4192 matches found
Vulnerabilities fixed in Cacti
Vulnerabilities have been fixed in Cacti. A malicious party could vulnerabilities to bypass authentication, perform an SQL-Injection, execute arbitrary code execution on the server, or to perform a Cross-Site Scripting attack. attack. Such an attack can lead to execution of arbitrary code in the...
Vulnerability fixed in Rockwell Automation AENFTXT FactoryTalk IP devices
Rockwell Automation has fixed a vulnerability in 5015-AENFTXT IP devices. A malicious party could exploit it to cause a denial-of-service. For successful exploitation, the malicious party must have access to the production environment. It is good practice to have such an infrastructure not to hav...
Vulnerabilities fixed in Veritas BackupExec
Veritas has fixed vulnerabilities in BackupExec. A local malicious party can exploit the vulnerabilities to execute arbitrary code via a DLL injection to execute arbitrary code, or to remove arbitrary files from the system, potentially causing a Denial-of-Service. No CVE IDs have been disclosed f...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to bypass security measures to allow traffic pass through traffic that was not initially authorized. Juniper has release...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Animate. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code with the privileges of the victim, or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...
Vulnerability fixed in node.js
A vulnerability has been fixed in node.js. A malicious party can exploit the vulnerability to use a command-injection to execute arbitrary code on the system with permissions of the application running in the vulnerable node.js. The developers of node.js have released updates to fix the...
Vulnerabilities fixed in Microsoft Defender for IoT
Microsoft has fixed vulnerabilities in Defender for IoT. A malicious party can exploit the vulnerabilities to afford elevated permissions and execute arbitrary code with permissions of the process. Microsoft has made updates available that fix the described vulnerabilities described. We recommend...
Vulnerability fixed in IBM Personal Communications
IBM has fixed a vulnerability in Personal Communications PCOMM. The vulnerability is located in an underlying Windows component and allows a malicious person to afford granted elevated privileges and execute code with privileges of SYSTEM. IBM has released updates to fix the vulnerability in...
Vulnerability fixed in Microsoft .NET
Microsoft has fixed a vulnerability in .NET. A malicious party could exploit the vulnerability to gain access to sensitive data. Microsoft has made available an update that fixes the described vulnerability described. We recommend that you install. More information about the vulnerability, the...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...
Vulnerability fixed in Autodesk
Autodesk has fixed a vulnerability in DWG Trueview. A malicious party can exploit the vulnerability to cause a denial-of-service, execute arbitrary code with application privileges, or to gain access to sensitive data in the context of the application. Successful exploitation requires the malicio...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Adobe Animate. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...
Vulnerability fixed in Schneider Electric EcoStruxure Power Design
Schneider Electric has fixed a vulnerability in EcoStruxure Power Design. A malicious party could exploit the vulnerability to execute arbitrary code with privileges of the Power Design user. Successful exploitation requires the malicious party to trick the victim into opening and executing a rog...
Vulnerability fixed in JFrog Artifactory
JFrog has fixed a vulnerability in Artifactory. A malicious party could exploit the vulnerability to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. JFrog...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed and vulnerability in SQL Server. The vulnerability is located in the Django backend and allows a malicious party to be able to use the client application of the victim to execute an SQL injection and thus execute arbitrary code execute arbitrary code with the victim's privileg...
Vulnerability fixed in pgAdmin
A vulnerability has been fixed in pgAdmin. An authenticated malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with application privileges. Because pgAdmin was developed as a management tool for PostgreSQL databases, it is therefore not rule out the...
Vulnerability fixed in CheckMK
A vulnerability has been fixed in the CheckMK Windows Agent. The vulnerability allows an authenticated local malicious agent to able to execute with arbitrary code under higher privileges. CheckMK has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in Rockwell Automation FactoryTalk Service Platform
Rockwell Automation has fixed a vulnerability in FactoryTalk Service Platform FTSP. An authenticated malicious party could exploit the exploit the vulnerability to grant themselves elevated privileges and gain access to FTSP as an Administrator. For successful misuse, the malicious party must hav...
Vulnerability fixed in Progress MOVEit Transfer
Progress has fixed a vulnerability in MOVEit Transfer. A malicious party could exploit the vulnerability to cause a denial-of-service attack. For successful abuse, the malicious party must have prior authentication. Progress has released updates to fix the vulnerability in MOVEit Transfer 2023.1....
Vulnerabilities fixed in Splunk
Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to sensitive data Access to system data Splunk has...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A local, authenticated malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute arbitrary code, possibly as SYSTEM. Trend Micro has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Microsoft Office and Sharepoint
Microsoft has fixed vulnerabilities in Office and Sharepoint. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code. Successful exploitation of the vulnerability with reference CVE-2024-20677 requires the malicious party to trick the victim into opening a...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Rockwell Automation FactoryTalk Activation Manager
Rockwell Automation has fixed vulnerabilities in the FactoryTalk Activation Manager. A malicious party could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system and thereby take over the system and thus access and manipulate the system data an...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator 2023 and 2024. A malicious person could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges. The malicious person does not need prior authorizations to do so. Adobe has released updates to fix the vulnerabilitie...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A malicious party could exploit the vulnerabilities to gain access to sensitive data. The malicious party does not need any prior authorizations required. Adobe has released updates to fix the vulnerability in Dimension 3.4.11. For more information,...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or to gain access to sensitive data. The malicious party does not need prior authorizations to do so. Adobe has released updates to fix the vulnerabilities in versi...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to impersonate another user through a Cross-Site-Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to impersonate another user or gain access to sensitive data, potentially including full access to the local file system. Successful exploitation requires the malicious party to tri...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to grant himself elevated privileges, or to cause a denial-of-service by executing a specially prepared query. These updates also include several updates to third-party products to include older...
Vulnerabilities fixed in Squid
Vulnerabilities have been fixed in Squid. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. The developers of Squid have released updates to fix the vulnerabilities in Squid 6.5. For more information, see:...
Vulnerability fixed in IBM AIX
IBM has fixed a vulnerability in AIX. Through an error in the invscout command, a local malicious person can execute arbitrary execute arbitrary commands on the system. IBM has released updates to fix the vulnerability in AIX invscout. For more information, see:...
Vulnerability fixed in Splunk
A vulnerability has been fixed in Splunk. A malicious person with prior authentication and rights to upload XSLT files, could exploit the vulnerability to execute arbitrary code via the upload of an XSLT file to execute arbitrary code with permissions from the application. Because it is not...
Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious person could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges and to access gain access to sensitive data in the victim's context. Successful exploitation requires the malicious...
Vulnerabilities fixed in Fortinet FortiMail
Fortinet has fixed vulnerabilities in FortiMail. A malicious party can exploit the vulnerability with reference CVE-2023-45582 exploited to gain brute-force access to the mail environment. The vulnerability with reference CVE-2023-36633 allows an authenticated malicious person to gain access to...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed a vulnerability in Dimension. A local malicious party could exploit the vulnerability to gain access to sensitive data. The malicious party does not need any prior authorizations required. Adobe has released updates to fix the vulnerability in Dimension 3.4.10. For more informatio...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in Business One and Netweaver. A malicious party can exploit the vulnerabilities to circumvent a bypass a security measure, or gain access via brute-force gain access to sensitive data. SAP has released updates to fix the vulnerabilities in the vulnerable products. F...
Vulnerabilities fixed in Microsoft Edge
Microsoft has fixed vulnerabilities in Edge. A malicious person could exploit the vulnerabilities to impersonate another user, grant himself elevated privileges or execute arbitrary code execute arbitrary code in the context of the browser. Successful exploitation requires the malicious party to...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Exchange server. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code as SYSTEM, or impersonate another user and thus potentially gain access to sensitive data. For successful abuse, the malicious party must ha...
Vulnerabilities fixed in Foxit PDF Editor
Foxit has fixed vulnerabilities in PDF Editor for Mac formerly PhantomPDF. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code within the context of the application and gain access to sensitive data within...
Vulnerability fixed in Progress WS_FTP
Progress has fixed a vulnerability in WSFTP. A authenticated malicious party could exploit the vulnerability to upload files to any location on the file system of the system on which WSFTP is installed. This could result in data overwriting, or affect the operation of the operating system and...
Vulnerabilities fixed in Veeam ONE
Veeam has fixed vulnerabilities in Veeam ONE. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive...
Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA)
Cisco has fixed vulnerabilities in the Adaptive Security Appliance ASA. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass security measures to bypass security measures to route unauthorized traffic through the system, or use a rogue ASA implementation to...
Vulnerability fixed in Apache Zookeeper
The Apache Foundation has fixed a vulnerability in Zookeeper. A malicious party could exploit the vulnerability to gain access gain access to data within Zookeeper. The vulnerability is in the way peer authentication takes place. For successful misuse, the malicious party must be able to be able ...
Vulnerabilities fixed in Tenable Nessus Network Monitor
Tenable has fixed vulnerabilities in Nessus Network Monitor. A local, authenticated malicious person could exploit them to grant themselves elevated privileges and execute arbitrary code with potentially SYSTEM privileges. In addition to the vulnerabilities in Nessus itself, Tenable has in this...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User...
Vulnerabilities fixed in VMware vCenter Server
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to be able to execute arbitrary code on the underlying system. VMware has released updates to fix the vulnerabilities in vCenter Server. For more informatio...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed vulnerabilities in the following products: Oracl...