4190 matches found
Vulnerability fixed in Oracle Siebel CRM
Oracle has fixed a vulnerability in Siebel CRM. The vulnerability allows an unauthenticated malicious person within a local network to perform a denial-of-service DoS. execute. It is good practice not to have such products publicly to be publicly accessible...
Vulnerabilities fixed in IBM Db2
IBM has released updates to fix vulnerabilities in DB2. With the exception of CVE-2022-22389, the vulnerabilities are located in the third-party component Expat. The vulnerabilities allow a malicious party to cause a Denial-of-Service or execute arbitrary code with the privileges of the...
Vulnerability fixed in rsyslog
The developers of rsyslog have fixed a vulnerability in rsyslog. A malicious party could exploit the vulnerability to cause a denial-of-service, or to potentially manipulate data manipulate and thus potentially inject false information into the central syslog environment. The developers do not ru...
Vulnerability fixed in ManageEngine ADAudit Plus
ManageEngine has fixed a vulnerability in ADAudit Plus. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code on the system on which ADAudit Plus is installed. Horizon researchers have published a write-up and proof-of-concept code published. They indicate...
Malleability remedied in Salt
Salt Project has fixed a vulnerability in Salt. A malicious person who has a locked user account can still perform actions under privileges of this account. Systems are vulnerable only when PAM authentication is used. Salt Project has released updates to fix the vulnerability fix in Salt 3002.9,...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a remote malicious person to launch a Cross-site Scripting attack. Jenkins has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in OpenSSL
A vulnerability has been fixed in OpenSSL. The vulnerability is located in the cvrehash script and is caused by the fact that shell meta-characters being insufficiently removed from user input. removed. On some operating systems, the vulnerable script is is executed automatically. On such systems...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions and bypass a security measure to bypass. As usual, Google has made few substantive details made available about the...
Vulnerability fixed in Microsoft Edge
A vulnerability has been fixed in Microsoft Edge. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code. Because it is possible to get out of Edge's sandbox environment, execution of code at the SYSTEM level cannot be ruled out. Abuse requires that the...
Vulnerabilities fixed in IBM QRadar SIEM
Vulnerabilities have been fixed in IBM QRadar SIEM. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To do this, the malicious party must trick a trick a user into using a specially preloaded archive file 7z, tar or zip to process from QRadar. I...
Vulnerability in CakePHP fixed
In CakePHP version 3.10.4, an encryption issue of CsrfProtectionMiddleware has been fixed. In 3.10.3, verified tokens were generated using random bytes and would often not match when they were rendered in HTML. No CVE number was issued for this vulnerability. CakePHP's developers have issued...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Vulnerabilities have been fixed in Red Hat OpenShift Serverless Operator and Operator. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure The vulnerabilities are locate...
Vulnerabilities fixed in IBM Spectrum Control
IBM has fixed multiple vulnerabilities in supporting software provided with IBM Spectrum Control, The vulnerabilities are in XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categori...
Vulnerability fixed in Grafana Enterprise
Grafana Labs has fixed a vulnerability in Grafana Enterprise. A malicious person with the rights to create their own data source could exploit the vulnerability for a Same Site Request Forgery attack SSRF and thus gain access to sensitive data. Grafana Labs has released updates to fix the...
Vulnerabilities fixed in Google Chrome and Chromium
Google has fixed several vulnerabilities in Chrome and Chromium. A malicious party could potentially exploit them to cause a denial-of-service, or execute arbitrary execute arbitrary code in the scope of the browser. Possibly, the malicious party could also gain access to sensitive data within th...
Vulnerabilities fixed in Apple Safari
Apple has fixed several vulnerabilities in Safari. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. However, the malicious party must trick the victim int...
Vulnerability fixed in OpenBSD
A vulnerability has been fixed in OpenBSD. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service by running rogue PPPoE packets through the system. Only when an OpenBSD system is configured to use PPP through the pppoe4 interface is potentially...
Vulnerabilities fixed in Intel processors and -chipsets
Intel has fixed vulnerabilities in several processors and chipsets. A local malicious party could potentially exploit them to cause a denial-of-service, gain gain access to system data or obtain elevated privileges. For the vulnerability with reference CVE-2021-33149 no security updates have been...
Vulnerabilities fixed in Red Hat Satellite
Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a remote malicious party to obtain obtain sensitive data or to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere
A vulnerability has been fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA. The vulnerability allows an authenticated remote malicious party to execute system commands. No CVE attribute is currently available for this vulnerability. available. Aveva has released updates to fix the...
Vulnerability fixed in FortiClient
A vulnerability has been fixed in FortiClient. The vulnerability allows a malicious person with access to the system to execute or delete files with admin rights. The vulnerability is located in the FortiClient MSI installer. Fortinet has released updates to fix the vulnerability. More informatio...
Vulnerabilities fixed in OpenSSL
Vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerabilities to circumvent security measures bypass security measures, cause a denial-of-service, or execute code execute code under privileges of another process. The vulnerability with reference...
Vulnerabilities fixed in the Linux kernel
Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= Debian =- Debian has made updates to...
Vulnerabilities fixed in IBM QRadar
Vulnerabilities have been fixed in IBM QRadar. The vulnerabilities have mostly been described previously in Linux kernel security advisories. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in FreeRADIUS
Two vulnerabilities have been fixed in FreeRADIUS. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive data obtain. To cause the denial-of-service, the malicious party must possess a system in the FreeRADIUS "circle of trust." The developers of FreeRADI...
Vulnerabilities fixed in MISP
Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights For these vulnerabilities, at the time of...
Vulnerabilities fixed in the Linux kernel
Several vulnerabilities have been fixed in the Linux kernel. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to system data Increased user privileges -=...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code under the browser's permissions. As usual, Google has not made additional information made available about the fixed vulnerability. Google indicates tha...
Vulnerabilities fixed in IBM Db, Db2 on OpenShift and Cloud Pak for Data
Several vulnerabilities have been fixed in IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data. These vulnerabilities allow an attacker to execute arbitrary code execute arbitrary code or cause a denial-of-service DoS. For the vulnerabilities with attributes CVE-2021-33196 an...
Vulnerabilities fixed in Ruby
Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Ruby developers have released updates to address the vulnerabilities. More information can be foun...
Vulnerability fixed in libarchive
The developers of libarchive have fixed a vulnerability. The vulnerability allows a remote malicious party to view sensitive data or cause a denial-of-service DoS cause. To do so, the malicious party must induce a victim to install open a malicious and compressed file with an application that use...
Vulnerability fixed in OpenBSD slaacd
A vulnerability has been fixed in OpenBSD slaacd. This is a service for IPv6 stateless address autoconfiguration SLAAC. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party needs to send a specially prepared router advertisement...
Vulnerabilities fixed in Adobe Acrobat
Adobe has fixed vulnerabilities in Acrobat. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...
Vulnerability fixed in OpenVPN
A vulnerability has been fixed in OpenVPN. A malicious person who has a user's partial credentials can exploit the exploit the vulnerability to bypass authentication. Only systems that use multiple external authentication plug-ins are vulnerable. OpenVPN has released updates to fix the...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data Increased user privileges Python...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google has made little to no information made available about the fixed vulnerabilities. Google has released...
Vulnerabilities fixed in Apache HTTP Server
Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service or potentially execute arbitrary code. The vulnerability with attribute CVE-2022-22720 additionally enables an HTTP request...
Vulnerabilities fixed in APC UPS systems
Vulnerabilities have been fixed in Uninterruptible Power Supply UPS systems from APC. APC is part of Schneider Electric. These UPS systems are widely used in situations where up-time is very important. The vulnerabilities with reference CVE-2022-22805 and CVE-2022-22806 allow a remote malicious...
Vulnerabilities fixed in Firefox
Vulnerabilities have been fixed in Firefox. The vulnerabilities allow a remote malicious person to execute arbitrary code execute arbitrary code under the user's privileges; also, the vulnerability with reference CVE-2022-26486 the ability to break out of the sandbox of the browser. According to...
Vulnerabilities fixed in Asterisk
Vulnerabilities have been fixed in the Asterisk framework. The vulnerabilities potentially allow a malicious party to cause a denial-of-service or execute arbitrary code. Asterisk indicates that proof-of-concept code is in circulation from these vulnerabilities. Asterisk has made updates availabl...
Vulnerabilities fixed in IBM AIX kernel and Java SDK
Vulnerabilities have been fixed in IBM AIX versions 7.1-7.3. The vulnerabilities in the kernel with attributes CVE-2021-38994 and CVE-2021-38995 allow a malicious person to perform perform denial-of-service DoS attacks from a user with low privileges. This is caused by user input that is...
Vulnerabilities fixed in Ubuntu Linux kernel
Vulnerabilities have been fixed in the Ubuntu Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data...
Vulnerabilities fixed in Schneider Electric Modicon M241/M251
Schneider Electric has fixed vulnerabilities in the CODESYS web server and gateway components of Modicon M241 and M251 controllers. An unauthenticated remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the...
Vulnerabilities fixed in Red Hat OpenShift
Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A flaw in the input sanitization allowed a malicious person to potentially execute arbitrary commands at the OS level by uploading uploading a rogue image. To do this, the malicious party must have prior authorization to modif...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows an authenticated malicious person to to execute arbitrary code. To exploit the vulnerability exploit the vulnerability, high privileges are required. Microsoft Dynamics:...
Vulnerability fixed in PostgreSQL JDBC Driver
A vulnerability has been fixed in the PostgreSQL JDBC Driver. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code. The developers of the PostgreSQL JDBC Driver have released updates released updates to fix the vulnerability. More information can be...
Vulnerabilities fixed in Apple iOS and iPad OS
Vulnerabilities have been fixed in the operating systems iOS and iPadOS. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...
Vulnerability found in Xerox printers
A researcher has found a vulnerability in VersaLink printers from Xerox. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. In order to exploit the vulnerability, the attacker must obtain a TIFF document with incomplete image directory...
Vulnerabilities fixed in Drupal core
Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a remote malicious person to execute arbitrary code to execute under the application's permissions. Google typically does not release details about the vulnerabilities but marks the vulnerability with attribut...