4190 matches found
Fixed vulnerabilities in Windows Defender and System Center Operations Manager
Microsoft has fixed vulnerabilities in Windows Defender and Microsoft System Center Operations Manager. A malicious party could vulnerabilities potentially exploit them to gain higher privileges. Windows Defender: |----------------|------|-------------------------------------| | CVE ID | CVSS |...
Vulnerabilities fixed in Cisco products
Cisco has fixed vulnerabilities in ASA, Firepower and Snort. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution User rights - Increased user...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto has fixed vulnerabilities in PAN-OS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or bypass security measures, allowing traffic to pass through pass traffic that was not initially authorized. Palo Alto has released updat...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant himself elevated privileges granted privileges or execute arbitrary code with privileges from the developer. Successful exploitation requires the...
Vulnerability fixed in Apache Solr for Windows
Apache has fixed vulnerabilities in Solr for Windows. The vulnerability allows a malicious party to access sensitive data, impersonate another user or potentially execute arbitrary code. Apache has released updates to fix the vulnerability in Solr 8.11.1. For more information, see:...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Remote code execution User rights Spoofing Access to sensitive data Increased user privileges The tables...
Vulnerabilities fixed in Fortinet FortiClient EMS and FortiClient Windows
Several vulnerabilities have been fixed in Fortinet products. These include Fortinet FortiClient EMS and FortiClient Windows. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab CE/EE. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges Gitlab has made updates available to address the...
Vulnerability fixed in Cisco IOS XR
A vulnerability has been found in Cisco IOS XR. The vulnerability is located specifically in the DHCP functionality. It allows an unauthenticated remote malicious person able to stop the DHCP daemon process. While this process is running it is temporarily not possible to obtain a new DHCP lease...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with both user privileges as well as elevated privileges or manipulate data. Vulnerabilities related to Visual Studio can only be be exploited by...
Vulnerabilities fixed in Autodesk AutoCAD
Autodesk has fixed vulnerabilities in AutoCAD. The vulnerabilities are in the way certain Autodesk products handle specially crafted files. These vulnerabilities can lead to memory corruption, Out-of-Bounds write and read conditions, and Use-After-Free errors. This can result in consequences such...
Vulnerabilities fixed in Zoho ManageEngine
Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...
Vulnerability fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to execute arbitrary code on the vulnerable system through a Cross-Site-Scripting attack, or through SQL-Injection. Also, a malicious party can bypass security measures and thus allow traffic to pass...
Vulnerabilities fixed in ArubaOS and Aruba SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Mobility Controllers, WLAN Gateways and SD-WAN Gateways. A malicious party can exploit the vulnerabilities to launch a denial-of-service DoS, gain access to sensitive data or...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in Enterprise Manager components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data Access to system data Oracle...
Vulnerabilities fixed in Zimbra Collaboration Suite
Zimbra has fixed vulnerabilities in the Zimbra Collaboration Suite ZCS. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Bypassing security measure...
Vulnerabilities fixed in IBM MQ
IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a Denial-of-Service, or to gain access to sensitive data. To access sensitive data, the malicious party must have access to a client where the Trace feature is enabled. IBM has released...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive data Microsoft Office:...
Vulnerabilities fixed in VMware products
VMware has fixed several vulnerabilities in VMware Workspace ONE Access, Identity Manager, vRealize Automation and underlying tools. An unauthenticated malicious person could potentially exploit them to cause the following categories of damage: Cross-Site Scripting XSS. Circumvention of...
Vulnerabilities fixed in Autodesk products
Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities allow a malicious person to execute arbitrary code with the application's permissions. To exploit the vulnerabilities, a malicious party must trick a user into entice a user to open a rogue file. Autodesk has made...
Vulnerabilities fixed in Siemens Scalance
Siemens has fixed several vulnerabilities in Scalance products. The vulnerabilities allow an unauthenticated remote malicious person may be able to launch attacks leading to the following categories of damage: Denial-of-Service DoS DNS cache poisoning Remote code execution possibly under elevated...
vulnerabilities handled in Adobe After Effects
Adobe has identified several vulnerabilities in Adobe After Effects, particularly in versions 26.0, 25.6.4, and earlier versions. These vulnerabilities reside in the way Adobe After Effects processes certain files. There are issues with stack-based buffer overflows, heap-based buffer overflows,...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as APOGEE, Opcenter, RUGGEDCOM, SCALANCE, SIMATIC, SIPROTEC and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS -...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in Oracle Analytics products, such as Business Intelligence, Analytics Desktop and BI Publisher. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data. Oracle has released updates to fix the...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, or perform a Cross-Site-Scripting attack. Such an attack could result in execution of arbitrary code in the victim's browser, ...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Acrobat, Acrobat Reader, Photoshop and RoboHelp. The vulnerabilities allow a malicious able to execute arbitrary code within the context of the user, or gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. For more information,...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution...
Vulnerabilities fixed in Citrix ADC, Gateway and SDWAN WAN-OP
Citrix has fixed vulnerabilities in Citrix ADC formerly NetScaler ADC, Gateway formerly NetScaler Gateway and SDWAN WAN-OP. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data by taking over sessions. To cause a Denial-of-Service, the...
Vulnerabilities fixed in Oracle Financial Services
Vulnerabilities have been fixed in Oracle Financial Services Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User righ...
Vulnerabilities present in Siemens products
Siemens has identified vulnerabilities in various OT-products. These include products from the Siemens RUGGEDCOM, SCALANCE, SIMATIC, SIMIT, SINAMICS, SIPROTEC, SENTRON, and Solid Edge product families. The vulnerabilities enable malicious actors to carry out attacks that can cause the following...
Vulnerabilities fixed in Cisco Catalyst Center
Cisco has fixed vulnerabilities in Cisco Catalyst Center. This vulnerability with reference CVE-2025-20341, arises from insufficient validation of user input. A malicious party could exploit this, by sending a specially crafted HTTP request, enabling unauthorized system changes, such as creating...
Vulnerabilities fixed in Zimbra Collaboration
Zimbra has fixed several vulnerabilities in Zimbra Collaboration. The vulnerabilities included an SQL injection in the ZimbraSyncService SOAP endpoint and an SSRF vulnerability in the RSS feed parser that allowed unauthorized access and manipulation of the database, as well as unauthorized...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the categories of damage listed below. The most serious vulnerability has been assigned attribute CVE-2024-38124 and is located in the NETLOGON functionality...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Circumvention of security measure - Manipulating data -...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into...
Vulnerabilities fixed in Aveva products
Aveva has fixed vulnerabilities in inTouch, PlantScada and Telemery Server. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to system...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to system data Software in the...
Vulnerabilities fixed in Cisco NX-OS
Vulnerabilities have been fixed in NX-OS. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Cisco categorizes these vulnerabilities according to the CVSSv3...
ZeroDay vulnerability fixed in Microsoft Office
Microsoft has fixed a ZeroDay vulnerability in Microsoft Office. The vulnerability is in the way Microsoft Office handles untrusted input, which allows attackers to bypass security features locally. This can affect the integrity of security decisions made by the software. The reliance on untruste...
Vulnerabilities fixed in Adobe InCopy
Adobe has fixed vulnerabilities in InCopy Versions 20.4, 19.5.4 and earlier. The vulnerabilities include an out-of-bounds write, heap-based buffer overflow and use after free, all of which can lead to arbitrarily code execution when a user opens a maliciously crafted file. These vulnerabilities...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products, including Jira, Confluence and Bitbucket. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Request Forgery XSRF - Denial-of-Service DoS. - Circumvention of...
Vulnerabilities discovered in mobile devices with Samsung Exynos Modem
Google Project Zero has discovered fourteen vulnerabilities in Samsung Exynos Modems. These modems are used in at least the following mobile devices: Samsung: S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 Vivo: S16, S15, S6, X70, X60 and X30 Google: Pixel 6 and Pixel 7 It is possible...
Vulnerabilities fixed in Fortinet products
Vulnerabilities have been fixed in several products from Fortinet. These vulnerabilities allow an authenticated malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS in FortiPortal Bypassing authentication in FortiManager Circumvention of...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office. The vulnerabilities allow a malicious person to impersonate as another user, to execute arbitrary code under the user's privileges or obtain elevated privileges. To exploit the vulnerabilities marked CVE-2022-44690 and CVE-2022-44693 CVSS 8.8,...
Vulnerabilities fixed in Fortinet products
Vulnerabilities have been fixed in Fortinet products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication SQL Injection Accessing system data The vulnerability with...
Vulnerabilities fixed in Cisco Adaptive Security Appliance
Vulnerabilities have been fixed in Cisco ASA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Cisco has released updates to...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed vulnerabilities in the following products: Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Console Communications Cloud Native Core Network Exposure Function Communications Cloud Native Core Network Function Cloud Native Environment...
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in the following Financial Services applications: - Oracle Banking Deposits and Lines of Credit Servicing - Oracle Banking Enterprise Default Management - Oracle Banking Loans Servicing - Oracle Banking Party Management - Oracle Banking Payments - Oracle Banking...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in the following products: Solaris Operating System Sun ZFS Storage Appliance Kit AK Software Sun ZFS Storage Application Integration Engineering Software Fujitsu SPARC Servers Firmware The vulnerability with CVE attribute CVE-2021-2351 allows for an unauthorized...
Vulnerabilities fixed in Mirosoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Increased user privileges. Remote code execution User Rights Denial-of-Service DoS. Circumvention of...