWeaver. Some of the fixed vulnerabilities are in third-party products - such as Oracle - that are incorporated into SAP products. The vulnerabilities include a code injection flaw, missing...
Vulnerabilities fixed in Foxit PDF Reader
Foxit has fixed vulnerabilities in Foxit PDF Reader Specifically for versions prior to 2025.2.1, 14.0.1 and 13.2.1 on Windows and macOS. The vulnerabilities include a local privilege escalation, a use-after-free vulnerability and a memory corruption related to insufficient boundary checking when...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in its Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated users to cause Denial of Service DoS conditions by submitting malicious JSON requests. In addition, unauthenticated users could join arbitra...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Adobe Photoshop Desktop versions 26.8.1 and earlier. The vulnerability is in the way Adobe Photoshop handles files. This vulnerability can lead to arbitrary code execution when a user opens a malicious file. Adobe has released updates to fix the vulnerability. S...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixed vulnerabilities in Dynamics The vulnerabilities are in Dynamics 365 On Premise and Dynamics Field Service and allow a malicious person to access sensitive data, or impersonate another user. Microsoft has made updates available that fix the described vulnerabilities. We encourage y...
Vulnerability fixed in Mozilla Firefox
Mozilla has fixed a vulnerability in Firefox Specific for versions before 144.0.2 The vulnerability is in how a compromised child process can exploit a use-after-free issue in the GPU or browser process via WebGPU-related IPC calls. This can lead to a sandbox escape, which compromises the browser...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 144. The vulnerabilities include several problems, including a use-after-free issue, memory security flaws and the ability for a malicious person to access sensitive data or execute arbitrary code. These...
Vulnerabilities fixed in Microsoft System Center
Microsoft has fixed vulnerabilities in System Center Configuration Manager. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, potentially gaining access to sensitive data or executing arbitrary code with elevated privileges. For successful misuse, the...
Vulnerability fixed in FreePBX
FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...
Vulnerabilities fixed in IBM Cognos Command Center
IBM has fixed vulnerabilities in IBM Cognos Command Center Versions 10.2.4.1 and 10.2.5. The vulnerabilities in IBM Cognos Command Center allow malicious actors to hijack victims' click actions by tricking them into navigating to a malicious Web site. This can lead to further attacks that...
Vulnerabilities fixed in Xerox FreeFlow Core
Xerox has fixed vulnerabilities in Xerox FreeFlow Core. The vulnerabilities include a Path Traversal vulnerability that can be exploited by attackers to gain access to unauthorized files, leading to Remote Code Execution RCE. There is also a vulnerability due to improper processing of XML input,...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Desktop Versions 12.3, 8 and earlier. The vulnerability is in how Photoshop Desktop handles opening maliciously crafted files. This vulnerability allows attackers to execute arbitrary code within the application. Adobe has released updates to fix the...
Vulnerabilities fixed in Rockwell Automation Arena
Rockwell Automation has fixed vulnerabilities in Arena Simulation. The vulnerabilities are in the way Arena Simulation processes files, with this it is possible to manipulate and read memory. The vulnerabilities allow malicious actors to reveal sensitive information and execute arbitrary code whe...
Vulnerabilities fixed in Zoom Clients
Zoom has fixed vulnerabilities in Zoom Clients Specifically versions for Linux, Windows, iOS and macOS. The vulnerabilities include incorrect certificate validation in Zoom Workplace for Linux, a buffer overflow in specific Zoom Clients for Windows, cross-site scripting in Zoom Clients for Window...
Vulnerability fixed in Juniper SRX300 Series
Juniper has fixed a vulnerability in the Routing Protocol Daemon rpd of its Junos OS, specifically for the SRX300 Series. The vulnerability is in how the Routing Protocol Daemon rpd on vulnerable SRX300 Series systems processes BGP updates. Unauthenticated attackers can send a specially crafted B...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure Service Fabric and Monitor Agent. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or to execute arbitrary code. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS...
Vulnerability fixed in Cisco Unified Communications Manager
Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to version 7.5.0 Update Package 12. The vulnerabilities include an ability for an authorized user to modify critical configuration files, which could lead to uploading malicious autoupdate files and executing arbitrary commands within the...
Vulnerability fixed in Cisco Identity Services Engine for cloud platforms
Cisco has fixed a vulnerability in Identity Services Engine ISE for cloud platforms. The vulnerability involves a flaw in automatic password generation when Cisco ISE is installed on a cloud platform. This causes the same passwords to be used in different ISE cloud environments. This allows an...
Vulnerability fixed in Siemens SiPass Integrated
Siemens has fixed a vulnerability in SiPass Integrated. The vulnerability is in the server applications of the SiPass Integrated system, specifically in the way it handles out-of-bounds reads. This can lead to a denial-of-service DoS, compromising the availability of services that depend on the...
Vulnerabilities fixed in Cisco Webex
Cisco has fixed vulnerabilities in Cisco Webex. The vulnerabilities are in the way Cisco Webex filters user input. Unauthenticated attackers can exploit these vulnerabilities to perform cross-site scripting XSS attacks by convincing users to click on malicious links. Such an attack can lead to...
Vulnerabilities fixed in VMware Cloud Foundation
Broadcom has fixed vulnerabilities in VMware Cloud Foundation. The vulnerabilities include a directory traversal vulnerability that allows unauthorized access to internal services by attackers with network access to port 443. In addition, a vulnerability that could expose sensitive information to...
Vulnerabilities fixed in ASUS DriverHub
ASUS fixed vulnerabilities in ASUS DriverHub The vulnerabilities are in the way ASUS DriverHub processes HTTP requests. DriverHub is a tool from ASUS which runs in the background and ensures that system drivers are kept up to date. Untrusted sources can use specially crafted HTTP requests to...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 138 and 128.10. The vulnerabilities include privilege escalation through code injection, insecure processing of WebGL shader attributes, improper isolation of processes, and local code execution through...
Vulnerability fixed in SonicWall SonicOS
SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSLVPN Virtual Office interface functions. An unauthenticated malicious person could exploit this vulnerability, which could result in a firewall crash. This could result in a Denial-of-Service DoS situation,...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in Adobe After Effects Specifically for versions 25.1, 24.6.4, and earlier. The vulnerabilities include vulnerabilities for arbitrary code execution, out-of-bounds read, and a NULL Pointer Dereference. Attackers can exploit these vulnerabilities by opening a...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. The vulnerability with reference CVE-2025-29794 in Microsoft SharePoint allows a...
Vulnerability fixed in Ivanti Connect Secure, Policy Secure and ZTA Gateways
Ivanti has fixed a vulnerability in Connect Secure, Policy Secure and ZTA Gateways. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system without prior authentication. Ivanti reports having information that the vulnerability has been exploited on...
Vulnerability fixed in Cisco Enterprise Chat and Email
Cisco has fixed a vulnerability in Cisco Enterprise Chat and Email ECE. The vulnerability is in how Cisco Enterprise Chat and Email ECE validates incorrect input in its chat functionality. This can lead to a denial-of-service DoS situation, which may require manual intervention to restore normal...
Vulnerabilities fixed in Autodesk AutoCAD
Autodesk has fixed vulnerabilities in AutoCAD. The vulnerabilities in AutoCAD are related to the processing of several file types, including CATPRODUCT, CATPART, MODEL, SLDPRT and 3DM. These vulnerabilities can lead to application crashes, exposure of sensitive information and execution of...
Vulnerability fixed in Ivanti Secure Access Client
Ivanti has fixed a vulnerability in Ivanti Secure Access Client. The vulnerability is located in insufficiently restrictive access privileges of the Ivanti Secure Access Client, allowing local, authenticated attackers to escalate their privileges. This could lead to unauthorized access and contro...
Vulnerability fixed in PostgreSQL
A vulnerability has been fixed in PostgreSQL. The vulnerability is located in the libpq functions of PostgreSQL and involves an SQL injection error. Improper processing of quotes and incorrectly formed UTF-8 sequences can lead to arbitrary code execution. This vulnerability is being actively...