4190 matches found
Vulnerabilities fixed in Cacti
The developers of Cacti have fixed vulnerabilities in several modules of Cacti. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User righ...
Vulnerabilities fixed in Mozilla firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...
Vulnerability fixed in Intel processors
A vulnerability has been fixed in the microcode of several Intel processors1. The vulnerability has been named "Downfall" and allows a local, authenticated malicious person to manipulate the operation of memory optimization. This allows the malicious party to gain access to memory locations...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to circumvent a security measure circumvention, execute code with user privileges or access gain access to sensitive data in the context of the browser. To do this, the malicious party must trick the...
Vulnerability fixed in Asterisk
Asterisk developers have fixed a vulnerability in Asterisk VOIP. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. Asterisk has released updates to fix the vulnerability in all supported versions of Asterisk. For more information, see:...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User Rights Spoofing This requires...
Vulnerabilities fixed in Synology Mail Station
Synology has fixed vulnerabilities in MailStation. A malicious party can exploit the vulnerabilities to use SQL injection to execute arbitrary code, or gain access to sensitive data. No CVE identifiers have been disclosed for the vulnerabilities yet. Synology gives the vulnerabilities the status...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the browser, or potentially access gain access to sensitive data in the context of the browser. The malicious party must trick th...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Increased user privileges Node.js has released updates...
Vulnerabilities fixed in Google Chrome
Google has fixed two vulnerabilities in Chrome. Of one vulnerability no substantive information or CVE attribute has been disclosed stated. The vulnerability with attribute CVE-2023-3079 allows a malicious person to remotely capable of executing arbitrary code in the scope of the browser,...
ZeroDay vulnerability fixed in Barracuda Email Security Gateway
Barracuda Networks has fixed a vulnerability in its Email Security Gateway appliance ESG. The vulnerability allows an unauthenticated malicious person to gain access gain access to the vulnerable system and execute arbitrary code. execute. Barracuda Networks indicates that this vulnerability has...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. This requires the malicious party to trick the...
Vulnerability fixed in IBM Websphere
IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to launch an XML External Entity attack. By serving a rogue XML file, the malicious party can cause a denial-of-service cause, or potentially gain access to sensitive information. IBM...
Vulnerability fixed in the Linux Kernel
A vulnerability has been fixed in the linux kernel. The vulnerability is in the netfilter module. This module is used by the kernel to process network traffic, routing and filtering. This module is only in use when the affected system is actually actively manipulating network traffic, because, fo...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to perform attacks that could lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofi...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome and Chromium. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive...
Vulnerability fixed in IBM Websphere Application Server
IBM has fixed a vulnerability in the management interface of Websphere Application Server. A malicious person with access to this interface could exploit the vulnerability to launch a Cross-Site Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the context of the...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service. The vulnerability with reference CVE-2023-29257 allows a malicious person with management privileges on a database to execute arbitrary code execute arbitrary code, ...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service, to gain access to system data, or to execute arbitrary code in the context of the browser of the victim. To do this, the malicious party must trick the victim into openin...
Vulnerabilities fixed in Google Chrome
Google has fixed two vulnerabilities in Chrome. No CVE ID has been disclosed of one of the vulnerabilities. The vulnerability with attribute CVE-2023-2033 allows a malicious person remotely able to cause a denial-of-service, or to execute arbitrary code in the context of the browser of the victim...
Vulnerabilities fixed in Google Chrome and Chromium
Google has fixed several vulnerabilities in Chrome. A remote malicious can exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data...
Vulnerability fixed in Veeam Backup & Replication
A vulnerability has been fixed in Veaam Backup & Replication. A unauthenticated malicious person with access to the network port of the Backup Server, could exploit the vulnerability to retrieve encrypted credentials from the configuration. Using these credentials, the malicious party can then ga...
Vulnerabilities fixed in Mattermost
Mattermost has fixed several vulnerabilities in Mattermost. The vulnerabilities were made through Responsible Disclosure and Mattermost is not making any substantive information available until March 30. No CVE IDs have been published. The most serious vulnerability has been rated HIGH by...
Vulnerability fixed in IBM Websphere
IBM has fixed a vulnerability in the HTTP server which is used in Websphere Application Server. An unauthenticated remote attacker could exploit the vulnerability to cause a Denial-of-Service by offering a prepared, malformed URL. IBM has released updates to fix the vulnerability in HTTP Server f...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR th Thunderbird. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to sensitive data Access to...
Fixed vulnerabilities in several Atlassian products
Atlassian has fixed vulnerabilities in several products that use git. The vulnerability is located in the included git implementation and allows a malicious person to to execute arbitrary code. For these vulnerabilities in git, security advisory NCSC-2023-0024 released. Atlassian has released...
Vulnerability fixed in Red Hat OpenShift
Red Hat has fixed a vulnerability in the OpenShift Container Platform. The vulnerability is located in the Maven subsystem and allows an unauthenticated malicious person to apply command injections and execute shell commands with permissions from the underlying application. Red Hat has released...
Vulnerability fixed in phpMyAdmin
A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...
Vulnerability fixed in Trend Micro Apex One
A vulnerability has been fixed in Trend Micro Apex One. A unauthenticated remote malicious person can exploit the vulnerability exploit it to cause a denial-of-service DoS. Trend Micro has released updates to fix the vulnerability. fix. For more information, see:...
Vulnerability fixed in IBM Websphere Application Server
IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to execute arbitrary code on the system. Abuse is not simple and requires specially prepared data. IBM has released updates to fix the vulnerability in Websphere Application Server. Fo...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to obtain sensitive data, cause a Denial of Service or for executing arbitrary code, including in specific cases with system privileges. For the most serious damage, being code execution...
Vulnerabilities fixed in Apache web server
Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Apache has released updates to fix the...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed several vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to collect system data and/or execute code under the user's privileges. Mozilla has released Firefox 109 and Firefox ESR 102.7 to address the vulnerabilities. You...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Exchange Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Accessing sensitive data. Impersonating another user spoofing Obtaining elevated privileges The vulnerability...
Vulnerability found in SugarCRM
A new vulnerability may have been found in SugarCRM. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Web server. The described vulnerability is said to be located in the AttachFiles action o...
Vulnerability fixed in XStream
A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.20 to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerability fixed in Microsoft Dynamics
A vulnerability has been fixed in Microsoft Dynamics Business Central. The vulnerability allows an authenticated malicious person remotely able to execute arbitrary code on the host OS of the system on which Microsoft Dynamics Business Central is is installed on. To properly exploit this...
Vulnerabilities fixed in Microsoft Edge
Vulnerabilities have been fixed in Microsoft Edge. The vulnerabilities allow a malicious person to impersonate as another user or obtain elevated privileges. Microsoft Edge Chromium-based: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...
Vulnerabilities fixed in WordPress
Vulnerabilities have been fixed in WordPress. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Access to sensitive data No CVE features have been made available at...
Vulnerability fixed in Grafana
Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code in the browser on a victim's victim's system. To do this, the malicious party must trick the entice the victim to click on a rogue link. Grafana...
Vulnerabilities fixed in F5 products
Vulnerabilities have been fixed in F5 products. The vulnerability with reference CVE-2022-41622 allows a remote malicious person to remote user to perform a cross-site request forgery attack. execute. A malicious party could use this vulnerability to cause a user with elevated privileges to perfo...
Vulnerability fixed in Bitbucket Server and Data Center
A vulnerability has been fixed in Bitbucket Server and Data Center. The vulnerability allows a malicious person to execute arbitrary code by manipulating environment variables manipulating environment variables within the application. This requires the malicious person to be able to modify his...
Vulnerabilities fixed in Grafana
Grafana Labs has fixed vulnerabilities in Grafana. A malicious party could potentially exploit the vulnerabilities to retrieve discover user accounts, use password resets to appropriate an account, or in specific cases where an environment is heavily loaded, to cause a race condition and thus gai...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious party to cause a denial-of-service DoS cause or execute arbitrary code under the privileges of the user. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual,...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. An authenticated malicious party could exploit the vulnerability to gain access to sensitive data. The table below lists the vulnerability fixed by Microsoft with the corresponding CVSSv3 score. Microsoft Dynamics:...
Vulnerabilities fixed in Microsoft Edge
Vulnerabilities have been fixed in Microsoft Edge. A remote malicious party could potentially exploit the vulnerabilities to execute arbitrary code and/or cause a denial-of-service DoS Microsoft has made updates for Edge available to address the vulnerabilities. For more information, see:...