4190 matches found
Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series
ABB has fixed vulnerabilities in ABB ASPECT, NEXUS Series and MATRIX Series Specifically for versions up to 3.08.02. The vulnerabilities include unauthorized access to files on the Web server, which can lead to data leakage or unauthorized data manipulation. In addition, serious vulnerabilities...
Vulnerabilities fixed in Veeam Backup & Replication
Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities in Veeam Backup & Replication allow low-privileged users to remotely execute code, extract stored credentials in plain text, launch an agent in server mode, manipulate configurations within the virtual...
Vulnerabilities fixed in VMware Aria Operations
VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include local privilege escalation and stored cross-site scripting XSS. Local privilege escalation allows an attacker with local administrative privileges to increase their access to the root user level on the device,...
Vulnerabilities fixed in Apple macOS and Safari
Apple has fixed several vulnerabilities in macOS and Safari. Two vulnerabilities CVE-2024-44308 & CVE-2024-44309 in present in macOS Sequoia and Safari 18.1.1 can lead to execution of arbitrary code. Apple indicates that active exploits of these vulnerabilities have been taking place on Intel-bas...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto Networks has actively fixed exploited vulnerabilities in PAN-OS. UPDATE Public PoC has now appeared to exploit CVE-2024-0012. The vulnerability with attribute CVE-2024-0012 allows a malicious person with access to the management web interface to gain administrator privileges. Through th...
Vulnerability fixed in GitHub CLI
GitHub has fixed a vulnerability in GitHub CLI Specifically for versions 2.6.1 and earlier. The vulnerability is in how GitHub CLI manages SSH connection details. This could allow malicious actors to execute arbitrary code on the user's workstation when connecting to a malicious Codespace SSH...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.1 and earlier. The vulnerabilities in Adobe Illustrator allow attackers to read sensitive data, execute arbitrary code and can lead to a Denial-of-Service. These vulnerabilities require users to open a specifically crafted malicio...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - SQL Injection - Circumvention of security measure - Execution of arbitrary code on the server Ivanti has released...
Vulnerabilities fixed in Aruba Networks ArubaOS
Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the underlying operating system. For successful abuse, the malicious party must have access to the management interface, or command-line. It is good practice n...
Vulnerabilities fixed in Oracle Commerce
Oracle has fixed vulnerabilities in Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code User privileges - Executio...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed a vulnerability in Connect Secure and Policy Secure. UPDATE: POC code is now available online for this vulnerability. An authenticated malicious person with access to the admin portal of Connect Secure or Policy Secure can exploit the vulnerability to execute code remotely. Ivant...
Vulnerabilities fixed in Ivanti Cloud Services Appliance
Ivanti has fixed three vulnerabilities in Cloud Services Appliance. An authenticated malicious person who already has admin rights can exploit the vulnerabilities to remotely execute code and SQL statements, or bypass restrictions through path traversal. Ivanti reports that users of version 4.6...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office components. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data in the victim's context. Successful exploitation requires the malicious party to tric...
Vulnerabilities fixed in Foxit PDF Editor and PDF Reader
Foxit has fixed vulnerabilities in PDF Editor and PDF Reader. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code in the context of the application, potentially gaining access to sensitive data. Successful exploitation requires t...
Vulnerability fixed in pgAdmin
pgAdmin has fixed a vulnerability in pgAdmin 8.11. A malicious party could exploit the vulnerability to gain access to sensitive data. pgAdmin has released an update to fix the vulnerability. See attached references for more information...
Vulnerabilities fixed in Docker Desktop
Vulnerabilities have been fixed in Docker Desktop. A malicious party can exploit the vulnerabilities to execute arbitrary code in the context of the Desktop application. Since the Docker Desktop is mostly used by developers, it cannot be ruled out that the execution of arbitrary code can take pla...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in IOS XR. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or execute arbitrary code on the vulnerable system. To cause a Denial-of-Service, the malicious party does not need prior authentication. To execute arbitrary code, the...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data and potentially execute commands with Administrator privileges. Abuse is not easy and requires prior authentication a...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. Most of the vulnerabilities are in SQL Native Scoring and allow a malicious person to assign themselves elevated privileges, access sensitive data and execute arbitrary code within the SQL Server. Successful exploitation requires the malicious...
Vulnerability fixed in Zyxel Access Points and Secure Routers
Zyxel has fixed a vulnerability in several types of Access Points and Secure Routers. The vulnerability is in the way the cgi system processes the 'host' parameter and allows a malicious person to execute OS-level commands. For successful exploitation, the malicious party must have access to the...
Vulnerabilities fixed in Progress WhatsUp Gold
Progress has fixed vulnerabilities in WhatsUp Gold. A malicious party can exploit the vulnerabilities to retrieve or change the password of the application user in a Single User installation, or in a Multi User installation to change the password of a user with elevated privileges through an...
Vulnerabilities fixed in Progress WS_FTP server
Progress has fixed vulnerabilities in WSFTP server. A malicious party can exploit the vulnerabilities to bypass two-factor authentication, which allows it to log in with just username and password. Also, through directory traversal, the malicious party may be able to gain access to files that the...
Vulnerability fixed in Kubernetes
A vulnerability has been fixed in Kubernetes. The vulnerability is in the ingress-nginx module and allows a malicious person with permissions to create ingress objects to bypass a security measure to execute arbitrary code with permissions from the ingress-nginx controller. In a standard...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with user privileges and potentially obtain sensitive data. Successful exploitation requires the malicious party to trick the victim into openin...
Vulnerabilities fixed in Ivanti Neurons for ITSM
Ivanti has fixed vulnerabilities in Neurons for ITSM. A malicious party could exploit the vulnerabilities to obtain login credentials to gain access to the vulnerable system. Ivanti has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in various products such as SAP Business Objects, SAP HANA, Netweaver and Document Builder. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Server Side Request Forgery SSRF. - Cross-Site...
Vulnerability fixed in Progress MOVEit Transfer
Progress has fixed a vulnerability in MOVEit Transfer SFTP A malicious party can exploit the vulnerability to grant themselves elevated privileges, potentially gaining access to files that the malicious party is not initially authorized to access. Progress has released updates to fix the...
Vulnerability found in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution User rights Remote code execution...
Vulnerabilities fixed in Cisco Secure Email Gateway
Two vulnerabilities have been fixed in Cisco Secure Email Gateway. The most serious vulnerability concerns CVE-2024-20401 and allows an unauthenticated malicious person, through sending a mail with specially prepared attachment: Add users with root privileges Modify the configuration of the devic...
Vulnerability found in Ivanti Endpoint Manager
A vulnerability has been found in Ivanti Endpoint Manager EPM 2024. Other versions of Ivanti Endpoint Manager are not known to be vulnerable. The vulnerability allows an authenticated attacker who is on the same network to execute arbitrary code via SQL injection. Ivanti has no indication that th...
Vulnerability fixed in Microsoft System Center Defender for IoT
Microsoft has fixed a vulnerability in Defender for IoT. A malicious party can exploit the vulnerability to break out of the AppContainer for IoT devices and potentially execute arbitrary code on the system where the AppContainer is implemented. Microsoft Defender for IoT:...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. The vulnerabilities allow a malicious party to impersonate another user, gain elevated privileges and potentially execute arbitrary code. Some of the vulnerabilities are in development tooling and are not readily accessible to...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to cause a Denial-of-Service. Successful exploitation requires the malicious party to win a race condition. .NET and Visual...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. A malicious party can exploit the vulnerability to gain access to the data the victim is accessing or editing through a Man-in-the-Middle attack. For successful abuse, the malicious party must have prior authentication and be on the...
Vulnerability fixed in OpenSSH
The developers of OpenSSH have fixed a vulnerability in OpenSSH The vulnerability allows a malicious party to execute arbitrary code with privileges of the sshd process without prior authentication. It cannot be ruled out that the ssh process is running with elevated privileges, making it possibl...
Vulnerabilities fixed in WordPress
WordPress developers have fixed vulnerabilities in WordPress. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or possibly access to sensitive data in the context of the...
Vulnerabilities fixed in Nvidia GPU Drivers
Nvidia has fixed vulnerabilities in GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and execute code with elevated privileges, or gain access to sensitive data. Nvidia has released...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to bypass a security measure and gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Adobe FrameMaker Publishing Server
Adobe has fixed vulnerabilities in FrameMaker Publishing Server. A malicious party could exploit the vulnerabilities to bypass authentication and potentially take over the system. In particular, systems that are accessible from public networks without additional measures are at increased risk...
Vulnerabilities fixed in FortiNet FortiWebManager
FortiNet has fixed vulnerabilities in FortiWebManager. A malicious party could exploit the vulnerabilities to bypass a security measure and potentially perform actions that the malicious party is not initially authorized to perform. For successful exploitation, the malicious party must have at...
Vulnerability fixed in Github Enterprise Server
Github has fixed a vulnerability in Github Enterprise Server. A malicious party could exploit the vulnerability to gain access to the Github environment, possibly even as an administrator. The vulnerability is in the way Github handles SAML-Single-Sign-on. If the optional "Security Assertions" ar...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to access sensitive data in the context of the browser. Of the vulnerability with attribute CVE-2024-4947, Google says it has information tha...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixed vulnerabilities in Dynamics 365 Customer Insights. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in BIG-IP. A malicious party could exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Security measure circumvention SQL Injection Accessing sensitive data To perform an...
Vulnerabilities fixed in Cacti
Vulnerabilities have been fixed in Cacti. A malicious party could vulnerabilities to bypass authentication, perform an SQL-Injection, execute arbitrary code execution on the server, or to perform a Cross-Site Scripting attack. attack. Such an attack can lead to execution of arbitrary code in the...
Vulnerability fixed in Rockwell Automation AENFTXT FactoryTalk IP devices
Rockwell Automation has fixed a vulnerability in 5015-AENFTXT IP devices. A malicious party could exploit it to cause a denial-of-service. For successful exploitation, the malicious party must have access to the production environment. It is good practice to have such an infrastructure not to hav...
Vulnerabilities fixed in Veritas BackupExec
Veritas has fixed vulnerabilities in BackupExec. A local malicious party can exploit the vulnerabilities to execute arbitrary code via a DLL injection to execute arbitrary code, or to remove arbitrary files from the system, potentially causing a Denial-of-Service. No CVE IDs have been disclosed f...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to bypass security measures to allow traffic pass through traffic that was not initially authorized. Juniper has release...