4179 matches found
Vulnerabilities fixed in WordPress
WordPress developers have fixed vulnerabilities in WordPress. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or possibly access to sensitive data in the context of the...
Vulnerability fixed in XWiki
The developers of XWiki have fixed a vulnerability in XWiki. The vulnerability is in the way documents are imported into articles. The document's permissions remain on the person importing the document, allowing anyone with permissions to the original document to perform actions with permissions...
Vulnerabilities fixed in Avaya IP Office
Avaya has fixed vulnerabilities in IP Office. A malicious party could exploit the vulnerabilities to execute arbitrary code on the central system, potentially taking over the system. For successful abuse, the malicious party must have access to the Web Control interface, but does not need prior...
Vulnerabilities fixed in Autodesk Autocad
Autodesk has fixed vulnerabilities in several AutoCad products. The vulnerabilities are in various parsers for cad file types. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code within the application. Successful exploitation...
Vulnerabilities fixed in VMware vCenter
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the server. For successful abuse, however, the malicious party must have access to the LAN infrastructure. VMware has...
Vulnerability fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to execute arbitrary code on the vulnerable system through a Cross-Site-Scripting attack, or through SQL-Injection. Also, a malicious party can bypass security measures and thus allow traffic to pass...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Endpoint Manager. A malicious party can exploit the vulnerabilities to execute arbitrary code on the system using SQL Injection. For successful abuse, the malicious party must have access to the local infrastructure where the EPM system is implemented...
Vulnerabilities fixed in Nvidia GPU Drivers
Nvidia has fixed vulnerabilities in GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and execute code with elevated privileges, or gain access to sensitive data. Nvidia has released...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed a large number of vulnerabilities in Experience Manager. A malicious party can exploit the vulnerabilities to bypass security measures and launch a Cross-Site Scripting attack in various ways. Such an attack often results in execution of arbitrary code in the victim's browser, or...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, or perform a Cross-Site-Scripting attack. Such an attack could result in execution of arbitrary code in the victim's browser, ...
Vulnerability fixed in Adobe Creative Cloud Desktop Application
Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A malicious person could exploit the vulnerability to execute arbitrary code with the victim's privileges. For successful abuse, the malicious party must trick the victim into opening a rogue file. Adobe has released updates t...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to bypass a security measure and gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Adobe FrameMaker Publishing Server
Adobe has fixed vulnerabilities in FrameMaker Publishing Server. A malicious party could exploit the vulnerabilities to bypass authentication and potentially take over the system. In particular, systems that are accessible from public networks without additional measures are at increased risk...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe has released updates to fix the...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics and Dynamics Business Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code with potentially elevated privileges and gain access to sensitive data in the application. For...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data in the victim's context. Successful exploitation requires the malicious party to...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution Administrator/Root rights - Remote code...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products, including SCALANCE, SICAM, Tecnomatix, SITOP and PowerSys. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including Business Objects, HANA, CRM and NetWeaver. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Bypassing authentication - Cross-Site...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro fixed vulnerabilities in Apex One A local malicious party could exploit the vulnerabilities to cause a denial-of-service DoS, or grant themselves elevated privileges and potentially execute arbitrary code on the local system. Trend Micro has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Schneider Electric Sage RTU systems
Schneider Electric has fixed vulnerabilities in Sage RTU devices. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Bypassing authentication - Circumvention of security...
Vulnerabilities fixed in Veeam Backup Enterprise Manager
Veeam has fixed vulnerabilities in Backup Enterprise Manager. A malicious party could exploit the vulnerabilities to access user accounts active within Enterprise Manager without prior authentication to gain access to sensitive data within the context of the acquired account, and potentially...
Vulnerabilities fixed in PHP
Vulnerabilities have been fixed in PHP. A malicious person could exploit the vulnerabilities to execute arbitrary code with application privileges. The vulnerability with attribute CVE-2024-4577 is actually a re-entry of the vulnerability with attribute CVE-2012-1823. This vulnerability allows th...
Vulnerabilities fixed in RoundCube Webmail
RoundCube has fixed vulnerabilities in RoundCube Webmail. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser and potentially access sensitive data in the context of the victim'...
Vulnerabilities fixed in FortiNet FortiWebManager
FortiNet has fixed vulnerabilities in FortiWebManager. A malicious party could exploit the vulnerabilities to bypass a security measure and potentially perform actions that the malicious party is not initially authorized to perform. For successful exploitation, the malicious party must have at...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. The vulnerabilities allow a malicious person to grant themselves elevated privileges, cause a denial-of-service or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue link, or...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in Solarwinds Platform. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, execute a command injection, or perform a Cross-Site-Scripting attack. Such an attack can result in execution of arbitrary code in the victim's browser. For...
Vulnerability fixed in Check Point VPN products
Check Point has fixed a vulnerability in Quantum Gateway VPN systems. Check Point reports observing active abuse attempts. A path-traversal bug allows a malicious party to gain access to the username and password credentials of local accounts on the VPN system. If these local accounts, are...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service DoS, or collect sensitive data via a Cross-Site-Scripting attack XSS to take over accounts. GitLab has released updates to fix the...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's browser, potentially gaining access to sensitive data in the context of the victim's browser. Google says it has received reports of limited and targeted abuse o...
Vulnerability fixed in Github Enterprise Server
Github has fixed a vulnerability in Github Enterprise Server. A malicious party could exploit the vulnerability to gain access to the Github environment, possibly even as an administrator. The vulnerability is in the way Github handles SAML-Single-Sign-on. If the optional "Security Assertions" ar...
Vulnerabilities fixed in Cisco products
Cisco has fixed vulnerabilities in ASA, Firepower and Snort. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution User rights - Increased user...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products, including Jira, Confluence and Bitbucket. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Request Forgery XSRF - Denial-of-Service DoS. - Circumvention of...
Vulnerabilities fixed in QNAP QTS and QTS Hero
QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious person could exploit the vulnerabilities to execute arbitrary code on the vulnerable system. For successful abuse, the malicious party must be authorized. QNAP has released updates to fix the vulnerabilities in QTS and QTS Hero...
Vulnerability fixed in QlikSense Enterprise
A vulnerability has been fixed in QlikSense Enterprise. A malicious person can exploit the vulnerability to grant themselves elevated privileges, potentially executing arbitrary code on the system on which QlikSense is installed. For successful misuse, the malicious party must have prior...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including NetWeaver, Business Objects, HANA and SAP GUI. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Denial-of-Service DoS. - Manipulation ...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Animate. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Adobe has released updates to fix the vulnerabilities in Animate 23.0.6 and 24.0.3. For more...
Vulnerabilities fixed in Adobe FrameMaker
Adobe has fixed vulnerabilities in FrameMaker. A malicious party can exploit the vulnerabilities to execute arbitrary code with the victim's privileges, and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...
Vulnerability fixed in Adobe Dreamweaver
Adobe has fixed a vulnerability in Dreamweaver. A malicious party could exploit the vulnerability to execute an OS Command Injection, thus executing arbitrary code on the underlying system. Adobe has released updates to fix the vulnerability in Dreamweaver 21.4. For more information, see attached...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or gain access to sensitive data. Adobe has released updates to fix the vulnerabilities in Acrobat Reader DC 24.002.20759 and Acrobat Read...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate VPN traffic, or potentially execute code on the management interface. For successful execution of arbitrary code, the malicious party must have access to the...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to access sensitive data in the context of the browser. Of the vulnerability with attribute CVE-2024-4947, Google says it has information tha...
Vulnerabilities fixed in Aruba Networks ArubaOS
Aruba Networks fixed vulnerabilities in ArubaOS A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Remote code execution Administrator/Root privileges - Access to system data...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Remote code execution Administrator/Root rights - Remote code execution User rights - Access to...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla fixed vulnerabilities in Firefox and Thunderbird A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution User rights Mozilla has released...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of security measure - Remote code execution User rights - Remote cod...
Vulnerability fixed in Microsoft Edge
Microsoft has fixed a vulnerability in Edge. A malicious party could exploit the vulnerability to gain access to system data. For successful abuse, the malicious party must trick the victim into opening a rogue link. This update also includes the vulnerabilities marked CVE-2024-4558, CVE-2024-455...