4179 matches found
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in Financial Services Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: - Cross-Site-Scripting XSS. - Denial-of-Service DoS. - Manipulation of data - Execution of arbitrary...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in Enterprise Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code User privileges - Execution of arbitrary code Administrator...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed vulnerabilities in several Communications products and systems. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Execution of arbitrary code User Rights -...
Vulnerabilities fixed in Oracle Commerce
Oracle has fixed vulnerabilities in Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code User privileges - Executio...
Vulnerabilities fixed in Oracle Peoplesoft
Oracle has fixed vulnerabilities in Peoplesoft. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service DoS, or to access and potentially manipulate personal sensitive data in the database. Oracle has released updates to fix the vulnerabilities. See attached references fo...
Vulnerabilities fixed in Oracle Database products
Oracle has fixed vulnerabilities in several Database products and subsystems, including the Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer and Secure Backup. A malicious party can exploit the vulnerabilities to launch attacks that can lead to t...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in Solarwinds Platform. An authenticated malicious person could exploit the vulnerabilities to launch a Cross-Site Scripting attack or locally increase permissions. Solarwinds has released updates to fix the vulnerabilities in Solarwinds Platform 2024.4. See...
Vulnerability fixed in Solarwinds Web Helpdesk
Solarwinds has fixed a vulnerability in Web Helpdesk. An unauthenticated malicious person could exploit the vulnerability to execute deserialization code on the system without authentication using Java. Solarwinds developers have released a hotfix to fix the vulnerability. See attached references...
Vulnerabilities fixed in Splunk Enterprise
Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or execute arbitrary code in the context of the application. For successful abuse, the malicious party must be authenticated prior. Splunk has released...
Vulnerabilities fixed in Moxa systems
Moxa has fixed vulnerabilities in several network components. A malicious party could exploit the vulnerabilities to modify configurations and execute arbitrary code on the vulnerable system. Moxa has released updates to fix the vulnerabilities. See attached references for more information...
Fixed vulnerabilities in several Veeam products.
Veeam has fixed vulnerabilities in several products, including Backup & Replication, ONE, Service Provider Console and Agent. UPDATE: POC code is now available online and CVE-2024-40711 has recently been actively abused to roll out ransomware. A malicious party can exploit the vulnerabilities to...
Vulnerabilities fixed in Gitlab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data, or execute code in the context of another user, potentially including users with administrator...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed a vulnerability in Connect Secure and Policy Secure. UPDATE: POC code is now available online for this vulnerability. An authenticated malicious person with access to the admin portal of Connect Secure or Policy Secure can exploit the vulnerability to execute code remotely. Ivant...
Vulnerabilities fixed in Zimbra
Synacor has fixed vulnerabilities in Zimbra Collaboration. By sending a specially prepared e-mail to the SMTP server, code execution can be obtained directly on the Zimbra server that can be used, for example, to place a webshell. Researchers have published Proof-of-Concept code that demonstrates...
Vulnerabilities fixed in Palo Alto Expedition
Palo Alto has fixed vulnerabilities in Expedition. A malicious party could exploit the vulnerabilities to remotely execute arbitrary code, without prior authentication, on the system running Expedition, potentially obtaining login credentials and API keys. Expedition is a migration tool to conver...
Vulnerabilities fixed in Juniper JunOS and JunOS Evolved
Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service by sending malformed BGP traffic. Juniper has made updates available to fix the vulnerabilities. See attached references for more information...
Vulnerability fixed in Mozilla Firefox
Mozilla has fixed a vulnerability in Firefox. A malicious party could exploit the vulnerability to execute arbitrary code. According to Mozilla, there have been signs of active misuse. Mozilla has released updates to fix the vulnerabilities in Firefox 131.0, Firefox ESR 115.16 and 128.3. For more...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Commerce and Magento. The vulnerabilities allow a malicious person to launch attacks that result in the following categories of damage: Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Remote code executi...
Vulnerability fixed in Ivanti Endpoint Manager Mobile
Ivanti has fixed a vulnerability in Endpoint Manager Mobile. A locally authenticated malicious party could exploit the vulnerability to obtain read and write permissions to sensitive configuration files. Ivanti has released updates to fix the vulnerability in Endpoint Manager Mobile. See the...
Vulnerabilities fixed in Ivanti Avalanche
Ivanti has fixed vulnerabilities in Avalanche. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Accessing sensitive data Ivanti has release...
Vulnerabilities fixed in Ivanti Cloud Services Appliance
Ivanti has fixed three vulnerabilities in Cloud Services Appliance. An authenticated malicious person who already has admin rights can exploit the vulnerabilities to remotely execute code and SQL statements, or bypass restrictions through path traversal. Ivanti reports that users of version 4.6...
Vulnerabilities fixed in Microsoft System Center
Microsoft has fixed vulnerabilities in System Center. A malicious person could exploit the vulnerabilities to impersonate another user, or execute arbitrary code with administrator privileges. To successfully achieve code execution, the malicious party must have LAN access to the system on which...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office components. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data in the victim's context. Successful exploitation requires the malicious party to tric...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person could exploit the vulnerabilities to cause a Denial-of-Service, grant themselves elevated privileges or execute arbitrary code with the victim's privileges. Successful exploitation requires the malicious party to...
Vulnerabilities fixed in Microsoft SQL Server Power BI Report Server
Microsoft fixed vulnerabilities in SQL Server Power BI Report Server A malicious party could exploit the vulnerabilities to impersonate another user and execute arbitrary code under their context, possibly with administrator privileges. Successful exploitation requires the malicious party to have...
Vulnerabilities fixed in Microsoft Azure components
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges or execute code with administrator privileges. Azure Monitor: |----------------|------|-------------------------------------| | CVE ID | CVS...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the categories of damage listed below. The most serious vulnerability has been assigned attribute CVE-2024-38124 and is located in the NETLOGON functionality...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung mobile devices in Samsung Mobile. A malicious person could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges or execute arbitrary code. The most serious...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Questa/ModelSIM, RUGGEDCOM, SENTRON, SIMATIC, SINEC, Tecnomatix and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. VoieOver does not appear to handle sensitive data correctly, making it possible to use VoiceOver to have recently stored passwords read aloud. Apple has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Draytek Vigor routers
Draytek has fixed vulnerabilities in several types of Vigor series routers. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or perform a Cross-Site-Scripting attack, potentially gaining access to sensitive data or executing arbitrary code in the context of the...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to bypass security measures in the victim's context and potentially execute arbitrary code or access sensitive data in the browser context. Mozilla has released updates to fix the...
Vulnerabilities discovered in CUPS
Recently, a researcher discovered a number of vulnerabilities in CUPS that could lead to Remote Code Execution. These have been disclosed as "9.9 RCE affecting all GNU/Unix systems." Through a concatenation of the four vulnerabilities, a malicious person can execute arbitrary code within the...
Vulnerabilities fixed in Foxit PDF Editor and PDF Reader
Foxit has fixed vulnerabilities in PDF Editor and PDF Reader. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code in the context of the application, potentially gaining access to sensitive data. Successful exploitation requires t...
Vulnerabilities fixed in Aruba Networks ArubaOS
Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the vulnerable system without prior authentication. For successful abuse, the malicious party must have access to the PAPI port udp 8211. It is good practice n...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS - Denial-of-Service DoS. - Manipulation of data - Circumvention of security measure - Access to...
Vulnerabilities fixed in Apple macOS
Apple fixed vulnerabilities in macOS A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of security measure - Access to sensitive data - Access to system data Fo...
Vulnerability fixed in pgAdmin
pgAdmin has fixed a vulnerability in pgAdmin 8.11. A malicious party could exploit the vulnerability to gain access to sensitive data. pgAdmin has released an update to fix the vulnerability. See attached references for more information...
Vulnerabilities fixed in Ivanti Cloud Services Appliance
Ivanti has fixed vulnerabilities in Cloud Services Appliance v 4.6. A malicious party could exploit the vulnerabilities to execute a command-injection via path-traversal, allowing the system to be operated and possibly taken over without prior authentication. Ivanti says it has information that t...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP, Business Warehouse, NetWeaver, HANA, Business Objects and Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Bypassing...
Vulnerabilities fixed in Docker Desktop
Vulnerabilities have been fixed in Docker Desktop. A malicious party can exploit the vulnerabilities to execute arbitrary code in the context of the Desktop application. Since the Docker Desktop is mostly used by developers, it cannot be ruled out that the execution of arbitrary code can take pla...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges...
Vulnerability fixed in Rockwell Automation FactoryTalk View Site
Rockwell Automation has fixed a vulnerability in FactoryTalk View Site. A malicious party could exploit the vulnerability to execute arbitrary code in the application, in the victim's context, using a Cross-Site Scripting attack. For successful exploitation, the malicious party must have access t...
Vulnerability fixed in Rockwell Automation ThinManager
Rockwell Automation has fixed a vulnerability in ThinManager. A malicious party could exploit the vulnerability to install software on the vulnerable system to execute arbitrary code. Rockwell Automation has released updates to fix the vulnerability. See attached references for more information...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to grant themselves elevated privileges and perform actions in the context of another user, potentially including users with...
Vulnerabilities fixed in Citrix Workspace App for Windows
Citrix has fixed vulnerabilities in the Citrix Workspace App for Windows. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and potentially execute code with SYSTEM privileges. Citrix has released updates to fix the vulnerabilities. See attached...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in IOS XR. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or execute arbitrary code on the vulnerable system. To cause a Denial-of-Service, the malicious party does not need prior authentication. To execute arbitrary code, the...
Vulnerabilities fixed in Solarwinds Access Rights Manager
Solarwinds has fixed vulnerabilities in Access Rights Manager. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. Solarwinds has released updates to fix the vulnerabilities. See attached references f...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to launch attacks that result in the following categories of damage: - Denial-of-Service DoS - Remote code execution User rights - Access to system data Adobe has released updates to fix the...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to potentially execute code within the application, or to conduct a Cross-Site Scripting attack. Such an attack could result in execution of code in the...