4197 matches found
Vulnerabilities fixed in Fortinet FortiSandbox
Fortinet has fixed vulnerabilities in FortiSandbox. The vulnerability with reference CVE-2024-45328 includes improper authorization that allows low-privileged administrators to execute elevated CLI commands through the GUI console. In addition, there is an SQL injection vulnerability with attribu...
Fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb.
Fortinet has fixed a vulnerability in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb. The vulnerability is in how certain Fortinet products handle HTTP and HTTPS requests. A malicious party with certain privileges can send specially crafted requests that lead to the execution of unauthorize...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or execute arbitrary code with the privileges of the vulnerable application. Azure PromptFlow:...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openin...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft fixed vulnerabilities in Visual Studio and .NET A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and/or execute arbitrary code with developer privileges. Because developers tend to work under elevated privileges, it cannot be ruled out that...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter and Tecnomatix. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...
Vulnerabilities fixed in SAP software
SAP has fixed several vulnerabilities in its software components, including SAP Commerce, SAP NetWeaver, and SAP BusinessObjects. The vulnerabilities include Cross-Site Scripting XSS and missing authorization controls, which allow attackers to gain unauthorized access, manipulate data, and reveal...
Vulnerability fixed in Elastic Kibana
Elastic has fixed a vulnerability in Kibana. The vulnerability with reference CVE-2025-25015 allows an authenticated remote malicious person to execute arbitrary code via a specially prepared file upload and specially prepared HTTP requests. The exploitability of this vulnerability depends on the...
Vulnerabilities fixed in IBM Storage products
IBM has fixed vulnerabilities in IBM FlashSystem, SAN Volume Controller, Storwize and Storage Virtualize. The vulnerabilities are in the RPCAdapter service of specific versions of IBM FlashSystem. Attackers can bypass RPCAdapter authentication through specially crafted HTTP requests, which can le...
Vulnerabilities fixed in VMware products
Broadcom has fixed vulnerabilities in VMware ESXi including Workstation and Fusion. The vulnerabilities include a TOCTOU vulnerability that allows a malicious person with local administrative privileges to execute code as the VMX process on the host via an out-of-bounds write. In addition, there ...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed several vulnerabilities in Android and Samsung Mobile, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The vulnerabilities are in the Android kernel and the ExternalStorageProvider.java, which can lead to local privilege escalation and...
Vulnerability fixed in Zohocorp ManageEngine ADSelfService Plus
Zohocorp has fixed a vulnerability in ManageEngine ADSelfService Plus Specifically for versions 6510 and earlier. The vulnerability is in the way sessions are managed in ManageEngine ADSelfService Plus. This issue allows valid account holders to abuse the system, which can lead to possible accoun...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE versions for 17.7.6, 17.8.4 and 17.9.1. The vulnerability is in the ability for HTML injection in searches of child items. This vulnerability can be exploited by malicious parties to perform cross-site scripting XSS attacks. The potential for...
Vulnerability fixed in MITRE Caldera
MITRE has fixed a vulnerability in Caldera Specifically for versions 4.2.0 and 5.0.0. The vulnerability is in how the Caldera server processes Web requests. Malicious attackers can send specially crafted Web requests to the Caldera server API, allowing them to execute arbitrary code on the server...
Vulnerabilities fixed in Mattermost
Mattermost fixed vulnerabilities in versions 10.4.x, 9.11.x, 10.3.x, 10.2.x and 10.1.x. The vulnerabilities include failure to invalidate active sessions when converting to a bot, incorrect input validation during board patching and duplication, SQL injection attacks due to lack of prepared...
Vulnerability fixed in Exim
Exim's developers have fixed an SQL injection vulnerability. A malicious party could exploit the vulnerability to execute an SQL injection. This allows the malicious party to gain access to sensitive data and potentially execute arbitrary code with privileges from the Exim installation. The exim...
Vulnerability fixed in XWiki
XWiki has fixed a vulnerability in the system. The vulnerability is in the way XWiki handles the SolrSearch request. This allows a guest to execute arbitrary external code, compromising the confidentiality, integrity and availability of the system. The documentation provides specific steps for...
Vulnerabilities fixed in Nagios XI
Nagios has fixed vulnerabilities in Nagios XI Specific to version 2024R1.2.2. The vulnerability is in the way Nagios XI handles user information, allowing unauthenticated users to access usernames and e-mail addresses of all current users. This can lead to unauthorized access and exploitation of...
Vulnerabilities fixed in IBM Cognos Controller
IBM has fixed vulnerabilities in IBM Cognos Controller Versions 11.0.0 to 11.0.1 FP3 and 11.1.0. The vulnerabilities allow a malicious person to perform attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Cross-Site-Scripting XSS. - Circumvention of a security...
Vulnerabilities fixed in Palo Alto Networks PAN OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an authentication bypass that allows unauthenticated malicious actors to invoke specific PHP scripts through the management Web interface, an unauthenticated file deletion that allows malicious actors to delete...
Vulnerability fixed in PostgreSQL
A vulnerability has been fixed in PostgreSQL. The vulnerability is located in the libpq functions of PostgreSQL and involves an SQL injection error. Improper processing of quotes and incorrectly formed UTF-8 sequences can lead to arbitrary code execution. This vulnerability is being actively...
Vulnerability fixed in Juniper Session Smart Router
Juniper has fixed a vulnerability in the Session Smart Router. The vulnerability allows a malicious person to access and thus take over the vulnerable system without prior authentication. Juniper has released updates to fix the vulnerability. See attached references for more information...
Vulnerabilities fixed in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in several products, including FortiOS, FortiProxy, FortiPAM, FortiSwitchManager, FortiSandbox, FortiManager and FortiAnalyzer. The vulnerabilities include the ability for privileged attackers to execute arbitrary code or commands by sending specially crafted...
Vulnerabilities fixed in SonicWall SonicOS
Sonicwall has fixed vulnerabilities in SonicOS for Gen6 and Gen7 firewalls. The first vulnerability concerns a weak pseudo-random number generator in the SSLVPN CVE-2024-40762, allowing attackers to predict authentication tokens in some cases. CVE-2024-53704 concerns improper authentication in th...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as APOGEE, Opcenter, RUGGEDCOM, SCALANCE, SIMATIC, SIPROTEC and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS -...
Vulnerability fixed in Veeam
Veeam has fixed a vulnerability in the Veeam Updater component. The vulnerability is in how the Veeam Updater component validates TLS certificates. Insufficient validation can allow Man-in-the-Middle attackers to execute arbitrary code on affected servers. This can lead to unauthorized access and...
Vulnerability fixed in Fortinet FortiOS
Fortinet has fixed a vulnerability in FortiOS Specifically for versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. The vulnerability is in the way FortiOS handles UDP packets. A malicious party, if stack protection is bypassed and the fabric service is active on the exposed interface, can execute arbitra...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 14.1 to 17.8.2. The vulnerabilities include a denial-of-service vulnerability, an external service interaction vulnerability, a critical XSS vulnerability, improper authorization vulnerabilities, an insecure direct object...
Vulnerabilities fixed in Schneider Electric ASCO
Schneider Electric fixed vulnerabilities in ASCO Annunciator The vulnerabilities include a critical vulnerability that allows malicious firmware to be downloaded without integrity checks, which can lead to device inoperability. In addition, a vulnerability stems from allocating resources without...
Vulnerability fixed in CrowdStrike Falcon sensor
CrowdStrike has fixed a vulnerability in its Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability is in the Falcon sensor's validation logic, which could lead to a man-in-the-middle attack. While there is no evidence of exploitation relat...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Adobe Commerce and Magento. The vulnerabilities include a Path Traversal, unauthorized actions, information exposition, improper authorization, and several stored XSS vulnerabilities. These vulnerabilities allow attackers to gain unauthorized access, reveal...
Vulnerabilities fixed in Ivanti Connect Secure and Ivanti Policy Secure
Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. The most pressing vulnerabilities include buffer overflow, command injection and code injection. These vulnerabilities allow remote authenticated attackers to remotely execute code, gain unauthorized access to sensitive...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as APOGEE, Opcenter, RUGGEDCOM, SCALANCE, SIMATIC, SIPROTEC and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS -...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data and execute arbitrary code with the victim's privileges. Successful exploitation requires the malicious party to trick t...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with developer privileges. Successful exploitation requires the malicious party to trick the victim into opening...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure Network Watcher and the HPC Linux Node Agent. A malicious person could grant themselves elevated privileges by exploiting the vulnerability with attribute CVE-2025-21188 in the Network Watcher, or to execute arbitrary code by exploiting the vulnerabili...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS. - Obtaining elevated privileges - Circumvention of security measure - Spoofing - Execution of...
Vulnerability fixed in Apple iOS and iPadOS
Apple has fixed a vulnerability in iOS and iPadOS. A malicious person with physical access to the vulnerable device can exploit the vulnerability to bypass USB restrictions, even when the system is locked. This allows the malicious party to install arbitrary software on the device. Successful abu...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in SAP NetWeaver, BusinessObjects Business Intelligence platform, Enterprise Project Connection and Commerce, among others. The vulnerabilities in SAP NetWeaver include a lack of access control, which allows unauthenticated attackers to gain access to sensitive serve...
Vulnerabilities fixed in Cisco IOS, IOS XE and IOS XR Software
Cisco has fixed several vulnerabilities in IOS, IOS XE and IOS XR Software. The vulnerabilities are in how the SNMP subsystem on the vulnerable devices handles traffic. Authenticated malicious actors can send specially crafted SNMP requests, which can lead to denial-of-service DoS conditions on t...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in BIG-IP. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS. - Circumvention of a security measure - Execution of arbitrary code Root/admin - Execution of arbitrary cod...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed vulnerabilities in Cisco Identity Services Engine ISE. The vulnerabilities are in the API of Cisco ISE, which allows an authenticated remote malicious person to execute arbitrary commands as the root user through insecure deserialization of Java byte streams. All of these...
Vulnerabilities fixed in Cisco AsyncOS Software
Cisco has fixed vulnerabilities in Cisco AsyncOS Software Specific to Cisco Secure Web Appliance and Cisco Secure Email Gateway. The vulnerabilities are in the way Cisco AsyncOS Software handles requests and configuration files. An attacker can gain unauthenticated access to the system by using...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 135 and 128.7. The vulnerabilities include a double-free vulnerability, use-after-free conditions, and race conditions that can lead to memory damage, unauthorized access, and privacy risks. Malicious...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies, Unisoc and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. The vulnerabilities include...
Vulnerabilities fixed in Zimbra Collaboration
Zimbra has fixed several vulnerabilities in Zimbra Collaboration. The vulnerabilities included an SQL injection in the ZimbraSyncService SOAP endpoint and an SSRF vulnerability in the RSS feed parser that allowed unauthorized access and manipulation of the database, as well as unauthorized...
Vulnerabilities fixed in VMware Aria Operations
VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include an information leak that allows malicious users with View Only Admin privileges to potentially read the login credentials of integrated VMware products. In addition, there is a stored cross-site scripting...
Vulnerabilities fixed in Rockwell Automation FactoryTalk
Rockwell Automation has fixed vulnerabilities in FactoryTalk View Site. The vulnerabilities are related to improper permissions settings on the remote debugger port, allowing unauthenticated users to access system configurations. This can lead to unauthorized changes. In addition, there is a loca...
Vulnerabilities fixed in Rockwell Automation FactoryTalk
Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the vulnerable system elevated privileges. For successful exploitation, the malicious party must ha...