4190 matches found
Vulnerabilities fixed in Python
SUSE has fixed vulnerabilities in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Bypassing authentication -= SUSE =- SUSE has made updates available to fix the vulnerabilities ...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service Manipulation of data Circumvention of security measure Access to sensitive data Accessing system data -= Re...
Vulnerability fixed in Libxslt
There is a vulnerability in libxslt. Libxslt is a C library for implementing XSLT 1.0. It is a widely used library for transforming files from XML to any other arbitrary format. A remote malicious person could potentially exploit the vulnerability to obtain sensitive information. The vulnerabilit...
Vulnerabilities fixed in Apache HTTP Server
Several vulnerabilities have been fixed in Apache HTTP Server. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to reuse an expired session cookie to be reused. Apache Software Foundation has made updates available for Apache HTTP Server to...
Vulnerability fixed in Adobe Acrobat
Adobe has fixed a vulnerability in Adobe Acrobat DC, Actobat Reader DC and Acrobat 2024. A malicious party can exploit the vulnerability to execute arbitrary code on the victim's system. To do this, the malicious party needs to get the victim to open a rogue PDF file. A rogue PDF file uploaded on...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator versions 29.8.4, 30.1 and earlier. The vulnerabilities are in how Adobe Illustrator processes specially crafted files. This includes an Untrusted Search Path vulnerability, an out-of-bounds write vulnerability, a stack-based buffer overflow...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple fixed vulnerabilities in iOS and iPadOS versions 18.7.3 and 26.2 The vulnerabilities include a use-after-free issue, a memory corruption, and a logging issue that allowed unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicious parties via specially...
Vulnerabilities fixed in Arista Networks products
Arista Networks has fixed vulnerabilities in DANZ. The vulnerabilities include several ways for authenticated users with limited privileges to gain access to sensitive systems and data. These include escaping the CLI sandbox, exploiting SSH port forwarding, and making operating system operations...
Vulnerability fixed in Apple macOS, iOS and iPadOS
Apple has fixed a vulnerability in several Apple operating systems. The vulnerability is in how the systems handle processing malicious image files, which can lead to memory corruption. This problem has been addressed by improved memory limit controls. Apple says it has information that this...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities in Microsoft Exchange Server result from improper input validation and the improper handling of special elements, which allow unauthorized attackers to manipulate data and forge communications. This can lead to...
Vulnerability fixed in Microsoft Exchange
Microsoft has fixed a vulnerability in Microsoft Exchange Server hybrid deployments. The vulnerability allows a user with administrative privileges on an on-premises Microsoft Exchange server to elevate privileges to the cloud. Microsoft has released a Hot Fix to fix the vulnerability. See attach...
Vulnerability fixed in Juniper Networks Security Director
Juniper has fixed a vulnerability in Juniper Networks Security Director. The vulnerability is located in the web interface of Juniper Networks Security Director, where insufficient authorization validation allows unauthenticated attackers to access and manipulate sensitive resources. This can lea...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities in Splunk Enterprise and Splunk Cloud Platform allow both low-privileged and high-privileged users to perform unauthorized actions, such as suppressing alerts, executing remote commands, and causi...
Vulnerabilities fixed in Veeam Backup
Veeam has fixed vulnerabilities in Veeam Backup & Replication 12.3.2.3617 and Veeam Agent for Microsoft Windows 6.3.2.1205. The vulnerabilities can be exploited after access to compromise backup servers. The highest rated vulnerability, CVE-2025-23121, allows an attacker with domain user privileg...
Vulnerabilities fixed in Google Chrome and Microsoft Edge
Google has fixed vulnerabilities in Google Chrome versions before 137.0.7151.68. The vulnerabilities are in Google Chrome's V8 engine and Blink. The first vulnerability involves out of bounds read and write problems that can lead to heap corruption. This can be exploited by a malicious party by...
Vulnerability fixed in Commvault Command Center
Commvault has fixed a vulnerability in Command Center. The vulnerability can be exploited by an unauthenticated remote malicious person to execute arbitrary code. This requires sending a specially crafted http request to the vulnerable application containing a reference to a rogue zip file. The...
Vulnerabilities fixed in Apple AirPlay as used by macOS, iOS and iPadOS
Apple has fixed vulnerabilities in AirPlay, as used in various Apple products including macOS, iOS and iPadOS. The vulnerabilities are exploited to cause a denial-of-service, bypass authentication and execute arbitrary code. To do this, the malicious party needs to send malicious content to a...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Dynamics. A vulnerability marked CVE-2025-29821, from incorrect input validation in Dynamics Business Central, allowed a malicious party to gain access to sensitive data. If successfully exploited, the malicious party can recover passwords in unencrypted tex...
Vulnerabilities fixed in VMware products
Broadcom has fixed vulnerabilities in VMware ESXi including Workstation and Fusion. The vulnerabilities include a TOCTOU vulnerability that allows a malicious person with local administrative privileges to execute code as the VMX process on the host via an out-of-bounds write. In addition, there ...
Vulnerability fixed in Exim
Exim's developers have fixed an SQL injection vulnerability. A malicious party could exploit the vulnerability to execute an SQL injection. This allows the malicious party to gain access to sensitive data and potentially execute arbitrary code with privileges from the Exim installation. The exim...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure Network Watcher and the HPC Linux Node Agent. A malicious person could grant themselves elevated privileges by exploiting the vulnerability with attribute CVE-2025-21188 in the Network Watcher, or to execute arbitrary code by exploiting the vulnerabili...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 135 and 128.7. The vulnerabilities include a double-free vulnerability, use-after-free conditions, and race conditions that can lead to memory damage, unauthorized access, and privacy risks. Malicious...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. The first vulnerability CVE-2025-0282 can be exploited by malicious parties to execute arbitrary code remotely without authentication. The second vulnerability CVE-2025-0283 can be exploited by a locally authenticated malicious...
Vulnerabilities fixed in Moxa's cellular routers and network security devices
Moxa has fixed vulnerabilities in Moxa's cellular routers and network security devices Specifically, CVE-2024-9138 and CVE-2024-9140. Vulnerability CVE-2024-9138 involves hard-coded credentials that allow authenticated users to escalate their privileges, ultimately leading to root access. This...
Vulnerability fixed in Adobe Framemaker
Adobe has fixed a vulnerability in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerability is in the way Adobe Framemaker handles files. A malicious party can exploit this vulnerability by creating a malicious file and allowing it to be opened, which can lead to...
Vulnerabilities fixed in Drupal Core
Drupal has fixed vulnerabilities in Drupal Core Specifically for versions 7.0 to 7.102, 8.0.0 to before 10.2.11, 10.3.0 to before 10.3.9, and 11.0.0 to before 11.0.8. The vulnerabilities in Drupal Core are related to privilege escalation and deserialization of untrusted data, which can lead to...
Vulnerabilities fixed in Qlik Sense Enterprise for Windows
Qlik has fixed vulnerabilities in Qlik Sense Enterprise for Windows for versions before November 2024 IR. The vulnerabilities are in the way Qlik Sense Enterprise handles network access for non-privileged users. These users can create connection objects that can execute arbitrary EXE files, leadi...
Vulnerability fixed in Zabbix
A vulnerability has been fixed in Zabbix. The vulnerability is in how the CUser class handles the addRelatedObjects function. This could allow non-administrators with API access to perform an SQL injection, which could lead to unauthorized access to sensitive data. The vulnerability could enable...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. A malicious party can exploit the vulnerabilities to bypass security measures to route traffic to and through the system that is not initially authorized, or cause a denial-of-service. Palo Alto has released updates to address the...
Vulnerabilities fixed in Citrix Session Recording
Citrix fixed vulnerabilities in Citrix Session Recording A malicious person with limited privileges could exploit the vulnerabilities to gain access to service accounts and execute arbitrary code on the server. Researchers have published Proof-of-Concept code demonstrating the vulnerability with...
Vulnerabilities fixed in Oracle Java
Oracle has fixed vulnerabilities in Java SE and GraalVM. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Execution of arbitrary code User Rights - Access to sensitive data...
Vulnerability fixed in Mozilla Firefox
Mozilla has fixed a vulnerability in Firefox. A malicious party could exploit the vulnerability to execute arbitrary code. According to Mozilla, there have been signs of active misuse. Mozilla has released updates to fix the vulnerabilities in Firefox 131.0, Firefox ESR 115.16 and 128.3. For more...
Vulnerability fixed in Ivanti Endpoint Manager Mobile
Ivanti has fixed a vulnerability in Endpoint Manager Mobile. A locally authenticated malicious party could exploit the vulnerability to obtain read and write permissions to sensitive configuration files. Ivanti has released updates to fix the vulnerability in Endpoint Manager Mobile. See the...
Vulnerabilities discovered in CUPS
Recently, a researcher discovered a number of vulnerabilities in CUPS that could lead to Remote Code Execution. These have been disclosed as "9.9 RCE affecting all GNU/Unix systems." Through a concatenation of the four vulnerabilities, a malicious person can execute arbitrary code within the...
Vulnerability fixed in Rockwell Automation ThinManager
Rockwell Automation has fixed a vulnerability in ThinManager. A malicious party could exploit the vulnerability to install software on the vulnerable system to execute arbitrary code. Rockwell Automation has released updates to fix the vulnerability. See attached references for more information...
Vulnerabilities fixed in Solarwinds Access Rights Manager
Solarwinds has fixed vulnerabilities in Access Rights Manager. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. Solarwinds has released updates to fix the vulnerabilities. See attached references f...
Vulnerabilities fixed in Zyxel Flex and USG Firewalls
Zyxel has fixed vulnerabilities in the firmware of ATP and USG Flex firewalls. A malicious party can exploit the vulnerabilities to cause a denial-of-service, possibly unpatched execute a limited set of commands on the vulnerable system, or execute arbitrary code in the victim's browser through a...
Vulnerability fixed in Asterisk
A vulnerability has been fixed in Asterisk. A malicious person could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code with application privileges. For successful abuse, the malicious party must have prior authentication. The researcher who discovered th...
Vulnerabilities fixed in Oracle Essbase
Vulnerabilities have been fixed in Oracle Essbase. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Increased user privileges Oracle has made updates available to fix the vulnerabilities. See the...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server. A malicious party can exploit the vulnerabilities to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Manipulation of data Circumvention of security measure Oracle ha...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution Administrator/Root rights - Remote code...
Vulnerability fixed in Juniper Session Smart Router
Juniper has fixed a vulnerability in Session Smart Router SSR. SSR is a software router application for SD-WAN systems. An unauthenticated malicious person with access to the infrastructure can exploit the vulnerability to access and take over the system. The limiting condition, however, is that...
Vulnerability fixed in QlikSense Enterprise
A vulnerability has been fixed in QlikSense Enterprise. A malicious person can exploit the vulnerability to grant themselves elevated privileges, potentially executing arbitrary code on the system on which QlikSense is installed. For successful misuse, the malicious party must have prior...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to cause a buffer overflow and thereby potentially execute arbitrary code with privileges of the victim, or possibly gain access to sensitive data in the context of the browser. Google states that it is...
Vulnerability fixed in Microsoft Azure
Microsoft has fixed a vulnerability in Azure Migrate. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. The vulnerability is located in the Visuals component, and a malicious party can exploit the exploit the vulnerability to execute arbitrary code in the context of the browser, or to cause a Denial-of-Service DoS cause. Google reports being aware that...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...
Vulnerability fixed in node.js
A vulnerability has been fixed in node.js. A malicious party can exploit the vulnerability to use a command-injection to execute arbitrary code on the system with permissions of the application running in the vulnerable node.js. The developers of node.js have released updates to fix the...
Vulnerability fixed in IBM Websphere Application Server
IBM has fixed a vulnerability in Websphere Application Server. The vulnerability is located in the underlying jose4j library and allows an unauthenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability in Websphere Application Server. For...
Vulnerability fixed in pgAdmin
A vulnerability has been fixed in pgAdmin. A malicious party can exploit the vulnerability to execute arbitrary code on the underlying system. For successful abuse, the malicious party must have prior authentication on the vulnerable pgAdmin installation. The developers of pgAdmin have released...