4189 matches found
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Accessing sensitive...
Vulnerabilities fixed in Siemens Mendix
Siemens fixed vulnerabilities in Mendix. Successful misuse of these vulnerabilities could allow a malicious person to manipulate the manipulate the contents of specific objects. Siemens has released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerabilities fixed in Foxit products
Vulnerabilities have been fixed in Foxit products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Foxit has released updates to fix the vulnerabilitie...
Vulnerability fixed in Huawei S5700 devices
Huawei has fixed a vulnerability in S5700 devices. A authenticated remote malicious person can exploit the vulnerability potentially exploit it to inject system commands. There are few substantive details about the vulnerability disclosed. Huawei has released updates to fix the vulnerability. The...
Vulnerabilities fixed in Cisco Webex Player and Webex Network Recording Player
Cisco has fixed vulnerabilities in Webex Player and Webex Network Recording Player. The vulnerabilities allow an unauthenticated remote malicious party potentially capable of perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Vulnerabilities have been fixed in Red Hat OpenShift Container Platform. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Server-side Request Forgery SSRF Denial-of-Service DoS. Access to sensitive data Access to system data Red Hat...
Vulnerabilities fixed in PAN-OS
Vulnerabilities have been fixed in PAN-OS. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in ArubaOS
Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to too PAPI port, the management interface o...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges For successful...
Vulnerability fixed in Ivanti Endpoint Manager
Ivanti has fixed a vulnerability in Endpoint Manager. A malicious person with administrator privileges can exploit the vulnerability exploit to execute arbitrary OS commands with, among other among other things, permissions from the tomcat process. This vulnerability is different from the...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to system data Increased user privileges Adobe has...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Large number of vulnerabilities fixed in Xerox FreeFlow Print Server
Xerox has fixed a large number of vulnerabilities in Xerox FreeFlow Print Server. The vulnerabilities are in the following underlying components: Microsoft Windows 10 Java 8 Firefox Xerox has released updates to fix the vulnerabilities in Freeflow print server. For more information, see the...
Vulnerability fixed in WinSCP
A vulnerability has been fixed in WinSCP. A malicious party could potentially exploit the vulnerability to execute arbitrary code execute arbitrary code under a user's privileges. To do so, the user to visit a rogue URI that will open in WinSCP. WinSCP has released updates to fix the vulnerabilit...
Vulnerability fixed in Cloudforms
RedHat has fixed a vulnerability in CloudForms Management Engine. Due to a flaw in Role Based authorizations, an authorized malicious person is able to execute commands with administrator privileges, or gain access to sensitive data. This vulnerability was previously reported as the vulnerability...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. A malicious party could exploit the vulnerabilities to perform Cross-Site Scripting XSS or Remote Code Execution RCE. Such an attack can only be performed by an authenticated user or administrator. Microsoft Dynamics:...
Vulnerabilities fixed in VMware products
Vulnerabilities have been fixed in VMware ESXi, Workstation, Fusion , NSX-T and vCenter. The vulnerabilities allow a malicious party to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio and Code Copilot for Visual Studio. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code in the victim's context. For successful exploitation, the malicious party must trick the victim into...
Vulnerabilities fixed in XWiki
XWiki has fixed vulnerabilities in the rendering system and the default macro content parser. The vulnerabilities in the XWiki rendering system allowed attackers to perform XSS attacks due to the dependency on the xdom+xml/current syntax. This vulnerability has been fixed in version 14.10. In...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. VoieOver does not appear to handle sensitive data correctly, making it possible to use VoiceOver to have recently stored passwords read aloud. Apple has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to execute a Cross-Site Scripting attack. Such an attack could result in execution of arbitrary code in the victim's...
Vulnerability fixed in VMware Aria Automation
VMWare has fixed a vulnerability in Aria Automation, formerly known as vRealize Automation. An authenticated malicious party could exploit the vulnerability to gain access gain access to the Aria Automation instance, and possibly to systems of third parties. The malicious party can thus perform...
Vulnerabilities fixed in MOVEit Transfer
Progress has fixed vulnerabilities in MOVEit Transfer. A malicious party could exploit the vulnerability with attribute CVE-2023-6217 exploit for a Cross-Site Scripting ace trap. Such an attack can lead to execution of arbitrary code in the browser of the victim, or potentially access sensitive...
Vulnerability fixed in Xwiki
The developers of Xwiki have fixed a vulnerability in the CKEditor of Xwiki. An authenticated malicious person with editing privileges in the CKeditor could exploit the vulnerability to modify arbitrary files in Xwiki, including those for which it is not authorized. This allows the malicious pers...
Vulnerabilities fixed in VMWare products
Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Access to system data A malicious person with administrator access to a...
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed several vulnerabilities in Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application, or to access gain access to sensitive data in the context of the application. To do this, the malicious party must trick the victim...
Vulnerabilities fixed in Grafana Enterprise
Several vulnerabilities have been fixed in Grafana Enterprise. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to obtain elevated privileges obtain elevated privileges within the application. Grafana Labs has released updates to address the...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitive da...
Vulnerabilities fixed in Zabbix
Zabbix has fixed vulnerabilities in the Zabbix server and frontend. The vulnerabilities include a stack buffer overflow in the zbxsnmpcachehandleengineid function, which can lead to execution of arbitrary code or a denial of service. In addition, there is an SQL injection vulnerability that allow...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products such as Jira, Confluence and Bitbucket. A malicious party can exploit the exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remot...
Vulnerabilities fixed in QNAP QTS and QuTS hero
QNAP has fixed vulnerabilities in QTS and QuTS hero, the operating system for QNAP NAS devices. An authenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or grant themselves elevated privileges and thus gain access to sensitive data or execute arbitrary cod...
Vulnerabilities fixed in Cisco Access Points
Cisco has fixed vulnerabilities in several access points. A malicious party could exploit the vulnerabilities to cause a denial-of-service on the vulnerable system, or to execute arbitrary code as root. To execute arbitrary code, the malicious party needs need prior authentication on the command...
Vulnerabilities fixed in VMware Spring
VMware has fixed vulnerabilities in Spring Security and spring-security-oauth2-client. A malicious party could vulnerabilities potentially exploit them to obtain elevated privileges or to bypass authentication. Only Spring environments using specific configurations are vulnerable. VMware has...
Vulnerabilities fixed in Synology products
Synology has fixed vulnerabilities in multiple products. The vulnerabilities allow a malicious party to launch attacks the following categories of damage: Manipulation of data Remote code execution Application rights Access to sensitive data Synology rated the vulnerability with attribute...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in several products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Administrator/Root rights Increased us...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Bypassing security measure Accessing system data GitLab has released updates t...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User...
Vulnerability fixed in Nitro Pro PDF
A vulnerability has been fixed in Nitro Pro PDF. The vulnerability allows a remote malicious person to execute arbitrary execute arbitrary code under the victim's privileges. The malicious party to do this must induce the victim to open a rogue document to be opened. Nitro has released updates to...
Vulnerabilities fixed in Microsoft Office products
Microsoft has fixed vulnerabilities in several Office products. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Executing arbitrary code User privileges. Impersonating another user Accessing sensitive data Below is a summary of the...
Vulnerabilities fixed in Juniper JunOS
A Race Condition vulnerability in the firewall process dfwd of Juniper Networks Junos OS allows an attacker to bypass the firewall rulesets to bypass CVE-2021-0247. A vulnerability in the forwarding of TCPv6 transit packets received on the Ethernet management interface of Juniper Networks Junos O...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed several vulnerabilities in IOS XR. A unauthenticated malicious person could remotely exploit them to cause a denial-of-service, circumvent bypassing security measures or obtaining system information. The vulnerabilities marked CVE-2021-1288 and CVE-2021-1313 involve a...
Vulnerabilities found in Schneider Electric Modicon products
Schneider Electric has identified vulnerabilities in Modicon products. The vulnerabilities allow an authenticated remote malicious party the ability to cause a denial-of-service cause. Schneider Electric has proposed mitigation measures and indicates it will be coming out with updates in the near...
Vulnerabilities fixed in GitLab
Multiple vulnerabilities have been identified in GitLab; an remote attacker could exploit some of these vulnerabilities exploit them to enable cross-site scripting, denial of service condition trigger and release sensitive information about the targeted system. disclosure. The developers have...
Vulnerabilities fixed in SAP Netweaver
SAP has fixed several vulnerabilities in SAP Netweaver. These vulnerabilities allow malicious actors to remotely bypass authentication, execute arbitrary code, conduct a cross-site scripting attack, upload files and view sensitive information. SAP has released updates to address these...
Vulnerabilities in Microsoft Edge (Chromium)
Microsoft has identified a number of vulnerabilities in the Edge browser Chromium. These vulnerabilities are located in the code base of Chrome and were previously disclosed by Google. Microsoft incorporates these vulnerabilities into the Edge browser and distributes the updates automatically...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Circumvention o...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in the Dynamics 365 platform. An authenticated malicious party can exploit the vulnerabilities exploit them to perform a cross-site scripting attack and thus impersonate another user and gain access to their data. Microsoft Dynamics:...
BlackBerry UEM
Vulnerabilities have been fixed in BlackBerry UEM. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data BlackBerry categorizes these...
Vulnerabilities fixed in openSUSE kernel
Vulnerabilities have been fixed in openSUSE. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive data Increased user rights -= openSUSE =- T...
Multiple vulnerabilities fixed in NetApp products
NetApp developers have fixed several vulnerabilities that could lead to a denial-of-service DoS attack and the obtaining sensitive information. NetApp developers have released updates to fix the vulnerabilities. More information can be found on the pages below:...