4179 matches found
Vulnerabilities fixed in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy. The vulnerabilities include hard-coded cryptographic keys, improper processing of OS commands, and out-of-bounds write and read errors. Attackers can exploit these vulnerabilities to gain...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager EPM that were present in versions prior to the January 2025 security updates. The vulnerabilities include path traversal, SQL injection, deserialization, incorrect file name validation and insufficient signature validation. These...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 134 and 128.6. The vulnerabilities include client-side path traversal, privilege escalation and use-after-free conditions. These vulnerabilities can be exploited by malicious parties to gain unauthorized...
Vulnerabilities fixed in Rsync
Rsync Project has fixed vulnerabilities in Rsync versions 3.4.0. The most critical vulnerabilities in Rsync include a heap-based 'buffer overflow' CVE-2024-12084 and an 'info leak' CVE-2024-12085 that can lead to arbitrary code execution present in Rsync versions 3.2.7 & 3.3.0. In addition, there...
Vulnerability fixed in Microsoft Dynamics Power Automate
Microsoft has fixed a vulnerability in Power Automate for Desktops. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure products. A malicious person with prior authentication could exploit the vulnerabilities to gain access to sensitive data in the victim's context. Successful misuse requires the victim to log in, where the malicious person manages to win a race...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious person could exploit the vulnerabilities to bypass a security measure, impersonate another user, access sensitive data or execute arbitrary code in the victim's context. Successful exploitation requires the malicious part...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data or execute arbitrary code in the victim's context. Successful exploitation requires the malicious party to trick the...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial of Service DoS - Circumvention of security measure - Execution of arbitrary code User Rights - Execution of arbitrar...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Industrial Edge Management, Mendix, SIMATIC, SIPROTEC and Siveillance. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. -...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in SAP, NetWeaver and ABAP. The vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform include incorrect authentication controls and weak access controls, which can be exploited by authenticated attackers to escalate their privileges and gain...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunS Specifically JunOS and JunOS Evolved. The vulnerabilities are in the way Juniper's JunOS and JunOS Evolved handle BGP packets and IPv6 packets. The first vulnerability can be exploited by unauthenticated attackers sending distorted BGP packets, which can...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Ivanti Connect Secure Specific for versions prior to 22.7R2.4 and Policy Secure Specific for versions prior to 22.7R1.2. The vulnerabilities are in the Secure Application Manager component and the IPSEC component of Ivanti Connect Secure and Policy Secure and d...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit the...
Vulnerabilities fixed in Moxa's cellular routers and network security devices
Moxa has fixed vulnerabilities in Moxa's cellular routers and network security devices Specifically, CVE-2024-9138 and CVE-2024-9140. Vulnerability CVE-2024-9138 involves hard-coded credentials that allow authenticated users to escalate their privileges, ultimately leading to root access. This...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. UPDATE: Researchers have published proof of concept PoC code demonstrating the vulnerability with attribute CVE-2024-49113. Successful exploitation requires the malicious party to have access to both a DC with LDAP and a rogue server under their own...
Vulnerabilities fixed in Ipswitch WhatsUp Gold
Ipswitch has fixed vulnerabilities in WhatsUp Gold Versions before 2024.0.2 and earlier. The vulnerabilities are in versions of WhatsUp Gold before 2024.0.2. An authenticated user could misuse a specific HTTP call, which could lead to the disclosure of sensitive information and compromise data...
Vulnerabilities fixed in Foxit PDF Reader and PDF Editor
Foxit has fixed vulnerabilities in Foxit PDF Reader. The vulnerabilities include a remote code execution vulnerability due to improper validation of user-supplied data in AcroForms, a memory corruption related to AcroForm functionality, and a local privilege escalation vulnerability that can be...
Vulnerability fixed in Palo Alto Networks PAN OS
Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS processes specially crafted DNS packets from attackers. This can lead to a device reboot and, on repeated attempts, the firewall can enter maintenance mode. Palo Alto says it has received reports from...
Vulnerability fixed in Adobe ColdFusion
Adobe has fixed a vulnerability in ColdFusion versions 2023.11, 2021.17 and earlier. The vulnerability is in the way ColdFusion handles path traversal. This security issue can lead to unauthorized access to sensitive files and folders located outside the application's designated restricted...
Vulnerabilities fixed in IBM Cognos Analytics
IBM fixed vulnerabilities in IBM Cognos Analytics The vulnerability in IBM Cognos Analytics arises from improper validation of file extensions, allowing remote attackers to upload arbitrary files. This security issue can lead to the execution of malicious code on the affected system, posing a...
Vulnerability fixed in Apache Struts
Apache has fixed a vulnerability in Apache Struts Versions from 2.0.0 to before 6.4.0. The vulnerability is in the way the file upload logic is implemented in the deprecated FileUploadInterceptor. This vulnerability can be exploited to execute arbitrary code on systems running these versions. Sin...
Vulnerability fixed in FortiManager
Fortinet has fixed a vulnerability in FortiManager. The vulnerability is in the OS command injection in FortiManager, which allows authenticated remote attackers to execute unauthorized code via specially crafted FGFM requests. Fortinet has released updates to fix the vulnerability. See attached...
Vulnerabilities fixed in Rockwell Automation Power Monitor 1000
Rockwell Automation has fixed vulnerabilities in the Power Monitor 1000. The vulnerabilities are in the API of the Power Monitor 1000, which allows unauthorized users to configure new Policyholder users with high privileges. This allows attackers to edit existing users, create new administrators...
Vulnerability fixed in Fortinet FortiWLM
Fortinet has fixed a vulnerability in FortiWLM Specifically for versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4. The vulnerability is located in FortiWLM's relative path-traversal functionality, which allows remote, unauthenticated attackers to execute unauthorized code via specially crafted Web...
Vulnerability fixed in BeyondTrust Privileged Remote Access
BeyondTrust has fixed a vulnerability in Privileged Remote Access and Remote Support products. The vulnerability is located within the Privileged Remote Access and Remote Support products, allowing unauthenticated attackers to execute commands as a site user. The attack can lead to unauthorized...
Vulnerabilities fixed in XWiki Platform
XWiki has fixed vulnerabilities in the XWiki Platform Specifically for versions 15.10.9 and 16.3.0. The vulnerabilities are in the way the XWiki Platform handles user permissions. A malicious user with programming privileges can execute code through the Extension Repository Application, or by...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 11.0 to 17.6.2. The vulnerabilities are located in several versions of GitLab CE/EE and allow attackers to create groups with names that match existing unique domains, which can lead to domain confusion. In addition, users...
Vulnerability fixed in Schneider Electric Modicon
Schneider Electric has fixed a vulnerability in devices that use the Modbus protocol. The vulnerability is in how devices using the Modbus protocol validate input. When an unauthenticated and customized Modbus packet is sent to the device, it can result in a denial-of-service, compromising both t...
Vulnerabilities fixed in macOS
Apple has fixed vulnerabilities in macOS Sequoia 15.2, Ventura 13.7.2, and Sonoma 14.7.2. The vulnerabilities include a use-after-free vulnerability that could lead to unexpected application termination or arbitrary code execution, and logic issues that allowed applications to modify protected...
Vulnerabilities fixed in Apple iPadOS and iOS
Apple has fixed vulnerabilities in iPadOS Specific to versions 17.7.3 and 18.2 and iOS Specific to 18.2. The vulnerabilities include a denial-of-service issue, logic issues that allowed unauthorized privilege escalation, and unexpected system terminations due to memory corruption. These...
Vulnerabilities fixed in Ivanti Cloud Security Appliance
Ivanti has fixed vulnerabilities in the Cloud Security Appliance CSA for versions prior to 5.0.3. The vulnerabilities are located in the admin web console of the Ivanti Cloud Security Appliance. The first vulnerability involves an authentication bypass, allowing remote unauthenticated attackers t...
Vulnerability fixed in Splunk Enterprise
Splunk has fixed a vulnerability in Splunk Enterprise and Splunk Secure Gateway. The vulnerability is in specific versions of Splunk Enterprise and Splunk Secure Gateway, allowing low-privileged users to remotely execute code without needing admin rights. Splunk has released updates to fix the...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed vulnerabilities in Adobe Connect Versions 12.6, 11.4.7 and earlier. The vulnerabilities include both stored and reflected Cross-Site Scripting XSS that allow attackers to insert and execute malicious scripts in users' browsers. This can lead to unauthorized actions in the context ...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed several vulnerabilities in Acrobat Reader including versions up to and including 24.005.20307. The vulnerabilities include a Use After Free vulnerability that can lead to arbitrary code execution and denial-of-service. All vulnerabilities require user interaction for exploitation,...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Versions 29.0.0, 28.7.2 and earlier. The vulnerabilities are in the way Adobe Illustrator handles specially crafted files. The first vulnerability allows attackers to execute arbitrary code when a user opens a malicious file, which can lead to...
Vulnerability fixed in Adobe After Effects
Adobe has fixed a vulnerability in Adobe After Effects Specifically for versions 24.6.2, 25.0.1 and earlier. The vulnerability is in the way Adobe After Effects handles files. When a user opens a maliciously crafted file, it can cause a buffer overflow, which can result in the execution of...
Vulnerabilities fixed in Animate
Animate fixed vulnerabilities in versions 23.0.8, 24.0.5 and earlier. The vulnerabilities in the Animate software can lead to arbitrarily code execution. These vulnerabilities require user interaction, specifically by opening a malicious file. The vulnerability could allow an attacker to execute...
Vulnerabilities fixed in Adobe InDesign Desktop
Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID19.5, ID18.5.4 and earlier. The vulnerabilities include stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read, all of which can lead to code execution when a user opens a malicious file. Thes...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Desktop Versions 26.0 and earlier. The vulnerability is in how Photoshop handles memory management, specifically a Use After Free error. This vulnerability allows an attacker to execute arbitrary code, but requires user interaction such as opening a...
Vulnerability fixed in Adobe Premiere Pro
Adobe has fixed a vulnerability in Premiere Pro Specifically for versions 25.0, 24.6.3 and earlier. The vulnerability is in the way Premiere Pro handles files, leading to a heap-based buffer overflow. This can allow a malicious party to execute arbitrary code when a user opens a maliciously craft...
Vulnerability fixed in Adobe Framemaker
Adobe has fixed a vulnerability in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerability is in the way Adobe Framemaker handles files. A malicious party can exploit this vulnerability by creating a malicious file and allowing it to be opened, which can lead to...
Vulnerabilities fixed in Drupal Core
Drupal has fixed vulnerabilities in Drupal Core Specifically for versions 7.0 to 7.102, 8.0.0 to before 10.2.11, 10.3.0 to before 10.3.9, and 11.0.0 to before 11.0.8. The vulnerabilities in Drupal Core are related to privilege escalation and deserialization of untrusted data, which can lead to...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as COMOS, RUGGEDCOM, SENTRON, SICAM, SIMATIC and TeamCenter. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Cross-Site Scriptin...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in SAP NetWeaver, ABAP, Web Dispatcher, Business Objects, HCM and Commerce Cloud. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Server-Side Request Forgery SSRF. ...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and potentially gain access to sensitive information in the victim's context. Successful...
Vulnerabilities fixed in Qlik Sense Enterprise for Windows
Qlik has fixed vulnerabilities in Qlik Sense Enterprise for Windows for versions before November 2024 IR. The vulnerabilities are in the way Qlik Sense Enterprise handles network access for non-privileged users. These users can create connection objects that can execute arbitrary EXE files, leadi...
Vulnerabilities fixed in Mitel MiCollab
Mitel has fixed vulnerabilities in Mitel MiCollab Specifically the Unified Messaging and Conferencing components. The vulnerabilities are in the way Mitel MiCollab components handle user input. An attacker can exploit these vulnerabilities to gain unauthorized access to user data and system...
Vulnerabilities fixed in QNAP operating systems
QNAP has fixed vulnerabilities in several versions of their operating systems, including QTS and QuTS hero. The vulnerabilities include improper authentication, certificate validation issues, incorrect URL encryption, CRLF injection and command injection. These vulnerabilities allowed attackers t...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products such as Jira, Bamboo and Confluence. The vulnerabilities are in several third-party components from developers such as Oracle, RedHat and the Apache consortium. These vulnerabilities can lead to memory exhaustion and denial-of-service DoS du...