4179 matches found
Vulnerability found in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution User rights Remote code execution...
Vulnerability fixed in Broadcom Symantec Privileged Access Management
Broadcom has fixed vulnerabilities in Broadcom Symantec Privileged Access Management. A malicious person could exploit the vulnerabilities to execute arbitrary code on the system or manipulate the operation of the system. The vulnerabilities with characteristics CVE-2024-36455, CVE-2024-36456 and...
Vulnerability fixed in Cisco Smart Software Manager On-Prem
Cisco has fixed a vulnerability in Cisco SSM On-Prem formerly known as Cisco Smart Software Manager Satellite SSM Satellite. The vulnerability allows an unauthenticated malicious person with access to Cisco Smart Software Manager On-Prem to change users' passwords by sending an HTTP request. If...
Vulnerabilities fixed in Apache HTTP Server
Two vulnerabilities have been fixed in Apache HTTP server 2.4. The first vulnerability CVE-2024-40725 can lead to source code leakage when files are accessed indirectly. The second vulnerability CVE-2024-40898 involves a Server Side Request Forgery SSRF that can be abused by a malicious person to...
Vulnerability fixed in HPE 3PAR Service Processor
A vulnerability has been fixed in HPE 3PAR Service Processor. An unauthenticated malicious person with access to the local network can exploit the vulnerability to bypass authentication. HPE has made an update available to fix the vulnerabilities. See the reference for more information...
Vulnerabilities fixed in Solarwinds Platform
Vulnerabilities have been fixed in SolarWinds Access Rights Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to system data Access to sensitive data Manipulation of data Circumvention of security measure Remot...
Vulnerabilities fixed in Cisco Secure Email Gateway
Two vulnerabilities have been fixed in Cisco Secure Email Gateway. The most serious vulnerability concerns CVE-2024-20401 and allows an unauthenticated malicious person, through sending a mail with specially prepared attachment: Add users with root privileges Modify the configuration of the devic...
Vulnerability fixed in SonicOS
A vulnerability has been fixed in SonicWall SonicOS IPSec. The vulnerability in SonicWall SonicOS IPSec allows an unauthenticated remote malicious person to cause Denial of Service DoS. SonicWall has made available a workaround and patch to fix the vulnerability. See the reference for more...
Vulnerability found in Ivanti Endpoint Manager
A vulnerability has been found in Ivanti Endpoint Manager EPM 2024. Other versions of Ivanti Endpoint Manager are not known to be vulnerable. The vulnerability allows an authenticated attacker who is on the same network to execute arbitrary code via SQL injection. Ivanti has no indication that th...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle Virtualization. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Remote code execution User rights Oracle has made updates available to...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has made updates available to fix the vulnerabilities. See the...
Vulnerabilities fixed in Oracle Supply Chain
Vulnerabilities have been fixed in Oracle Supply Chain. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User righ...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User rights...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...
Vulnerability fixed in Oracle Hyperion
A vulnerability has been fixed in Oracle Hyperion. A malicious party could exploit the vulnerability to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Oracle has made updates available to fix the vulnerabilities. See the references for more...
Vulnerabilities fixed in Oracle Analytics
Vulnerabilities have been fixed in Oracle Analytics. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User right...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution Us...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remo...
Vulnerabilities fixed in Oracle Enterprise Manager
Vulnerabilities have been fixed in Oracle Enterprise Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to sensitive data. Access to system data Manipulation of data Oracle has made updates available to fix the...
Vulnerabilities fixed in Oracle Communications
Vulnerabilities have been fixed in Oracle Communications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data...
Vulnerabilities fixed in Oracle Essbase
Vulnerabilities have been fixed in Oracle Essbase. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Increased user privileges Oracle has made updates available to fix the vulnerabilities. See the...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server. A malicious party can exploit the vulnerabilities to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Manipulation of data Circumvention of security measure Oracle ha...
Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved
Vulnerabilities have been found and fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to carry out attacks that can lead to denial-of-service DoS, access to sensitive information, execution of code with increased user privileges and bypassing a security...
Vulnerabilities fixed in Citrix Workspace, NetScaler ADC and NetScaler Gateway
Cirtix has fixed a number of vulnerabilities in Workspace, NetScaler ADC and NetScaler Gateway A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Increased user privileges Citrix has...
Vulnerability fixed in GitLab CE/EE
GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...
Vulnerabilities fixed in Fortinet
Fortinet has fixed a number of vulnerabilities in FortiAIOps, Fortinet FortiPortal, FortiWeb and Fortinet FortiExtender. The most serious vulnerabilities are CVE-2024-23663, CVE-2024-27782 and CVE-2024-27784. Which are in Fortinet FortiExtender and FortiAIOps. Fortinet FortiExtender: Fortinet...
Vulnerability fixed in Microsoft System Center Defender for IoT
Microsoft has fixed a vulnerability in Defender for IoT. A malicious party can exploit the vulnerability to break out of the AppContainer for IoT devices and potentially execute arbitrary code on the system where the AppContainer is implemented. Microsoft Defender for IoT:...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. The vulnerabilities allow a malicious party to impersonate another user, gain elevated privileges and potentially execute arbitrary code. Some of the vulnerabilities are in development tooling and are not readily accessible to...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office, Sharepoint and Outlook. A malicious party could exploit the vulnerabilities to impersonate another user or execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicio...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to cause a Denial-of-Service. Successful exploitation requires the malicious party to win a race condition. .NET and Visual...
Vulnerabilities fixed in Siemens Products
Siemens has fixed vulnerabilities in various products such as Mendix, RUGGEDOM, SIMATIC, SINEMA, SIPROTEC and the Engineering Platforms for various systems. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...
Vulnerabilities fixed in Microsoft Windows SQL Server
Microsoft has fixed vulnerabilities in Windows SQL Server. The vulnerabilities are in the Native Client of SQL Server and allow a malicious person to execute arbitrary code in the victim's context, potentially gaining access to sensitive data in Database environments to which the victim has acces...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. A malicious party can exploit the vulnerability to gain access to the data the victim is accessing or editing through a Man-in-the-Middle attack. For successful abuse, the malicious party must have prior authentication and be on the...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution Administrator/Root rights - Remote code...
Vulnerability fixed in GeoServer
The developers of GeoServer have fixed a vulnerability. Proof-of-Concept PoC code for this vulnerability has appeared on the Internet. The vulnerability resides in the way XPath expressions are processed by the API and allows a malicious person to use specially prepared XPath expressions to execu...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate data in the repositories, or execute arbitrary commands with permissions from another user, which may include...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...
Vulnerability fixed in Juniper JunOS
Juniper has fixed a vulnerability in JunOS Specifically for SRX series systems The vulnerability is in how the Packet Forwarding Engine PFE on vulnerable SRX systems processes traffic. Certain, albeit legitimate, traffic can cause the PFE to crash. A malicious party can exploit the vulnerability ...
Vulnerabilities fixed in Splunk
Splunk developers have fixed vulnerabilities in Splunk and Splunk Enterprise. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, execute or cause to be executed arbitrary code using Command-injection, or perform a Cross-Site-Scripting attack. Such an attack could lead...
Vulnerabilities fixed in Apache HHTP server
Apache Software Foundation has fixed vulnerabilities in the Apache HTTP Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service, manipulate traffic via Server-Side-Request-Forgery SSRF, or execute code within the Web server, which the malicious party is not initiall...
Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder
Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...
Vulnerability fixed in OpenSSH
The developers of OpenSSH have fixed a vulnerability in OpenSSH The vulnerability allows a malicious party to execute arbitrary code with privileges of the sshd process without prior authentication. It cannot be ruled out that the ssh process is running with elevated privileges, making it possibl...
Vulnerabilities fixed in Adobe Commerce
Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code, possibly with administrator privileges. Proof-of-Concept code PoC has been published for the vulnerability with reference...
Vulnerability fixed in Juniper Session Smart Router
Juniper has fixed a vulnerability in Session Smart Router SSR. SSR is a software router application for SD-WAN systems. An unauthenticated malicious person with access to the infrastructure can exploit the vulnerability to access and take over the system. The limiting condition, however, is that...
Vulnerabilities fixed in Progress MOVEit
Progress has fixed vulnerabilities in MOVEit Transfer and MOVEit Gateway. During the vulnerability investigation, a vulnerability was also discovered in an unnamed Third-Party component in use by MOVEit Transfer. The vulnerabilities are located in the SFTP module of the affected applications and...