4190 matches found
Vulnerabilities fixed in Cisco IOS, IOS XE and IOS XR Software
Cisco has fixed several vulnerabilities in IOS, IOS XE and IOS XR Software. The vulnerabilities are in how the SNMP subsystem on the vulnerable devices handles traffic. Authenticated malicious actors can send specially crafted SNMP requests, which can lead to denial-of-service DoS conditions on t...
Vulnerabilities fixed in Oracle Database products
Oracle has fixed vulnerabilities in several database products and subsystems, including the Core Database, Grail, Application Express, GoldenGate and REST data. The vulnerabilities are in several components of the Oracle Database, including the Data Mining component and the Java VM. These...
Vulnerabilities fixed in Progress MOVEit
Progress has fixed vulnerabilities in MOVEit Transfer and MOVEit Gateway. During the vulnerability investigation, a vulnerability was also discovered in an unnamed Third-Party component in use by MOVEit Transfer. The vulnerabilities are located in the SFTP module of the affected applications and...
Vulnerability fixed in Schneider Electric EcoStruxture Operator Terminal Expert
Schneider Electric has fixed a vulnerability in the EcoStruxture Operator Terminal Expert. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system and gain access to sensitive data. To do this, the malicious party must have local access to the vulnerab...
Vulnerabilities fixed in Cisco Small Business 220 Series Switches
Cisco has fixed vulnerabilities in Small Business 220 Series Switches. An unauthenticated malicious person on the local network of the switch could potentially exploit the vulnerabilities to execute arbitrary code or cause a denial-of-service DoS. Only switches on which Link Layer Discovery...
Vulnerabilities fixed in HP LaserJet printers
Vulnerabilities have been fixed in several HP printers. The vulnerability with the reference CVE-2021-39238 describes a possible buffer overflow. A malicious party could potentially exploit this vulnerability to execute arbitrary code or cause a denial-of-service. The vulnerability with the...
Vulnerability fixed in Microsoft System Center Operations Manager
Microsoft has fixed a vulnerability in System Center Operations Manager SCOM. The vulnerability allows a malicious remotely able to view files. The vulnerability is only exploitable on SCOM systems that have the web console installed. System Center:...
Vulnerabilities fixed in McAfee Endpoint Security and McAfee Data Loss Prevention
Vulnerabilities have been fixed in McAfee Endpoint Security and McAfee Data Loss Prevention. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to syste...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Obtaining elevated privileges Execution of arbitrary code Accessing sensitive data The...
Vulnerabilities fixed in Siemens Ruggedcom
Siemens has fixed multiple vulnerabilities in Ruggedcom products. A malicious party could potentially exploit them to cause a denial-of-service. To do so requires sending malicious network traffic to the vulnerable device. sent. In addition, the vulnerabilities can be exploited by a malicious be...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Oracle Fusion Middleware products: JDeveloper HTTP Server Identity Manager Connector Business Intelligence Enterprise Edition WebLogic Server The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable syste...
Vulnerability handling in Palo Alto Networks PAN-OS and Prisma Access
Palo Alto Networks has identified a vulnerability in the PAN-OS’ GlobalProtect portal and gateway components. An unauthorized malicious actor can exploit this vulnerability to establish a VPN connection. As a result, the malicious actor gains access to internal systems that are accessible via the...
Vulnerabilities fixed in F5 Networks BIG-IP, F5OS and NGINX App Protect WAF
F5 Networks has fixed vulnerabilities in the BIG-IP and F5OS product lines and NGINX App Protect WAF. The vulnerabilities include several configuration issues and exploit vectors. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Building X, COMOS, Energy Services, Gridscale X, NX, RUGGEDCOM, SICAM, SIMATIC, SINEC, SINEMA, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to launch attacks that could result in the following...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Circumvention of a security measure - Manipulation of data - Execution of arbitrary code user privilege...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in SAP, NetWeaver and ABAP. The vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform include incorrect authentication controls and weak access controls, which can be exploited by authenticated attackers to escalate their privileges and gain...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator 2023. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code with privileges of the victim. To do so, the malicious party must trick the victim into opening a malicious file to open. Adobe h...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio Code and .NET Core. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Visual Studio Code:...
Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor
Vulnerabilities have been fixed in the PDF Reader and PDF Editor from Foxit. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data This...
Vulnerabilities fixed in Fortinet FortiWeb
Vulnerabilities have been fixed in Fortinet FortiWeb. The vulnerabilities marked CVE-2021-36193, CVE-2021-41018 and CVE-2021-43073 allow an authenticated remote malicious person able to execute arbitrary code or commands. The vulnerability with attribute CVE-2021-42753 enables an authenticated...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Microsoft Dynamics. The vulnerabilities allow a malicious party to launch a Cross-Site Scripting attack and the malicious party can then impersonate then impersonate another user. Microsoft Dynamics:...
Vulnerabilities fixed in Kibana
Vulnerabilities have been fixed in Kibana. The vulnerabilities allow a malicious person the opportunity to gain access to system data. Updates have been released to fix the vulnerabilities in Kibana 7.15.2 For more information, see: https://discuss.elastic.co/t/kibana-7-15-2-security-update/28892...
Vulnerability fixed in Fortinet FortiSandbox
Fortinet has fixed a vulnerability in FortiSandbox. A authenticated malicious party could potentially abuse the vulnerability to execute arbitrary code. To do so, a rogue HTTP request must be sent to the FortiSandbox appliance. sent. Fortinet has released updates to fix the vulnerability in...
Vulnerabilities fixed in RabbitMQ
Vulnerabilities have been fixed in RabbitMQ. The vulnerabilities allow a malicious person to execute arbitrary code under the user's privileges. RabbitMQ categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 3.1. RabbitMQ has released updates to address the...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. The vulnerabilities allow a malicious person to execute arbitrary code execute arbitrary code. Adobe designates these vulnerabilities as critical. Adobe has made updates available to address the vulnerabilities. fix. More information can be found on th...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiWeb and FortiSwitchManager. The vulnerabilities allow unauthenticated attackers to gain access to systems by using various techniques, including bypassing FortiCloud SSO login authentication via specially crafted SAML messages,...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in several products, including Oracle HTTP Server, Oracle WebLogic Server, and Oracle Fusion Middleware. The vulnerabilities in the Oracle products allow unauthenticated attackers to access sensitive data, conduct denial-of-service DoS attacks, and compromise the...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Industrial Edge Devices, SCALANCE, SIMATIC, SIPLUS and Telecontrol Server. The vulnerabilities potentially enable a malicious person to carry out attacks that could result in the following categories of damage: - Denial-of-Service DoS ...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including in SAP NetWeaver, SAP NetWeaver Application Server Java and SAP Landscape Transformation. The vulnerabilities are in the RMI-P4 module and the SAP NetWeaver AS Java platform, among others. The vulnerability with reference CVE-2025-42944...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data in the victim's context. Successful exploitation requires the malicious party to...
Vulnerabilities fixed in Cisco Expressway
Cisco has fixed vulnerabilities in Expressway. A malicious party could exploit the vulnerabilities to perform a Cross-Site-Request-forgery to execute on the Web-based management interface. Such an attack can lead to execution of arbitrary commands in the victim's context. Because cannot be ruled...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in the Network Performance Monitoring tools of Solarwinds Platform. A malicious person with prior authentication can exploit the vulnerabilities to execute arbitrary code at the system level of the vulnerable system. Solarwinds has released updates to address...
Vulnerabilities fixed in Cisco Identity Services Engine (ISE).
Cisco has fixed vulnerabilities in Identity Services Engine ISE. A malicious person with access to the Web-based management environment could exploit the vulnerabilities to gain access to sensitive data via a Same Server Request Forgery to gain access to sensitive data. It is good practice not to...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Bypassing security measure Remote code execution Administrator/Roo...
Vulnerability fixed in Moxa MGate
A vulnerability has been fixed in Moxa MGate. The vulnerability allows a malicious party to gain a man-in-the-middle MITM position on the vulnerable system. Moxa has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Dell Wyse Device Agent
Vulnerabilities have been fixed in Dell Wyse Device Agent. A local malicious party could exploit the vulnerabilities to gain access to the WMS server and/or gain access to sensitive information from the WMS server. Dell has released updates to fix the vulnerability in Wyse Device Agent. For more...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Increased user privileges The...
Bug fixes in Cisco NX-OS
Cisco has fixed several vulnerabilities in NX-OS for various platforms. A malicious party could exploit the vulnerabilities to cause a denial-of-service or, in specific configurations, execute arbitrary code with root privileges. No prior authentication is necessary. The vulnerable services, Cisc...
Vulnerabilities fixed in Nessus
Vulnerabilities have been fixed in Nessus. The vulnerabilities allow a locally authenticated malicious person with administrator privileges to obtain elevated privileges. The malicious party can use these privileges to execute specific Windows commands execute as the Nessus Agent host. Tenable ha...
Vulnerability fixed in Keycloak
A vulnerability has been fixed in Keycloak. The vulnerability allows a malicious party to obtain sensitive data and potentially gain elevated privileges as well. Keycloak's developers have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle Virtualization/Virtualbox. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Adobe Acrobat and Reader
Adobe has fixed vulnerabilities in Acrobat and Reader. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive...
Vulnerabilities found in various SAP products
SAP has identified vulnerabilities in the following SAP products: SAP S/4HANA, SAP Commerce Cloud, SAP Forecasting & Replenishment, SAP NetWeaver Application Server for ABAP, SAP Business Server Pages, SAP BusinessObjects Business Intelligence Platform, SAP Strategic Enterprise Management Scoreca...
ZeroDay vulnerabilities fixed in Ivanti Endpoint Manager Mobile
Ivanti has fixed two vulnerabilities in Endpoint Manager Mobile EPMM, ok known as MobileIron. The vulnerabilities allow an unauthenticated malicious person to execute arbitrary code on the vulnerable system. Of the vulnerability marked CVE-2026-1281, Ivanti reports that it has been actively...
Vulnerabilities fixed in Juniper Networks JunOS
Juniper has fixed vulnerabilities in Junos OS Specifically for SRX and MX Series devices. The vulnerabilities in Junos OS include several issues, including clickjacking, denial-of-service DoS by malformed packets, and vulnerabilities that can be exploited by unauthenticated attackers. These...
Vulnerabilities fixed in VMware ESXi and vCenter Server
VMware has fixed vulnerabilities in ESXi and vCenter Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service on the host, or to grant itself elevated privileges to perform actions that the malicious party is not initially authorized to perform. This does require the...
Vulnerabilities fixed in Lenovo notebook BIOS
Vulnerabilities have been found in several Lenovo laptop models by researchers from security firm ESET. These vulnerabilities are Lenovo-specific, a full list of affected Lenovo laptops can be found under "Possible fixes." Two of these vulnerabilities, with attributes CVE-2021-3970 and...
Vulnerability fixed in Fortinet Fortimanager
Fortinet has fixed a vulnerability in Fortimanager. A authenticated malicious party could potentially abuse it to manipulate VPN tunnels without having the necessary permissions to do so. Fortinet has released updates to fix the vulnerability in Fortimanager 6.4.6 & 7.0.0. For more information,...
Vulnerabilities fixed in PAN-OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Jira
Vulnerabilities have been fixed in JIRA. The vulnerabilities allow a malicious person to perform a Cross-Site Scripting attack and to obtain system data. Atlassian categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 8.2. Atlassian has released updates to addre...