4197 matches found
Vulnerabilities fixed in Apple iPadOS and iOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include problems with memory management, input validation, and Web content processing that could lead to unauthorized access, execution of arbitrary code, and denial-of-service attacks. Apple indicates that CVE-2025-24085, whi...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for the Advanced Outbound Telephony, Project Foundation, Customer Care and Workflow components. The vulnerabilities are in several components of the Oracle E-Business Suite. The Advanced Outbound Telephony component contains...
Vulnerability fixed in FortiNet FortiOS and FortiProxy
FortiNet has fixed a vulnerability in FortiOS and FortiProxy. The vulnerability is in the node.js implementation of the management Web interface and allows a malicious person to bypass authentication to become super-admin on the vulnerable system without prior authentication or authorizations. Fo...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Ventura Specific to versions 13.7.3, Sequoia Specific to versions 15.3 and Sonoma Specific to versions 14.7.3. The vulnerabilities cover several issues, including unauthorized access to sensitive user data, incorrect permissions, and vulnerabilities that c...
Vulnerability fixed in Cisco Meeting Management
Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is located in Cisco Meeting Management's REST API, which allows remote, authenticated attackers with low privileges to elevate their privileges to administrator level through inadequate authorization enforcement. This...
Vulnerability fixed in Cisco BroadWorks
Cisco has fixed a vulnerability in Cisco BroadWorks. The vulnerability is in how the Cisco BroadWorks SIP processing system handles specific SIP requests. Unauthenticated remote attackers can exploit this vulnerability to perform a denial-of-service DoS attack, which can lead to memory exhaustion...
Vulnerability fixed in SonicWall SMA1000 Appliance
SonicWall has fixed a vulnerability in the SMA1000 Appliance Management Console and Central Management Console. The vulnerability is located in the SMA1000 Appliance Management Console and Central Management Console, which allows remote, unauthenticated attackers to execute arbitrary OS commands...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in Oracle Analytics products, such as Business Intelligence, Analytics Desktop and BI Publisher. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data. Oracle has released updates to fix the...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed several vulnerabilities in its products, including Oracle Fusion Middleware, Oracle WebLogic Server, and Oracle HTTP Server. The vulnerabilities are in several Oracle products, including Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, which allow unauthenticated...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools specifically for versions prior to 9.2.9.2. The vulnerabilities in Oracle JD Edwards EnterpriseOne Tools allow unauthenticated malicious actors to compromise the system via HTTP requests. This can lead to unauthorized access to...
Vulnerabilities fixed in Oracle Financial Services
Oracle has fixed several vulnerabilities in Financial Services and components. The vulnerabilities allow unauthenticated attackers to gain access to critical data and compromise system integrity. Specific vulnerabilities can lead to compromise of confidentiality, integrity and availability, with...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in Oracle MySQL. The vulnerabilities allow a malicious person to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of a security measure - Accessing sensitive data Oracle has released...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed several vulnerabilities in Oracle PeopleSoft, specifically in versions 8.60, 8.61 and 9.2. The vulnerabilities in Oracle PeopleSoft allow authenticated malicious parties to gain unauthorized access to specific data via HTTP network access, which can lead to unauthorized data...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle fixed vulnerabilities in Oracle Enterprise Manager A malicious party could exploit the vulnerabilities to gain access to sensitive data or cause a Denial-of-Service. Oracle has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed several vulnerabilities in its Communications products, including Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function and Oracle Communications Order and Service Management. The vulnerabilities allow unauthenticated malicious actors t...
Vulnerabilities fixed in Oracle Database products
Oracle has fixed vulnerabilities in several database products and subsystems, including the Core Database, Grail, Application Express, GoldenGate and REST data. The vulnerabilities are in several components of the Oracle Database, including the Data Mining component and the Java VM. These...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. The first vulnerability CVE-2025-0282 can be exploited by malicious parties to execute arbitrary code remotely without authentication. The second vulnerability CVE-2025-0283 can be exploited by a locally authenticated malicious...
Vulnerabilities fixed in Schneider Electric Modicon
Schneider Electric has fixed vulnerabilities in Modicon M340, M580 and various communication modules. A malicious party could exploit the vulnerabilities to cause a denial-of-service or gain access to system data and possibly affect the operation of the controllers. For successful abuse, the...
Vulnerabilities fixed in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy. The vulnerabilities include hard-coded cryptographic keys, improper processing of OS commands, and out-of-bounds write and read errors. Attackers can exploit these vulnerabilities to gain...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager EPM that were present in versions prior to the January 2025 security updates. The vulnerabilities include path traversal, SQL injection, deserialization, incorrect file name validation and insufficient signature validation. These...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 134 and 128.6. The vulnerabilities include client-side path traversal, privilege escalation and use-after-free conditions. These vulnerabilities can be exploited by malicious parties to gain unauthorized...
Vulnerabilities fixed in Rsync
Rsync Project has fixed vulnerabilities in Rsync versions 3.4.0. The most critical vulnerabilities in Rsync include a heap-based 'buffer overflow' CVE-2024-12084 and an 'info leak' CVE-2024-12085 that can lead to arbitrary code execution present in Rsync versions 3.2.7 & 3.3.0. In addition, there...
Vulnerability fixed in Microsoft Dynamics Power Automate
Microsoft has fixed a vulnerability in Power Automate for Desktops. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure products. A malicious person with prior authentication could exploit the vulnerabilities to gain access to sensitive data in the victim's context. Successful misuse requires the victim to log in, where the malicious person manages to win a race...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious person could exploit the vulnerabilities to bypass a security measure, impersonate another user, access sensitive data or execute arbitrary code in the victim's context. Successful exploitation requires the malicious part...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data or execute arbitrary code in the victim's context. Successful exploitation requires the malicious party to trick the...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial of Service DoS - Circumvention of security measure - Execution of arbitrary code User Rights - Execution of arbitrar...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Industrial Edge Management, Mendix, SIMATIC, SIPROTEC and Siveillance. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. -...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in SAP, NetWeaver and ABAP. The vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform include incorrect authentication controls and weak access controls, which can be exploited by authenticated attackers to escalate their privileges and gain...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunS Specifically JunOS and JunOS Evolved. The vulnerabilities are in the way Juniper's JunOS and JunOS Evolved handle BGP packets and IPv6 packets. The first vulnerability can be exploited by unauthenticated attackers sending distorted BGP packets, which can...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Ivanti Connect Secure Specific for versions prior to 22.7R2.4 and Policy Secure Specific for versions prior to 22.7R1.2. The vulnerabilities are in the Secure Application Manager component and the IPSEC component of Ivanti Connect Secure and Policy Secure and d...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit the...
Vulnerabilities fixed in Moxa's cellular routers and network security devices
Moxa has fixed vulnerabilities in Moxa's cellular routers and network security devices Specifically, CVE-2024-9138 and CVE-2024-9140. Vulnerability CVE-2024-9138 involves hard-coded credentials that allow authenticated users to escalate their privileges, ultimately leading to root access. This...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. UPDATE: Researchers have published proof of concept PoC code demonstrating the vulnerability with attribute CVE-2024-49113. Successful exploitation requires the malicious party to have access to both a DC with LDAP and a rogue server under their own...
Vulnerabilities fixed in Ipswitch WhatsUp Gold
Ipswitch has fixed vulnerabilities in WhatsUp Gold Versions before 2024.0.2 and earlier. The vulnerabilities are in versions of WhatsUp Gold before 2024.0.2. An authenticated user could misuse a specific HTTP call, which could lead to the disclosure of sensitive information and compromise data...
Vulnerabilities fixed in Foxit PDF Reader and PDF Editor
Foxit has fixed vulnerabilities in Foxit PDF Reader. The vulnerabilities include a remote code execution vulnerability due to improper validation of user-supplied data in AcroForms, a memory corruption related to AcroForm functionality, and a local privilege escalation vulnerability that can be...
Vulnerability fixed in Palo Alto Networks PAN OS
Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS processes specially crafted DNS packets from attackers. This can lead to a device reboot and, on repeated attempts, the firewall can enter maintenance mode. Palo Alto says it has received reports from...
Vulnerability fixed in Adobe ColdFusion
Adobe has fixed a vulnerability in ColdFusion versions 2023.11, 2021.17 and earlier. The vulnerability is in the way ColdFusion handles path traversal. This security issue can lead to unauthorized access to sensitive files and folders located outside the application's designated restricted...
Vulnerabilities fixed in IBM Cognos Analytics
IBM fixed vulnerabilities in IBM Cognos Analytics The vulnerability in IBM Cognos Analytics arises from improper validation of file extensions, allowing remote attackers to upload arbitrary files. This security issue can lead to the execution of malicious code on the affected system, posing a...
Vulnerability fixed in Apache Struts
Apache has fixed a vulnerability in Apache Struts Versions from 2.0.0 to before 6.4.0. The vulnerability is in the way the file upload logic is implemented in the deprecated FileUploadInterceptor. This vulnerability can be exploited to execute arbitrary code on systems running these versions. Sin...
Vulnerability fixed in FortiManager
Fortinet has fixed a vulnerability in FortiManager. The vulnerability is in the OS command injection in FortiManager, which allows authenticated remote attackers to execute unauthorized code via specially crafted FGFM requests. Fortinet has released updates to fix the vulnerability. See attached...
Vulnerabilities fixed in Rockwell Automation Power Monitor 1000
Rockwell Automation has fixed vulnerabilities in the Power Monitor 1000. The vulnerabilities are in the API of the Power Monitor 1000, which allows unauthorized users to configure new Policyholder users with high privileges. This allows attackers to edit existing users, create new administrators...
Vulnerability fixed in Fortinet FortiWLM
Fortinet has fixed a vulnerability in FortiWLM Specifically for versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4. The vulnerability is located in FortiWLM's relative path-traversal functionality, which allows remote, unauthenticated attackers to execute unauthorized code via specially crafted Web...
Vulnerability fixed in BeyondTrust Privileged Remote Access
BeyondTrust has fixed a vulnerability in Privileged Remote Access and Remote Support products. The vulnerability is located within the Privileged Remote Access and Remote Support products, allowing unauthenticated attackers to execute commands as a site user. The attack can lead to unauthorized...
Vulnerabilities fixed in XWiki Platform
XWiki has fixed vulnerabilities in the XWiki Platform Specifically for versions 15.10.9 and 16.3.0. The vulnerabilities are in the way the XWiki Platform handles user permissions. A malicious user with programming privileges can execute code through the Extension Repository Application, or by...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 11.0 to 17.6.2. The vulnerabilities are located in several versions of GitLab CE/EE and allow attackers to create groups with names that match existing unique domains, which can lead to domain confusion. In addition, users...
Vulnerability fixed in Schneider Electric Modicon
Schneider Electric has fixed a vulnerability in devices that use the Modbus protocol. The vulnerability is in how devices using the Modbus protocol validate input. When an unauthenticated and customized Modbus packet is sent to the device, it can result in a denial-of-service, compromising both t...
Vulnerabilities fixed in macOS
Apple has fixed vulnerabilities in macOS Sequoia 15.2, Ventura 13.7.2, and Sonoma 14.7.2. The vulnerabilities include a use-after-free vulnerability that could lead to unexpected application termination or arbitrary code execution, and logic issues that allowed applications to modify protected...
Vulnerabilities fixed in Apple iPadOS and iOS
Apple has fixed vulnerabilities in iPadOS Specific to versions 17.7.3 and 18.2 and iOS Specific to 18.2. The vulnerabilities include a denial-of-service issue, logic issues that allowed unauthorized privilege escalation, and unexpected system terminations due to memory corruption. These...
Vulnerabilities fixed in Ivanti Cloud Security Appliance
Ivanti has fixed vulnerabilities in the Cloud Security Appliance CSA for versions prior to 5.0.3. The vulnerabilities are located in the admin web console of the Ivanti Cloud Security Appliance. The first vulnerability involves an authentication bypass, allowing remote unauthenticated attackers t...