4197 matches found
Vulnerability fixed in Splunk Enterprise
Splunk has fixed a vulnerability in Splunk Enterprise and Splunk Secure Gateway. The vulnerability is in specific versions of Splunk Enterprise and Splunk Secure Gateway, allowing low-privileged users to remotely execute code without needing admin rights. Splunk has released updates to fix the...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed vulnerabilities in Adobe Connect Versions 12.6, 11.4.7 and earlier. The vulnerabilities include both stored and reflected Cross-Site Scripting XSS that allow attackers to insert and execute malicious scripts in users' browsers. This can lead to unauthorized actions in the context ...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed several vulnerabilities in Acrobat Reader including versions up to and including 24.005.20307. The vulnerabilities include a Use After Free vulnerability that can lead to arbitrary code execution and denial-of-service. All vulnerabilities require user interaction for exploitation,...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Versions 29.0.0, 28.7.2 and earlier. The vulnerabilities are in the way Adobe Illustrator handles specially crafted files. The first vulnerability allows attackers to execute arbitrary code when a user opens a malicious file, which can lead to...
Vulnerability fixed in Adobe After Effects
Adobe has fixed a vulnerability in Adobe After Effects Specifically for versions 24.6.2, 25.0.1 and earlier. The vulnerability is in the way Adobe After Effects handles files. When a user opens a maliciously crafted file, it can cause a buffer overflow, which can result in the execution of...
Vulnerabilities fixed in Animate
Animate fixed vulnerabilities in versions 23.0.8, 24.0.5 and earlier. The vulnerabilities in the Animate software can lead to arbitrarily code execution. These vulnerabilities require user interaction, specifically by opening a malicious file. The vulnerability could allow an attacker to execute...
Vulnerabilities fixed in Adobe InDesign Desktop
Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID19.5, ID18.5.4 and earlier. The vulnerabilities include stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read, all of which can lead to code execution when a user opens a malicious file. Thes...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Desktop Versions 26.0 and earlier. The vulnerability is in how Photoshop handles memory management, specifically a Use After Free error. This vulnerability allows an attacker to execute arbitrary code, but requires user interaction such as opening a...
Vulnerability fixed in Adobe Premiere Pro
Adobe has fixed a vulnerability in Premiere Pro Specifically for versions 25.0, 24.6.3 and earlier. The vulnerability is in the way Premiere Pro handles files, leading to a heap-based buffer overflow. This can allow a malicious party to execute arbitrary code when a user opens a maliciously craft...
Vulnerability fixed in Adobe Framemaker
Adobe has fixed a vulnerability in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerability is in the way Adobe Framemaker handles files. A malicious party can exploit this vulnerability by creating a malicious file and allowing it to be opened, which can lead to...
Vulnerabilities fixed in Drupal Core
Drupal has fixed vulnerabilities in Drupal Core Specifically for versions 7.0 to 7.102, 8.0.0 to before 10.2.11, 10.3.0 to before 10.3.9, and 11.0.0 to before 11.0.8. The vulnerabilities in Drupal Core are related to privilege escalation and deserialization of untrusted data, which can lead to...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as COMOS, RUGGEDCOM, SENTRON, SICAM, SIMATIC and TeamCenter. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Cross-Site Scriptin...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in SAP NetWeaver, ABAP, Web Dispatcher, Business Objects, HCM and Commerce Cloud. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Server-Side Request Forgery SSRF. ...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and potentially gain access to sensitive information in the victim's context. Successful...
Vulnerabilities fixed in Qlik Sense Enterprise for Windows
Qlik has fixed vulnerabilities in Qlik Sense Enterprise for Windows for versions before November 2024 IR. The vulnerabilities are in the way Qlik Sense Enterprise handles network access for non-privileged users. These users can create connection objects that can execute arbitrary EXE files, leadi...
Vulnerabilities fixed in Mitel MiCollab
Mitel has fixed vulnerabilities in Mitel MiCollab Specifically the Unified Messaging and Conferencing components. The vulnerabilities are in the way Mitel MiCollab components handle user input. An attacker can exploit these vulnerabilities to gain unauthorized access to user data and system...
Vulnerabilities fixed in QNAP operating systems
QNAP has fixed vulnerabilities in several versions of their operating systems, including QTS and QuTS hero. The vulnerabilities include improper authentication, certificate validation issues, incorrect URL encryption, CRLF injection and command injection. These vulnerabilities allowed attackers t...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products such as Jira, Bamboo and Confluence. The vulnerabilities are in several third-party components from developers such as Oracle, RedHat and the Apache consortium. These vulnerabilities can lead to memory exhaustion and denial-of-service DoS du...
Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series
ABB has fixed vulnerabilities in ABB ASPECT, NEXUS Series and MATRIX Series Specifically for versions up to 3.08.02. The vulnerabilities include unauthorized access to files on the Web server, which can lead to data leakage or unauthorized data manipulation. In addition, serious vulnerabilities...
Vulnerabilities fixed in SonicWall SMA100 SSLVPN
SonicWall has fixed vulnerabilities in the SMA100 SSLVPN Specifically for firmware versions 10.2.1.13-72sv and earlier. The vulnerabilities in the SonicWall SMA100 SSLVPN include a heap-based buffer overflow, a stack-based buffer overflow, and a problem with the certificate requirement during...
Vulnerabilities fixed in Veeam Backup & Replication
Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities in Veeam Backup & Replication allow low-privileged users to remotely execute code, extract stored credentials in plain text, launch an agent in server mode, manipulate configurations within the virtual...
Vulnerabilities fixed in Zabbix
Zabbix has fixed vulnerabilities in the Zabbix server and frontend. The vulnerabilities include a stack buffer overflow in the zbxsnmpcachehandleengineid function, which can lead to execution of arbitrary code or a denial of service. In addition, there is an SQL injection vulnerability that allow...
Vulnerabilities fixed in IBM Security Verify Access Appliance
IBM has fixed vulnerabilities in IBM Security Verify Access Appliance Versions 10.0.0 to 10.0.8. The vulnerabilities include an ability for remote authenticated attackers to execute arbitrary commands on the system, privilege escalation for locally authenticated non-administrative users through...
Vulnerability fixed in Zabbix
A vulnerability has been fixed in Zabbix. The vulnerability is in how the CUser class handles the addRelatedObjects function. This could allow non-administrators with API access to perform an SQL injection, which could lead to unauthorized access to sensitive data. The vulnerability could enable...
Vulnerabilities fixed in VMware Aria Operations
VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include local privilege escalation and stored cross-site scripting XSS. Local privilege escalation allows an attacker with local administrative privileges to increase their access to the root user level on the device,...
Vulnerabilities discovered in Veritas Enterprise Vault
Vulnerabilities have been discovered in Veritas Enterprise Vault Specifically for versions earlier than 15.2. The vulnerabilities are in how Veritas Enterprise Vault handles the deserialization of untrusted data sent through a .NET Remoting TCP port. This enables malicious actors to execute...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. Two vulnerabilities in iOS and iPadOS 17.7.2 CVE-2024-44308 & CVE-2024-44309 can lead to execution of arbitrary code. Apple states that active misuse of these vulnerabilities is known. A malicious party can exploit the vulnerabilities in...
Vulnerabilities fixed in Apple macOS and Safari
Apple has fixed several vulnerabilities in macOS and Safari. Two vulnerabilities CVE-2024-44308 & CVE-2024-44309 in present in macOS Sequoia and Safari 18.1.1 can lead to execution of arbitrary code. Apple indicates that active exploits of these vulnerabilities have been taking place on Intel-bas...
Vulnerability fixed in Trend Micro Deep Security
Trend Micro has fixed a vulnerability in Trend Micro Deep Security. The vulnerability is in the Trend Micro Deep Security 20 Agent and allows malicious actors with legitimate domain access to elevate privileges and potentially execute arbitrary code. Trend Micro has released updates to fix the...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto Networks has actively fixed exploited vulnerabilities in PAN-OS. UPDATE Public PoC has now appeared to exploit CVE-2024-0012. The vulnerability with attribute CVE-2024-0012 allows a malicious person with access to the management web interface to gain administrator privileges. Through th...
Vulnerability fixed in GitHub CLI
GitHub has fixed a vulnerability in GitHub CLI Specifically for versions 2.6.1 and earlier. The vulnerability is in how GitHub CLI manages SSH connection details. This could allow malicious actors to execute arbitrary code on the user's workstation when connecting to a malicious Codespace SSH...
Vulnerabilities fixed in VMware vCenter Server
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, possibly even to root and execute arbitrary code on the system. VMware reports in an update to its original security advisory that exploits have been...
Vulnerability fixed in Oracle Agile PLM Framework
Oracle has fixed a vulnerability in version 9.3.6 of the Agile PLM Framework. The vulnerability allows unauthenticated attackers with network access to gain access to sensitive data. Oracle has released an out-of-band update to fix the vulnerability. See attached references for more information...
Vulnerabilities fixed in Siemens Tecnomatix Plant Simulation
Siemens has fixed vulnerabilities in Tecnomatix Plant Simulation. The vulnerabilities are in how Tecnomatix Plant Simulation processes specially crafted WRL files. These vulnerabilities include out-of-bounds writes, use-after-free and stack-based overflows, all of which can be exploited by...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Specifically for versions 24.7.3, 25.11 and earlier. The vulnerability is in the way Adobe Photoshop handles certain files. A malicious party could exploit this vulnerability by tricking a user into opening a malicious file, which could lead to the...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign desktop applications Specifically for versions ID18.5.3, ID19.5 and earlier. The vulnerabilities are in the way the InDesign desktop applications handle specially crafted files. This can lead to a heap-based buffer overflow, which allows an attacker to...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.1 and earlier. The vulnerabilities in Adobe Illustrator allow attackers to read sensitive data, execute arbitrary code and can lead to a Denial-of-Service. These vulnerabilities require users to open a specifically crafted malicio...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...
Vulnerability discovered in Fortinet FortiManager
UPDATE Public proof of concept PoC code for the vulnerability is available. It applies to FortiManager variants that have not yet been patched. Also, researchers have discovered that Fortinet's patch did not fix the full chain of exploitation. Thus, it is still possible to execute code on a patch...
Vulnerability fixed in Schneider Electric Ecostruxture
Schneider Electric has fixed a vulnerability in the Ecostruxture Gateway. A malicious party could exploit the vulnerability to take over the gateway to gain access to the Ecostruxture landscape in use. For successful abuse, the malicious party must have access to the production environment. It is...
Vulnerabilities fixed in Fortinet FortiClient
Fortinet has fixed vulnerabilities in FortiClient for Windows and macOS. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary commands on the system. Fortinet has released updates to fix the vulnerabilities. See attached references for...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. A malicious party can exploit the vulnerabilities to bypass security measures to route traffic to and through the system that is not initially authorized, or cause a denial-of-service. Palo Alto has released updates to address the...
Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway
Cirtix has fixed a number of vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Increased user privileges Citrix has released updates to...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS Cross-Site Scripting XSS. Increased user privileges Remote code execution User...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - SQL Injection - Circumvention of security measure - Execution of arbitrary code on the server Ivanti has released...
Vulnerabilities fixed in Citrix Session Recording
Citrix fixed vulnerabilities in Citrix Session Recording A malicious person with limited privileges could exploit the vulnerabilities to gain access to service accounts and execute arbitrary code on the server. Researchers have published Proof-of-Concept code demonstrating the vulnerability with...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass a security measure and execute arbitrary code with user privileges, potentially gaining access to sensitive data in the victim's context. For successful abuse, the malicio...
Vulnerability fixed in Microsoft Exchange Server
Microsoft has fixed a vulnerability in Exchange Server. The vulnerability is in the way Exchange Server handles P2 FROM headers that do not conform to RFC. A malicious party could exploit the vulnerability to impersonate another user and send emails in the victim's name. Although the server itsel...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. A malicious person could exploit the vulnerabilities to execute arbitrary SQL code on the database environment. With the exception of the vulnerabilities marked CVE-2024-49021 and CVE-2024-49043, the vulnerabilities are in the SQL Native Client...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges within the vulnerable components. The most serious vulnerability is in CycleCloud and has been assigned attribute CVE-2024-43602. CycleClou...