4190 matches found
Vulnerabilities fixed in Cacti
Vulnerabilities have been fixed in Cacti. A malicious party could vulnerabilities to bypass authentication, perform an SQL-Injection, execute arbitrary code execution on the server, or to perform a Cross-Site Scripting attack. attack. Such an attack can lead to execution of arbitrary code in the...
Vulnerability fixed in Rockwell Automation AENFTXT FactoryTalk IP devices
Rockwell Automation has fixed a vulnerability in 5015-AENFTXT IP devices. A malicious party could exploit it to cause a denial-of-service. For successful exploitation, the malicious party must have access to the production environment. It is good practice to have such an infrastructure not to hav...
Vulnerabilities fixed in Veritas BackupExec
Veritas has fixed vulnerabilities in BackupExec. A local malicious party can exploit the vulnerabilities to execute arbitrary code via a DLL injection to execute arbitrary code, or to remove arbitrary files from the system, potentially causing a Denial-of-Service. No CVE IDs have been disclosed f...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to bypass security measures to allow traffic pass through traffic that was not initially authorized. Juniper has release...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Animate. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code with the privileges of the victim, or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...
Vulnerabilities fixed in Microsoft Defender for IoT
Microsoft has fixed vulnerabilities in Defender for IoT. A malicious party can exploit the vulnerabilities to afford elevated permissions and execute arbitrary code with permissions of the process. Microsoft has made updates available that fix the described vulnerabilities described. We recommend...
Vulnerability fixed in IBM Personal Communications
IBM has fixed a vulnerability in Personal Communications PCOMM. The vulnerability is located in an underlying Windows component and allows a malicious person to afford granted elevated privileges and execute code with privileges of SYSTEM. IBM has released updates to fix the vulnerability in...
Vulnerabilities fixed in SugarCRM
Vulnerabilities have been fixed in SugarCRM. A malicious party could exploit the vulnerabilities to launch cross-site scripting or SQL injection attacks, manipulate data or execute code execute code. No CVE IDs have yet been disclosed for the vulnerabilities. SugarCRM has released updates to fix...
Vulnerability fixed in Microsoft .NET
Microsoft has fixed a vulnerability in .NET. A malicious party could exploit the vulnerability to gain access to sensitive data. Microsoft has made available an update that fixes the described vulnerability described. We recommend that you install. More information about the vulnerability, the...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products such as Bamboo, Bitbucket, Jira and Confluence. A malicious party can exploit the exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights SQL...
Vulnerability fixed in Autodesk
Autodesk has fixed a vulnerability in DWG Trueview. A malicious party can exploit the vulnerability to cause a denial-of-service, execute arbitrary code with application privileges, or to gain access to sensitive data in the context of the application. Successful exploitation requires the malicio...
Vulnerability fixed in Schneider Electric EcoStruxure Power Design
Schneider Electric has fixed a vulnerability in EcoStruxure Power Design. A malicious party could exploit the vulnerability to execute arbitrary code with privileges of the Power Design user. Successful exploitation requires the malicious party to trick the victim into opening and executing a rog...
Vulnerability fixed in JFrog Artifactory
JFrog has fixed a vulnerability in Artifactory. A malicious party could exploit the vulnerability to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. JFrog...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Adobe Animate. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Successful misuse...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed and vulnerability in SQL Server. The vulnerability is located in the Django backend and allows a malicious party to be able to use the client application of the victim to execute an SQL injection and thus execute arbitrary code execute arbitrary code with the victim's privileg...
Vulnerability fixed in pgAdmin
A vulnerability has been fixed in pgAdmin. An authenticated malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with application privileges. Because pgAdmin was developed as a management tool for PostgreSQL databases, it is therefore not rule out the...
Vulnerabilities fixed in VMware products
VMware has fixed several vulnerabilities in VMware ESXI, VMware Workstation and VMware Fusion. A malicious person with local administrator rights in a virtual machine can exploit the vulnerabilities to execute code - with the rights of the application - execute code on the system on which the...
Vulnerability fixed in CheckMK
A vulnerability has been fixed in the CheckMK Windows Agent. The vulnerability allows an authenticated local malicious agent to able to execute with arbitrary code under higher privileges. CheckMK has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in Liferay Portal and DXP
Liferay has fixed vulnerabilities in Portal and DXP. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to system information, or impersonate another user. Liferay has released updates to fix the vulnerabilities in Portal and DXP. For more information,...
Vulnerability fixed in Rockwell Automation FactoryTalk Service Platform
Rockwell Automation has fixed a vulnerability in FactoryTalk Service Platform FTSP. An authenticated malicious party could exploit the exploit the vulnerability to grant themselves elevated privileges and gain access to FTSP as an Administrator. For successful misuse, the malicious party must hav...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including Netweaver and CRM. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Circumvention of security measure Remote code...
Vulnerability fixed in Progress MOVEit Transfer
Progress has fixed a vulnerability in MOVEit Transfer. A malicious party could exploit the vulnerability to cause a denial-of-service attack. For successful abuse, the malicious party must have prior authentication. Progress has released updates to fix the vulnerability in MOVEit Transfer 2023.1....
Vulnerabilities fixed in Splunk
Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to sensitive data Access to system data Splunk has...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in Trend Micro Deep Security
Trend Micro has fixed vulnerabilities in Deep Security. A local malicious person can exploit the vulnerabilities to grant themselves elevated privileges and thus potentially execute arbitrary code execute arbitrary code with elevated privileges. Depending on the implementation this may include th...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A local, authenticated malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute arbitrary code, possibly as SYSTEM. Trend Micro has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Microsoft Office and Sharepoint
Microsoft has fixed vulnerabilities in Office and Sharepoint. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code. Successful exploitation of the vulnerability with reference CVE-2024-20677 requires the malicious party to trick the victim into opening a...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Rockwell Automation FactoryTalk Activation Manager
Rockwell Automation has fixed vulnerabilities in the FactoryTalk Activation Manager. A malicious party could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system and thereby take over the system and thus access and manipulate the system data an...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator 2023 and 2024. A malicious person could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges. The malicious person does not need prior authorizations to do so. Adobe has released updates to fix the vulnerabilitie...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A malicious party could exploit the vulnerabilities to gain access to sensitive data. The malicious party does not need any prior authorizations required. Adobe has released updates to fix the vulnerability in Dimension 3.4.11. For more information,...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or to gain access to sensitive data. The malicious party does not need prior authorizations to do so. Adobe has released updates to fix the vulnerabilities in versi...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to impersonate another user through a Cross-Site-Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive data Access to system data Successful...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to grant himself elevated privileges, or to cause a denial-of-service by executing a specially prepared query. These updates also include several updates to third-party products to include older...
Vulnerabilities fixed in Squid
Vulnerabilities have been fixed in Squid. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. The developers of Squid have released updates to fix the vulnerabilities in Squid 6.5. For more information, see:...
Vulnerability fixed in IBM AIX
IBM has fixed a vulnerability in AIX. Through an error in the invscout command, a local malicious person can execute arbitrary execute arbitrary commands on the system. IBM has released updates to fix the vulnerability in AIX invscout. For more information, see:...
Vulnerabilities discovered in OwnCloud
Vulnerabilities have been discovered in OwnCloud's core software and in the apps oauth2 and graphapi. An unauthenticated malicious person could exploit the vulnerabilities to arbitrarily delete files delete or gain access to sensitive data Because a configuration change is sufficient to remove...
Vulnerability fixed in Splunk
A vulnerability has been fixed in Splunk. A malicious person with prior authentication and rights to upload XSLT files, could exploit the vulnerability to execute arbitrary code via the upload of an XSLT file to execute arbitrary code with permissions from the application. Because it is not...
Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious person could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges and to access gain access to sensitive data in the victim's context. Successful exploitation requires the malicious...
Vulnerabilities fixed in Fortinet FortiMail
Fortinet has fixed vulnerabilities in FortiMail. A malicious party can exploit the vulnerability with reference CVE-2023-45582 exploited to gain brute-force access to the mail environment. The vulnerability with reference CVE-2023-36633 allows an authenticated malicious person to gain access to...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in Business One and Netweaver. A malicious party can exploit the vulnerabilities to circumvent a bypass a security measure, or gain access via brute-force gain access to sensitive data. SAP has released updates to fix the vulnerabilities in the vulnerable products. F...
Vulnerabilities fixed in Microsoft Edge
Microsoft has fixed vulnerabilities in Edge. A malicious person could exploit the vulnerabilities to impersonate another user, grant himself elevated privileges or execute arbitrary code execute arbitrary code in the context of the browser. Successful exploitation requires the malicious party to...
Vulnerabilities fixed in Ivanti Endpoint Manager Mobile
Ivanti has fixed vulnerabilities in Endpoint Manager Mobile formerly MobileIron. A malicious party could exploit the vulnerabilities to request certificates on behalf of another user request certificates, or register a mobile device in someone else's name. This allows the malicious party to gain...
Vulnerability fixed in Progress WS_FTP
Progress has fixed a vulnerability in WSFTP. A authenticated malicious party could exploit the vulnerability to upload files to any location on the file system of the system on which WSFTP is installed. This could result in data overwriting, or affect the operation of the operating system and...
Vulnerabilities fixed in Veeam ONE
Veeam has fixed vulnerabilities in Veeam ONE. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive...
Vulnerability fixed in Apache Zookeeper
The Apache Foundation has fixed a vulnerability in Zookeeper. A malicious party could exploit the vulnerability to gain access gain access to data within Zookeeper. The vulnerability is in the way peer authentication takes place. For successful misuse, the malicious party must be able to be able ...
Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA)
Cisco has fixed vulnerabilities in the Adaptive Security Appliance ASA. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass security measures to bypass security measures to route unauthorized traffic through the system, or use a rogue ASA implementation to...