4190 matches found
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service, to gain access to system data, or to execute arbitrary code in the context of the browser of the victim. To do this, the malicious party must trick the victim into openin...
Vulnerabilities fixed in Google Chrome
Google has fixed two vulnerabilities in Chrome. No CVE ID has been disclosed of one of the vulnerabilities. The vulnerability with attribute CVE-2023-2033 allows a malicious person remotely able to cause a denial-of-service, or to execute arbitrary code in the context of the browser of the victim...
Vulnerabilities fixed in Google Chrome and Chromium
Google has fixed several vulnerabilities in Chrome. A remote malicious can exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data...
Vulnerability fixed in Veeam Backup & Replication
A vulnerability has been fixed in Veaam Backup & Replication. A unauthenticated malicious person with access to the network port of the Backup Server, could exploit the vulnerability to retrieve encrypted credentials from the configuration. Using these credentials, the malicious party can then ga...
Vulnerabilities fixed in Mattermost
Mattermost has fixed several vulnerabilities in Mattermost. The vulnerabilities were made through Responsible Disclosure and Mattermost is not making any substantive information available until March 30. No CVE IDs have been published. The most serious vulnerability has been rated HIGH by...
Vulnerability fixed in IBM Websphere
IBM has fixed a vulnerability in the HTTP server which is used in Websphere Application Server. An unauthenticated remote attacker could exploit the vulnerability to cause a Denial-of-Service by offering a prepared, malformed URL. IBM has released updates to fix the vulnerability in HTTP Server f...
Fixed vulnerabilities in several Atlassian products
Atlassian has fixed vulnerabilities in several products that use git. The vulnerability is located in the included git implementation and allows a malicious person to to execute arbitrary code. For these vulnerabilities in git, security advisory NCSC-2023-0024 released. Atlassian has released...
Vulnerability fixed in Red Hat OpenShift
Red Hat has fixed a vulnerability in the OpenShift Container Platform. The vulnerability is located in the Maven subsystem and allows an unauthenticated malicious person to apply command injections and execute shell commands with permissions from the underlying application. Red Hat has released...
Vulnerability fixed in IBM Websphere Application Server
IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to execute arbitrary code on the system. Abuse is not simple and requires specially prepared data. IBM has released updates to fix the vulnerability in Websphere Application Server. Fo...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Exchange Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Accessing sensitive data. Impersonating another user spoofing Obtaining elevated privileges The vulnerability...
Vulnerability found in SugarCRM
A new vulnerability may have been found in SugarCRM. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Web server. The described vulnerability is said to be located in the AttachFiles action o...
Vulnerability fixed in XStream
A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.20 to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in Microsoft Edge
Vulnerabilities have been fixed in Microsoft Edge. The vulnerabilities allow a malicious person to impersonate as another user or obtain elevated privileges. Microsoft Edge Chromium-based: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in Microsoft Dynamics
A vulnerability has been fixed in Microsoft Dynamics Business Central. The vulnerability allows an authenticated malicious person remotely able to execute arbitrary code on the host OS of the system on which Microsoft Dynamics Business Central is is installed on. To properly exploit this...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...
Vulnerabilities fixed in WordPress
Vulnerabilities have been fixed in WordPress. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Access to sensitive data No CVE features have been made available at...
Vulnerability fixed in Grafana
Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code in the browser on a victim's victim's system. To do this, the malicious party must trick the entice the victim to click on a rogue link. Grafana...
Vulnerabilities fixed in F5 products
Vulnerabilities have been fixed in F5 products. The vulnerability with reference CVE-2022-41622 allows a remote malicious person to remote user to perform a cross-site request forgery attack. execute. A malicious party could use this vulnerability to cause a user with elevated privileges to perfo...
Vulnerability fixed in Bitbucket Server and Data Center
A vulnerability has been fixed in Bitbucket Server and Data Center. The vulnerability allows a malicious person to execute arbitrary code by manipulating environment variables manipulating environment variables within the application. This requires the malicious person to be able to modify his...
Vulnerabilities fixed in Grafana
Grafana Labs has fixed vulnerabilities in Grafana. A malicious party could potentially exploit the vulnerabilities to retrieve discover user accounts, use password resets to appropriate an account, or in specific cases where an environment is heavily loaded, to cause a race condition and thus gai...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious party to cause a denial-of-service DoS cause or execute arbitrary code under the privileges of the user. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual,...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. An authenticated malicious party could exploit the vulnerability to gain access to sensitive data. The table below lists the vulnerability fixed by Microsoft with the corresponding CVSSv3 score. Microsoft Dynamics:...
Vulnerabilities fixed in Microsoft Edge
Vulnerabilities have been fixed in Microsoft Edge. A remote malicious party could potentially exploit the vulnerabilities to execute arbitrary code and/or cause a denial-of-service DoS Microsoft has made updates for Edge available to address the vulnerabilities. For more information, see:...
Vulnerabilities fixed in Wordpress
Several vulnerabilities have been fixed in Wordpress. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Accessing sensitive data Wordpress...
Vulnerability fixed in LibreOffice
A vulnerability has been fixed in LibreOffice. The vulnerability allows a malicious party to execute arbitrary code on the victim's system. To do this, the malicious party must trick the victim into to open a specially prepared file. Along this path execute macro code without warning. The Documen...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service or possibly to execute arbitrary code. As usual, no substantive details about the vulnerabilities publicly available made available. Google has released...
Vulnerability found in Zimbra Collaboration
A vulnerability has been fixed in Zimbra Collaboration Suite ZCS. The vulnerability allows a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Remote code execution Administrator/Root privileges The...
Vulnerabilities found in GE Cimplicity
The Zero Day Initiative has published information about vulnerabilities in GE's Cimplicity have been published. The vulnerabilities occur during the processing of CIM files. Due to lack of proper initialization of the pointer, a malicious party can execute arbitrary code execute arbitrary code...
Vulnerabilities fixed in Google Chrome
Google vulnerabilities fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google has published few details about...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Manipulation of data Spoofing Access to sensitive data Node.js developers have released updates to address the vulnerabilities. More...
Vulnerabilities fixed in BIND
ISC has fixed several vulnerabilities in BIND. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND. For more information, see: https://kb.isc.org/docs/cve-2022-2795...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to execute arbitrary execute code under the user's privileges or to access gain access to sensitive data within the scope of the application. Mozilla has released updates to fix the...
Vulnerability found in Microsoft Teams
Researchers from security firm Vectra have found a vulnerability found in the Microsoft Teams user application. The vulnerability allows a malicious party to obtain obtain authentication tokens from users and thereby perform actions with the victim's privileges. The vulnerability has not been...
Vulnerabilities fixed in Linux Kernel
Vulnerabilities have been fixed in the Linux Kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Increased user...
Vulnerabilities fixed IBM Integration Bus and App Connect Enterprise
IBM has fixed vulnerabilities in the Node.js and OpenSSL components of the Integration Bus and App Connect Enterprise. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of...
Vulnerability fixed in IBM Webpshere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a malicious party to perform an HTTP header injection. This allows a malicious perform various attacks such as cache poisoning and cross-site scripting. IBM has released updates to fix the vulnerability. More...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to perform attacks execute attacks in the context of the browser that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User righ...
Vulnerabilities fixed in Zimbra Collaboration
Vulnerabilities have been fixed in Zimbra Collaboration ZCS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication Remote code execution User...
Vulnerabilities fixed in Samba
The developers of Samba have fixed several vulnerabilities in Samba. A malicious party could potentially exploit them to reset passwords outside of established processes, access system data or possibly execute commands within the scope of the Samba server. To be abused, the malicious party must...
Vulnerabilities fixed in IBM Rational ClearCase
IBM has fixed several vulnerabilities. The vulnerabilities are in the Java components of IBM Rational ClearCase. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or obtain obtain sensitive information. IBM has made...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, or execute code in the scope of the application. Google indicates that the vulnerability with attribute CVE-2022-2294 has been has had limited active...
Vulnerability found in OpenSSL
A vulnerability has been found in OpenSSL 3.0.4. A malicious party can exploit the vulnerability to cause of a denial-of-service DoS. The extent of this DoS can vary from one application. Although it is reported that the vulnerability also provides the ability to execute arbitrary code execute...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox Extended Support Release ESR and Thunderbird. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL. A malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data by performing a man-in-the-middle attack. Project CURL has released updates to address the vulnerabilities fixes in cURL 7.84.0...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2. The vulnerability allows a malicious person to gain access to sensitive data. IBM has released updates to fix the vulnerability in Db2. For more information, see: https://www.ibm.com/support/pages/node/6597993...
Vulnerability fixed in TheHive and Cortex
A vulnerability has been fixed in TheHive and Cortex. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication by providing an existing username but not including a password. send. This vulnerability is only exploitable if TheHive and Cortex use an AD to...
Vulnerability fixed in Microsoft SQL Server
A vulnerability has been fixed in Microsoft SQL Server. The vulnerability allows an authenticated malicious person to execute arbitrary code, possibly as a Database Administrator, by executing a specially prepared query via the $ partition on a table where a Column Store index is present. Abuse o...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person can exploit the vulnerabilities potentially exploit them to execute arbitrary code, cause a denial-of-service or gain access to system data. Google has released updates to fix the vulnerabilities in Chrome...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in the Xen hypervisor. The vulnerabilities allow a malicious person with access to a guest system to obtain elevated privileges on the host and can thereby compromise the system. Xen has released updates to fix the vulnerabilities. More information can be found on...