Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series

ABB has fixed vulnerabilities in ABB ASPECT, NEXUS Series and MATRIX Series Specifically for versions up to 3.08.02. The vulnerabilities include unauthorized access to files on the Web server, which can lead to data leakage or unauthorized data manipulation. In addition, serious vulnerabilities...

Vulnerabilities fixed in SonicWall SMA100 SSLVPN

SonicWall has fixed vulnerabilities in the SMA100 SSLVPN Specifically for firmware versions 10.2.1.13-72sv and earlier. The vulnerabilities in the SonicWall SMA100 SSLVPN include a heap-based buffer overflow, a stack-based buffer overflow, and a problem with the certificate requirement during...

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities in Veeam Backup & Replication allow low-privileged users to remotely execute code, extract stored credentials in plain text, launch an agent in server mode, manipulate configurations within the virtual...

Vulnerabilities fixed in Zabbix

Zabbix has fixed vulnerabilities in the Zabbix server and frontend. The vulnerabilities include a stack buffer overflow in the zbxsnmpcachehandleengineid function, which can lead to execution of arbitrary code or a denial of service. In addition, there is an SQL injection vulnerability that allow...

Vulnerabilities fixed in IBM Security Verify Access Appliance

IBM has fixed vulnerabilities in IBM Security Verify Access Appliance Versions 10.0.0 to 10.0.8. The vulnerabilities include an ability for remote authenticated attackers to execute arbitrary commands on the system, privilege escalation for locally authenticated non-administrative users through...

Vulnerability fixed in Zabbix

A vulnerability has been fixed in Zabbix. The vulnerability is in how the CUser class handles the addRelatedObjects function. This could allow non-administrators with API access to perform an SQL injection, which could lead to unauthorized access to sensitive data. The vulnerability could enable...

Vulnerabilities fixed in VMware Aria Operations

VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include local privilege escalation and stored cross-site scripting XSS. Local privilege escalation allows an attacker with local administrative privileges to increase their access to the root user level on the device,...

Vulnerabilities discovered in Veritas Enterprise Vault

Vulnerabilities have been discovered in Veritas Enterprise Vault Specifically for versions earlier than 15.2. The vulnerabilities are in how Veritas Enterprise Vault handles the deserialization of untrusted data sent through a .NET Remoting TCP port. This enables malicious actors to execute...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. Two vulnerabilities in iOS and iPadOS 17.7.2 CVE-2024-44308 & CVE-2024-44309 can lead to execution of arbitrary code. Apple states that active misuse of these vulnerabilities is known. A malicious party can exploit the vulnerabilities in...

Vulnerabilities fixed in Apple macOS and Safari

Apple has fixed several vulnerabilities in macOS and Safari. Two vulnerabilities CVE-2024-44308 & CVE-2024-44309 in present in macOS Sequoia and Safari 18.1.1 can lead to execution of arbitrary code. Apple indicates that active exploits of these vulnerabilities have been taking place on Intel-bas...

Vulnerability fixed in Trend Micro Deep Security

Trend Micro has fixed a vulnerability in Trend Micro Deep Security. The vulnerability is in the Trend Micro Deep Security 20 Agent and allows malicious actors with legitimate domain access to elevate privileges and potentially execute arbitrary code. Trend Micro has released updates to fix the...

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has actively fixed exploited vulnerabilities in PAN-OS. UPDATE Public PoC has now appeared to exploit CVE-2024-0012. The vulnerability with attribute CVE-2024-0012 allows a malicious person with access to the management web interface to gain administrator privileges. Through th...

Vulnerability fixed in GitHub CLI

GitHub has fixed a vulnerability in GitHub CLI Specifically for versions 2.6.1 and earlier. The vulnerability is in how GitHub CLI manages SSH connection details. This could allow malicious actors to execute arbitrary code on the user's workstation when connecting to a malicious Codespace SSH...

Vulnerabilities fixed in VMware vCenter Server

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, possibly even to root and execute arbitrary code on the system. VMware reports in an update to its original security advisory that exploits have been...

Vulnerability fixed in Oracle Agile PLM Framework

Oracle has fixed a vulnerability in version 9.3.6 of the Agile PLM Framework. The vulnerability allows unauthenticated attackers with network access to gain access to sensitive data. Oracle has released an out-of-band update to fix the vulnerability. See attached references for more information...

Vulnerabilities fixed in Siemens Tecnomatix Plant Simulation

Siemens has fixed vulnerabilities in Tecnomatix Plant Simulation. The vulnerabilities are in how Tecnomatix Plant Simulation processes specially crafted WRL files. These vulnerabilities include out-of-bounds writes, use-after-free and stack-based overflows, all of which can be exploited by...

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Specifically for versions 24.7.3, 25.11 and earlier. The vulnerability is in the way Adobe Photoshop handles certain files. A malicious party could exploit this vulnerability by tricking a user into opening a malicious file, which could lead to the...

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign desktop applications Specifically for versions ID18.5.3, ID19.5 and earlier. The vulnerabilities are in the way the InDesign desktop applications handle specially crafted files. This can lead to a heap-based buffer overflow, which allows an attacker to...

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.1 and earlier. The vulnerabilities in Adobe Illustrator allow attackers to read sensitive data, execute arbitrary code and can lead to a Denial-of-Service. These vulnerabilities require users to open a specifically crafted malicio...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...

Vulnerability discovered in Fortinet FortiManager

UPDATE Public proof of concept PoC code for the vulnerability is available. It applies to FortiManager variants that have not yet been patched. Also, researchers have discovered that Fortinet's patch did not fix the full chain of exploitation. Thus, it is still possible to execute code on a patch...

Vulnerability fixed in Schneider Electric Ecostruxture

Schneider Electric has fixed a vulnerability in the Ecostruxture Gateway. A malicious party could exploit the vulnerability to take over the gateway to gain access to the Ecostruxture landscape in use. For successful abuse, the malicious party must have access to the production environment. It is...

Vulnerabilities fixed in Fortinet FortiClient

Fortinet has fixed vulnerabilities in FortiClient for Windows and macOS. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary commands on the system. Fortinet has released updates to fix the vulnerabilities. See attached references for...

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. A malicious party can exploit the vulnerabilities to bypass security measures to route traffic to and through the system that is not initially authorized, or cause a denial-of-service. Palo Alto has released updates to address the...

Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway

Cirtix has fixed a number of vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Increased user privileges Citrix has released updates to...

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS Cross-Site Scripting XSS. Increased user privileges Remote code execution User...

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - SQL Injection - Circumvention of security measure - Execution of arbitrary code on the server Ivanti has released...

Vulnerabilities fixed in Citrix Session Recording

Citrix fixed vulnerabilities in Citrix Session Recording A malicious person with limited privileges could exploit the vulnerabilities to gain access to service accounts and execute arbitrary code on the server. Researchers have published Proof-of-Concept code demonstrating the vulnerability with...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass a security measure and execute arbitrary code with user privileges, potentially gaining access to sensitive data in the victim's context. For successful abuse, the malicio...

Vulnerability fixed in Microsoft Exchange Server

Microsoft has fixed a vulnerability in Exchange Server. The vulnerability is in the way Exchange Server handles P2 FROM headers that do not conform to RFC. A malicious party could exploit the vulnerability to impersonate another user and send emails in the victim's name. Although the server itsel...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious person could exploit the vulnerabilities to execute arbitrary SQL code on the database environment. With the exception of the vulnerabilities marked CVE-2024-49021 and CVE-2024-49043, the vulnerabilities are in the SQL Native Client...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges within the vulnerable components. The most serious vulnerability is in CycleCloud and has been assigned attribute CVE-2024-43602. CycleClou...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in .NET and Visual Studio. A malicious person could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges or execute arbitrary code with application privileges. The most serious vulnerability has been assigned attribute...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code User Rights - Execution of arbitrary code System Rights - Obtaining...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Mendix, RUGGEDCOM, SCALANCE, SIMATIC and SINEC. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Cross-Site Scripting XSS. -...

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco fixed vulnerabilities in Identity Services Engine ISE The vulnerabilities are located in the management interface and allow a malicious person to perform a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive...

Vulnerabilities fixed in Aruba Networks ArubaOS

Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the underlying operating system. For successful abuse, the malicious party must have access to the management interface, or command-line. It is good practice n...

Vulnerability fixed in Cisco Catalyst access points

Cisco has fixed a vulnerability in the Unified Industrial Wireless Software for Catalyst Heavy Duty Access Points. A malicious party could exploit the vulnerability to execute arbitrary commands on the underlying operating system without prior authentication. The vulnerability is located in the...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit the...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Circumvention of security measu...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious party can exploit the most serious vulnerability CVE-2024-10487 to execute arbitrary code on the system on which the browser is installed via an out-of-bounds write. To do this, the victim only needs to visit an infected website or website...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Circumvention of security measure Apple...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site-Scripting XSS. Denial-of-Service DoS. Access to sensitive data Mozilla has released updates to fix t...

Vulnerabilities fixed in Cisco Adaptive Security Appliance and Firepower Threat Defense

Cisco has fixed vulnerabilities in Adaptive Security Appliance ASA and Firepower Threat Defense FTD. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service on the system, disrupting the underlying service, bypassing implemented security measures to enable unauthorized...

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in E-Business Suite. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Oracle has released updates to fix the vulnerabilities. See attached references for more information...

Vulnerabilities fixed in SolarWinds Serv-U

SolarWinds has fixed vulnerabilities in Serv-U. A malicious party can exploit the vulnerability with reference CVE-2024-45711 to execute arbitrary code on the underlying system via path-traversal. Successful exploitation requires the malicious party to be authenticated beforehand, and code...

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in MySQL. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to access and potentially manipulate sensitive data in the database. Oracle has released updates to fix the vulnerabilities. See attached references for more information...

Vulnerabilities fixed in Oracle Java

Oracle has fixed vulnerabilities in Java SE and GraalVM. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Execution of arbitrary code User Rights - Access to sensitive data...

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed vulnerabilities in Analytics products. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service - Manipulation of data - Execution of arbitrary code User Rights - Execution of arbitrary code...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Fusion Middleware components, such as WebLogic Server, WebCenter and HTTP Server. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Execution...