4197 matches found
Vulnerabilities discovered in CUPS
Recently, a researcher discovered a number of vulnerabilities in CUPS that could lead to Remote Code Execution. These have been disclosed as "9.9 RCE affecting all GNU/Unix systems." Through a concatenation of the four vulnerabilities, a malicious person can execute arbitrary code within the...
Vulnerabilities fixed in Foxit PDF Editor and PDF Reader
Foxit has fixed vulnerabilities in PDF Editor and PDF Reader. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code in the context of the application, potentially gaining access to sensitive data. Successful exploitation requires t...
Vulnerabilities fixed in Aruba Networks ArubaOS
Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the vulnerable system without prior authentication. For successful abuse, the malicious party must have access to the PAPI port udp 8211. It is good practice n...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS - Denial-of-Service DoS. - Manipulation of data - Circumvention of security measure - Access to...
Vulnerabilities fixed in Apple macOS
Apple fixed vulnerabilities in macOS A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of security measure - Access to sensitive data - Access to system data Fo...
Vulnerability fixed in pgAdmin
pgAdmin has fixed a vulnerability in pgAdmin 8.11. A malicious party could exploit the vulnerability to gain access to sensitive data. pgAdmin has released an update to fix the vulnerability. See attached references for more information...
Vulnerabilities fixed in Ivanti Cloud Services Appliance
Ivanti has fixed vulnerabilities in Cloud Services Appliance v 4.6. A malicious party could exploit the vulnerabilities to execute a command-injection via path-traversal, allowing the system to be operated and possibly taken over without prior authentication. Ivanti says it has information that t...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP, Business Warehouse, NetWeaver, HANA, Business Objects and Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Bypassing...
Vulnerabilities fixed in Docker Desktop
Vulnerabilities have been fixed in Docker Desktop. A malicious party can exploit the vulnerabilities to execute arbitrary code in the context of the Desktop application. Since the Docker Desktop is mostly used by developers, it cannot be ruled out that the execution of arbitrary code can take pla...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges...
Vulnerability fixed in Rockwell Automation FactoryTalk View Site
Rockwell Automation has fixed a vulnerability in FactoryTalk View Site. A malicious party could exploit the vulnerability to execute arbitrary code in the application, in the victim's context, using a Cross-Site Scripting attack. For successful exploitation, the malicious party must have access t...
Vulnerability fixed in Rockwell Automation ThinManager
Rockwell Automation has fixed a vulnerability in ThinManager. A malicious party could exploit the vulnerability to install software on the vulnerable system to execute arbitrary code. Rockwell Automation has released updates to fix the vulnerability. See attached references for more information...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to grant themselves elevated privileges and perform actions in the context of another user, potentially including users with...
Vulnerabilities fixed in Citrix Workspace App for Windows
Citrix has fixed vulnerabilities in the Citrix Workspace App for Windows. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and potentially execute code with SYSTEM privileges. Citrix has released updates to fix the vulnerabilities. See attached...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in IOS XR. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or execute arbitrary code on the vulnerable system. To cause a Denial-of-Service, the malicious party does not need prior authentication. To execute arbitrary code, the...
Vulnerabilities fixed in Solarwinds Access Rights Manager
Solarwinds has fixed vulnerabilities in Access Rights Manager. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. Solarwinds has released updates to fix the vulnerabilities. See attached references f...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to launch attacks that result in the following categories of damage: - Denial-of-Service DoS - Remote code execution User rights - Access to system data Adobe has released updates to fix the...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to potentially execute code within the application, or to conduct a Cross-Site Scripting attack. Such an attack could result in execution of code in the...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data and potentially execute commands with Administrator privileges. Abuse is not easy and requires prior authentication a...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges, access sensitive data or execute code with potentially SYSTEM privileges. Successful exploitation of the...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. Most of the vulnerabilities are in SQL Native Scoring and allow a malicious person to assign themselves elevated privileges, access sensitive data and execute arbitrary code within the SQL Server. Successful exploitation requires the malicious...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data. The most serious vulnerability h...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK and Tecnomatix. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of dat...
Vulnerability fixed in Sonicwall SonicOS
Sonicwall has fixed a vulnerability in SonicOS for Gen5, Gen6 and Gen7 firewalls. The vulnerability is located in the management interface and SSLVPN and allows a malicious party to cause a Denial-of-Service and potentially access and modify system data. The NCSC is receiving signals from trusted...
Vulnerabilities fixed in QNAP QTS and QTS Hero
QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data or execute arbitrary OS commands. For successful abuse, the malicious party must already have prior authentication. QNAP has...
Vulnerability fixed in Kemp LoadMaster
Kemp Technologies has fixed a vulnerability in Kemp LoadMaster and Progress LoadMaster. A malicious party could exploit the vulnerability to execute arbitrary commands on the vulnerable system without prior authentication via specially prepared HTTP calls. For successful abuse, the malicious part...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...
Vulnerability fixed in Ivanti Virtual Traffic Manager
Ivanti has fixed a vulnerability in Virtual Traffic Manager. A malicious person could exploit the vulnerability to bypass authentication on the management interface and create an adminiatrator account, which could be used to take over the system completely. For successful abuse, the malicious par...
Vulnerabilities fixed in Zyxel Flex and USG Firewalls
Zyxel has fixed vulnerabilities in the firmware of ATP and USG Flex firewalls. A malicious party can exploit the vulnerabilities to cause a denial-of-service, possibly unpatched execute a limited set of commands on the vulnerable system, or execute arbitrary code in the victim's browser through a...
Vulnerability fixed in Zyxel Access Points and Secure Routers
Zyxel has fixed a vulnerability in several types of Access Points and Secure Routers. The vulnerability is in the way the cgi system processes the 'host' parameter and allows a malicious person to execute OS-level commands. For successful exploitation, the malicious party must have access to the...
Vulnerabilities fixed in Progress WhatsUp Gold
Progress has fixed vulnerabilities in WhatsUp Gold. A malicious party can exploit the vulnerabilities to retrieve or change the password of the application user in a Single User installation, or in a Multi User installation to change the password of a user with elevated privileges through an...
Vulnerabilities fixed in Progress WS_FTP server
Progress has fixed vulnerabilities in WSFTP server. A malicious party can exploit the vulnerabilities to bypass two-factor authentication, which allows it to log in with just username and password. Also, through directory traversal, the malicious party may be able to gain access to files that the...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Circumvention of security measure - Manipulating data -...
Vulnerabilities fixed in Google Chrome, Chromium & Microsoft Edge
Google has fixed vulnerabilities in Chrome and Chromium. A malicious party could exploit the vulnerabilities to cause a denial-of-service or execute code in the victim's browser, potentially gaining access to sensitive data in the context of the victim's browser. Google reports receiving reports...
Vulnerabilities fixed in Solarwinds Web Helpdesk
Solarwinds fixed vulnerabilities in Web Helpdesk A malicious party can exploit the vulnerabilities to execute code on the system using Java deserialization. A malicious party can also use hardcoded credentials to gain access to data and functionality. Solarwinds developers have released a hotfix ...
Vulnerabilities fixed in GitHub Enterprise Server
GitHub has fixed vulnerabilities in the Enterprise Server. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Also, under certain, unspecified conditions, a malicious party can use rogue SAML traffic to gain access to any account, including...
Vulnerability fixed in Kubernetes
A vulnerability has been fixed in Kubernetes. The vulnerability is in the ingress-nginx module and allows a malicious person with permissions to create ingress objects to bypass a security measure to execute arbitrary code with permissions from the ingress-nginx controller. In a standard...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Commerce and Magento. A malicious person could exploit the vulnerabilities to bypass security measures, grant themselves elevated privileges and execute arbitrary code with application privileges. Adobe has made updates available to fix the vulnerabilities. See...
Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges and gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogu...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victi...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A malicious party could exploit the vulnerability to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with user privileges and potentially obtain sensitive data. Successful exploitation requires the malicious party to trick the victim into openin...
Vulnerabilities fixed in Ivanti Avalanche
Ivanti has fixed vulnerabilities in Avalanche. A malicious party could exploit the vulnerabilities to cause a denial-of-service, access sensitive data and potentially execute arbitrary code on the system. To successfully achieve code execution, the malicious party must have elevated privileges...
Vulnerabilities fixed in Ivanti Neurons for ITSM
Ivanti has fixed vulnerabilities in Neurons for ITSM. A malicious party could exploit the vulnerabilities to obtain login credentials to gain access to the vulnerable system. Ivanti has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Microsoft Mariner
Microsoft has fixed vulnerabilities in Mariner Azure Linux. The vulnerabilities concern older vulnerabilities in various subcomponents of the distro, such as Python, Emacs, Qemu, Django, Curl, wget etc. which have been fixed in the new version. Microsoft has made updates available that fix the...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to impersonate another user, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data in the victim's context. Successful exploitation require...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in two Developer tools. Successful exploitation requires the malicious party to trick the victim into opening and processing a rogue file. Azure IoT SDK: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Azure components
Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges or impersonate another user. For successful abuse, the malicious party needs prior access to the vulnerable environment, or the malicious part...