4189 matches found
Multiple vulnerabilities fixed in NetApp products
NetApp developers have fixed several vulnerabilities that could lead to a denial-of-service DoS attack and the obtaining sensitive information. NetApp developers have released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerabilities fixed in Splunk Enterprise
Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or execute arbitrary code in the context of the application. For successful abuse, the malicious party must be authenticated prior. Splunk has released...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as. SIMATIC, WinCC, Parasolid, RUGGEDCOM, Simcenter, SCALANCE, SIDIS, Teknomatix, Unicam and Location Intelligence. The vulnerabilities potentially enable a malicious party to conduct attacks that could result in the following categories ...
Vulnerability fixed in VMWare Workstation
VMWare has fixed a vulnerability in VMWare Workstation. A local malicious party could exploit the vulnerability to remove arbitrary delete files from the system on which Workstation is installed. VMWare has released updates to fix the vulnerability in Workstation 17.0.1. For more information, see...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of authentication Remote code...
Vulnerabilities fixed in Cisco Nexus Dashboard
Vulnerabilities have been fixed in Cisco Nexus Dashboard. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root permissions. Cross-Site Scripting XSS. Access to sensitive data...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in Solaris and ZFS Storage Appliance. A malicious party can exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Access to sensitive data Remote code execution Administrator/Root privileges An overview of all fixed...
Vulnerabilities fixed in Cisco Adaptive Security Appliance
Vulnerabilities have been fixed in Cisco ASA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Spoofing Access to sensitive data Increased user privileges Cisco has released updates to fix th...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Spoofing Accessing sensitive data Microsoft Offic...
Vulnerabilities fixed in McAfee Agent for Windows
Vulnerabilities have been fixed in McAfee Agent for Windows. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-31840 potentially exploit it to execute arbitrary code with elevated privileges via a "DLL preloading" attack. The vulnerability with CVE attribut...
Vulnerability fixed in FortiWeb
A vulnerability has been fixed in FortiWeb. An authenticated malicious party could exploit the vulnerability to obtain plaintext passwords for systems configured via a Web Vulnerability Scan profile. FortiNet has released updates to fix the vulnerability in FortiWeb. For more information, see:...
Vulnerability fixed in VxWorks
In Wind River VxWorks, the memory allocator has a possible overflow when calculating the size of the memory block that should be allocated by calloc. The result is that the actual allocated memory is smaller than the buffer size specified by the arguments, leading to memory corruption. The...
vulnerabilities handled in LiteLLM by BerriAI
BerriAI has addressed vulnerabilities in LiteLLM, specifically in versions 1.74.2 to 1.83.6. LiteLLM is a widely used proxy for managing APIs to a large number of LLM systems in a centralized manner. The first vulnerability involves an SQL injection in the proxy API key verification mechanism,...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixed vulnerabilities in Windows A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges - Executio...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities in the Android kernel include a race condition between functions that manage CPU timers, which can lead to system instability. In addition,...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Microsoft Office including SharePoint, Visio, Word, Excel and PowerPoint. The vulnerabilities in Microsoft Office include several "use after free" errors, heap-based buffer overflows and other vulnerabilities that allow unauthorized attackers to execute...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution Us...
Vulnerabilities fixed in Cisco Nexus Dashboard
Cisco has fixed vulnerabilities in the Nexus Dashboard and underlying modules, such as Fabric Controller and Orchestrator. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Da...
Vulnerabilities fixed in Zoom
Zoom has fixed vulnerabilities in Zoom clients for Android, iOS, macOS, Linux and Windows. An authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data, grant themselves elevated privileges or cause a denial-of-service attack. Zoom has released updates to fix...
Vulnerabilities fixed in Elastic Kibana and Logstash
Elastic has fixed vulnerabilities in Kibana and Logstash. The vulnerability with reference CVE-2023-46671 is located in Kibana and allows an authenticated malicious party to obtain sensitive data from the log, such as api keys, user credentials and system credentials. The vulnerability with...
Vulnerabilities fixed in Cisco Identity Services Engine (ISE).
Cisco has fixed vulnerabilities in Identity Services Engine ISE. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several components of Azure. For an overview of the vulnerabilities, see the following list. Azure App Service: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Fortinet products
Forinet has fixed vulnerabilities in FortiOS, FortiAP, and FortiMail. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the application. To do this, the malicious party must entice the victim to open a rogue file. Adobe has released updates to fix the vulnerabilities in...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed multiple vulnerabilities in several Fortinet products. The vulnerabilities allow a malicious party to able to carry out attacks that potentially lead to: Bypassing authentication Bypassing security measures Accessing sensitive data Increased user privileges The vulnerability wi...
Vulnerability fixed in HPE iLO
HPE has fixed a vulnerability in iLO Amplifier Pack. HPE iLO Amplifier Pack is an applicance that allows HPE iLO systems to be be managed. The vulnerability allows a malicious party to opportunity to execute arbitrary code on the HPE iLO Amplifier Pack. HPE recommends that after updating the HPE...
Vulnerability fixed in Cisco Webex Meetings
A vulnerability has been fixed in Cisco Webex Meetings. The vulnerability allows a malicious party to make changes to make changes to the distribution list of Cisco Webex Meetings belonging to another other user within the same organization. Cisco has released updates to fix the vulnerability. Mo...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in SAP S/4HANA Private Cloud and On-Premise, SAP Wily Introscope Enterprise Manager, SAP Landscape Transformation, SAP HANA, SAP Application Server for ABAP, SAP NetWeaver, SAP ECC, SAP Fiori App for Intercompany Balance Reconciliation, SAP NetWeaver Application Serv...
Vulnerabilities fixed in Oracle MySQL
Oracle fixed multiple vulnerabilities in MySQL The vulnerabilities in Oracle MySQL allow malicious parties to launch a denial-of-service attack, gain access to sensitive data or, with sufficient authorizations, affect the operation of the MySQL server. Oracle has released updates to fix the...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE versions for 17.7.6, 17.8.4 and 17.9.1. The vulnerability is in the ability for HTML injection in searches of child items. This vulnerability can be exploited by malicious parties to perform cross-site scripting XSS attacks. The potential for...
Vulnerabilities fixed in SolarWinds Platform
SolarWinds has fixed vulnerabilities in SolarWinds Platform. An authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data via SQL injection, or execute code that the malicious party is not initially authorized. SolarWinds has released updates to address the...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Oracle has fixe...
Vulnerabilities fixed in IBM Aspera Faspex
IBM has fixed vulnerabilities in Aspera Faspex. A malicious party could exploit the vulnerabilities to obtain sensitive data obtain, or potentially execute arbitrary code under the victim's privileges through an XML External Entity injection attack XXE. IBM has released updates to fix the...
Vulnerabilities fixed in VMWare vRealize Log Insight
VMWare has fixed vulnerabilities in vRealize Log Insight. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, to access gain access to system data, or to potentially execute arbitrary code execute system privileges via injecting files at the operatin...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has remedied vulnerabilities in the following Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager for Peoplesoft Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for Storage Management The vulnerabilities allow a malicious person to...
Vulnerabilities fixed in Veeam Backup & Replication
Veeam has fixed vulnerabilities in Backup & Replication. A malicious party could exploit the vulnerabilities to execute of arbitrary code. To do so, the malicious party must access an internal API of the Veeam Distribution Service. For this no authentication is required. Veeam has released update...
Vulnerabilities fixed in Atlassian Jira Server
Atlassian has fixed two vulnerabilities in Jira Server. A authenticated malicious person could exploit the vulnerabilities to give themselves elevated privileges, gain access to sensitive data and manipulate that data. The vulnerability is in access control, which allows accounts that have been...
Vulnerabilities fixed in Cisco Webex Meetings and Webex Server
Cisco has fixed vulnerabilities in Webex Meetings, Webex Meetings Server, Webex Teams and Webex client software. The vulnerabilities allow a malicious person, possibly remotely, to able to launch attacks that result in the following categories of damage: Circumvention of security measure. Remote...
Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client
Vulnerabilities have been fixed in Cisco AnyConnect Secure Mobility Client. The vulnerability with CVE attribute CVE-2021-1519 allows a local malicious person able to overwrite VPN profiles. The remaining vulnerabilities apply only to the Windows client, whereby a local malicious agent, by...
Vulnerabilities fixed in Juniper Junos Space
Juniper Networks has fixed vulnerabilities in Junos Space. The include vulnerabilities in Junos Space itself as well as vulnerabilities in third-party software. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Si...
Vulnerabilities fixed in Intel PROSet/Wireless products
Vulnerabilities have been fixed in products from the Intel PROSet/Wireless family. The vulnerabilities allow a malicious able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Increased user privileges Intel has released updates to fix the...
Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition
GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, specifically in versions 12.7 through 18.10.7, 18.11 through 18.11.4, and 19.0 through 19.0.1. These vulnerabilities relate to various aspects of authentication, authorization, and validation...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies, Unisoc and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit...
Vulnerabilities fixed in Cisco IOS, IOS XE and IOS XR Software
Cisco has fixed several vulnerabilities in IOS, IOS XE and IOS XR Software. The vulnerabilities are in how the SNMP subsystem on the vulnerable devices handles traffic. Authenticated malicious actors can send specially crafted SNMP requests, which can lead to denial-of-service DoS conditions on t...
Vulnerabilities fixed in Oracle Database products
Oracle has fixed vulnerabilities in several database products and subsystems, including the Core Database, Grail, Application Express, GoldenGate and REST data. The vulnerabilities are in several components of the Oracle Database, including the Data Mining component and the Java VM. These...
Vulnerabilities fixed in Progress MOVEit
Progress has fixed vulnerabilities in MOVEit Transfer and MOVEit Gateway. During the vulnerability investigation, a vulnerability was also discovered in an unnamed Third-Party component in use by MOVEit Transfer. The vulnerabilities are located in the SFTP module of the affected applications and...
Vulnerability fixed in Schneider Electric EcoStruxture Operator Terminal Expert
Schneider Electric has fixed a vulnerability in the EcoStruxture Operator Terminal Expert. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system and gain access to sensitive data. To do this, the malicious party must have local access to the vulnerab...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in IOS XR, as used in ASR series 9000 routers. An unauthenticated remote malicious person could remote can exploit the vulnerability with attribute CVE-2023-20049 to cause a denial-of-service DoS by sending rogue BFD packets. BFD is Bidirectional Forwarding...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution Use...