4197 matches found
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in various products such as SAP Business Objects, SAP HANA, Netweaver and Document Builder. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Server Side Request Forgery SSRF. - Cross-Site...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of...
Vulnerabilities fixed in Zabbix
Vulnerabilities have been fixed in Zabbix. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data, or potentially execute arbitrary code with application privileges. To execute arbitrary code, the malicious party needs prior elevated...
Vulnerability fixed in Asterisk
A vulnerability has been fixed in Asterisk. A malicious person could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code with application privileges. For successful abuse, the malicious party must have prior authentication. The researcher who discovered th...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, or to bypass security measures to gain access to projects that the malicious party is not initially authorized to access. GitL...
Vulnerabilities fixed in IBM InfoSphere
IBM has fixed vulnerabilities in InfoSphere Information Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to obtain sensitive information. IBM has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Cisco Small Business IP Phones
Cisco has fixed vulnerabilities in the firmware of Small Business IP Phone systems. A malicious party could exploit the vulnerabilities to execute arbitrary code on the vulnerable system without prior authentication. For successful exploitation, the malicious party must have access to the...
Vulnerabilities fixed in Progress WhatsUp Gold
Progress has fixed vulnerabilities in WhatsUp Gold. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, or execute arbitrary code, possibly with system privileges. By exploiting various vulnerabilities in chain, this can make it possible for the malicious party to take...
Vulnerabilities fixed in RoundCube Webmail
Vulnerabilities have been fixed in RoundCube Webmail. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser...
Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS
Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the vulnerable system. Successful exploitation requires the malicious party to have access to the PAPI port, or the SSH...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to bypass security measures in the victim's context and potentially execute arbitrary code or access sensitive data in the browser context. Successful exploitation requires the...
Vulnerabilities fixed in Siemens Omnivise
Siemens Energy has fixed vulnerabilities in Omnivise T3000. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges on the vulnerable system and thus execute arbitrary code, possibly with system privileges. For successful abuse, the malicious party must be...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or grant themselves elevated privileges on the device and thus execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful...
Vulnerabilities fixed in VMware ESXi and vCenter Server
VMware has fixed vulnerabilities in ESXi and vCenter Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service on the host, or to grant itself elevated privileges to perform actions that the malicious party is not initially authorized to perform. This does require the...
Vulnerability fixed in Progress MOVEit Transfer
Progress has fixed a vulnerability in MOVEit Transfer SFTP A malicious party can exploit the vulnerability to grant themselves elevated privileges, potentially gaining access to files that the malicious party is not initially authorized to access. Progress has released updates to fix the...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious person could exploit the vulnerabilities to bypass a security measure, grant themselves elevated privileges, access sensitive data, execute arbitrary code, possibly with kernel privileges or cause a Denial-of-Service. Successful abuse requires...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party could exploit the vulnerabilities to launch attacks that could lead to a denial-of-service, access to system data or access to sensitive data. To access sensitive data, the malicious party must have physical access to the...
Vulnerabilities fixed in Docker Moby
A vulnerability has been fixed in Docker Moby. The vulnerability allows a malicious party to increase privileges via an API request by bypassing a security measure. This vulnerability is only exploitable when using an AuthZ plugin to manage access rights. The Docker team has released an update to...
Vulnerability found in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution User rights Remote code execution...
Vulnerability fixed in Broadcom Symantec Privileged Access Management
Broadcom has fixed vulnerabilities in Broadcom Symantec Privileged Access Management. A malicious person could exploit the vulnerabilities to execute arbitrary code on the system or manipulate the operation of the system. The vulnerabilities with characteristics CVE-2024-36455, CVE-2024-36456 and...
Vulnerability fixed in Cisco Smart Software Manager On-Prem
Cisco has fixed a vulnerability in Cisco SSM On-Prem formerly known as Cisco Smart Software Manager Satellite SSM Satellite. The vulnerability allows an unauthenticated malicious person with access to Cisco Smart Software Manager On-Prem to change users' passwords by sending an HTTP request. If...
Vulnerabilities fixed in Apache HTTP Server
Two vulnerabilities have been fixed in Apache HTTP server 2.4. The first vulnerability CVE-2024-40725 can lead to source code leakage when files are accessed indirectly. The second vulnerability CVE-2024-40898 involves a Server Side Request Forgery SSRF that can be abused by a malicious person to...
Vulnerability fixed in HPE 3PAR Service Processor
A vulnerability has been fixed in HPE 3PAR Service Processor. An unauthenticated malicious person with access to the local network can exploit the vulnerability to bypass authentication. HPE has made an update available to fix the vulnerabilities. See the reference for more information...
Vulnerabilities fixed in Solarwinds Platform
Vulnerabilities have been fixed in SolarWinds Access Rights Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to system data Access to sensitive data Manipulation of data Circumvention of security measure Remot...
Vulnerabilities fixed in Cisco Secure Email Gateway
Two vulnerabilities have been fixed in Cisco Secure Email Gateway. The most serious vulnerability concerns CVE-2024-20401 and allows an unauthenticated malicious person, through sending a mail with specially prepared attachment: Add users with root privileges Modify the configuration of the devic...
Vulnerability fixed in SonicOS
A vulnerability has been fixed in SonicWall SonicOS IPSec. The vulnerability in SonicWall SonicOS IPSec allows an unauthenticated remote malicious person to cause Denial of Service DoS. SonicWall has made available a workaround and patch to fix the vulnerability. See the reference for more...
Vulnerability found in Ivanti Endpoint Manager
A vulnerability has been found in Ivanti Endpoint Manager EPM 2024. Other versions of Ivanti Endpoint Manager are not known to be vulnerable. The vulnerability allows an authenticated attacker who is on the same network to execute arbitrary code via SQL injection. Ivanti has no indication that th...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle Virtualization. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Remote code execution User rights Oracle has made updates available to...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has made updates available to fix the vulnerabilities. See the...
Vulnerabilities fixed in Oracle Supply Chain
Vulnerabilities have been fixed in Oracle Supply Chain. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User righ...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User rights...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...
Vulnerability fixed in Oracle Hyperion
A vulnerability has been fixed in Oracle Hyperion. A malicious party could exploit the vulnerability to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Oracle has made updates available to fix the vulnerabilities. See the references for more...
Vulnerabilities fixed in Oracle Analytics
Vulnerabilities have been fixed in Oracle Analytics. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User right...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution Us...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remo...
Vulnerabilities fixed in Oracle Enterprise Manager
Vulnerabilities have been fixed in Oracle Enterprise Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to sensitive data. Access to system data Manipulation of data Oracle has made updates available to fix the...
Vulnerabilities fixed in Oracle Communications
Vulnerabilities have been fixed in Oracle Communications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data...
Vulnerabilities fixed in Oracle Essbase
Vulnerabilities have been fixed in Oracle Essbase. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Increased user privileges Oracle has made updates available to fix the vulnerabilities. See the...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server. A malicious party can exploit the vulnerabilities to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Manipulation of data Circumvention of security measure Oracle ha...
Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved
Vulnerabilities have been found and fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to carry out attacks that can lead to denial-of-service DoS, access to sensitive information, execution of code with increased user privileges and bypassing a security...
Vulnerabilities fixed in Citrix Workspace, NetScaler ADC and NetScaler Gateway
Cirtix has fixed a number of vulnerabilities in Workspace, NetScaler ADC and NetScaler Gateway A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Increased user privileges Citrix has...
Vulnerability fixed in GitLab CE/EE
GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...
Vulnerabilities fixed in Fortinet
Fortinet has fixed a number of vulnerabilities in FortiAIOps, Fortinet FortiPortal, FortiWeb and Fortinet FortiExtender. The most serious vulnerabilities are CVE-2024-23663, CVE-2024-27782 and CVE-2024-27784. Which are in Fortinet FortiExtender and FortiAIOps. Fortinet FortiExtender: Fortinet...
Vulnerability fixed in Microsoft System Center Defender for IoT
Microsoft has fixed a vulnerability in Defender for IoT. A malicious party can exploit the vulnerability to break out of the AppContainer for IoT devices and potentially execute arbitrary code on the system where the AppContainer is implemented. Microsoft Defender for IoT:...