4197 matches found
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. The vulnerabilities allow a malicious party to impersonate another user, gain elevated privileges and potentially execute arbitrary code. Some of the vulnerabilities are in development tooling and are not readily accessible to...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office, Sharepoint and Outlook. A malicious party could exploit the vulnerabilities to impersonate another user or execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicio...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to cause a Denial-of-Service. Successful exploitation requires the malicious party to win a race condition. .NET and Visual...
Vulnerabilities fixed in Siemens Products
Siemens has fixed vulnerabilities in various products such as Mendix, RUGGEDOM, SIMATIC, SINEMA, SIPROTEC and the Engineering Platforms for various systems. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...
Vulnerabilities fixed in Microsoft Windows SQL Server
Microsoft has fixed vulnerabilities in Windows SQL Server. The vulnerabilities are in the Native Client of SQL Server and allow a malicious person to execute arbitrary code in the victim's context, potentially gaining access to sensitive data in Database environments to which the victim has acces...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. A malicious party can exploit the vulnerability to gain access to the data the victim is accessing or editing through a Man-in-the-Middle attack. For successful abuse, the malicious party must have prior authentication and be on the...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution Administrator/Root rights - Remote code...
Vulnerability fixed in GeoServer
The developers of GeoServer have fixed a vulnerability. Proof-of-Concept PoC code for this vulnerability has appeared on the Internet. The vulnerability resides in the way XPath expressions are processed by the API and allows a malicious person to use specially prepared XPath expressions to execu...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate data in the repositories, or execute arbitrary commands with permissions from another user, which may include...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...
Vulnerability fixed in Juniper JunOS
Juniper has fixed a vulnerability in JunOS Specifically for SRX series systems The vulnerability is in how the Packet Forwarding Engine PFE on vulnerable SRX systems processes traffic. Certain, albeit legitimate, traffic can cause the PFE to crash. A malicious party can exploit the vulnerability ...
Vulnerabilities fixed in Splunk
Splunk developers have fixed vulnerabilities in Splunk and Splunk Enterprise. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, execute or cause to be executed arbitrary code using Command-injection, or perform a Cross-Site-Scripting attack. Such an attack could lead...
Vulnerabilities fixed in Apache HHTP server
Apache Software Foundation has fixed vulnerabilities in the Apache HTTP Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service, manipulate traffic via Server-Side-Request-Forgery SSRF, or execute code within the Web server, which the malicious party is not initiall...
Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder
Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...
Vulnerability fixed in OpenSSH
The developers of OpenSSH have fixed a vulnerability in OpenSSH The vulnerability allows a malicious party to execute arbitrary code with privileges of the sshd process without prior authentication. It cannot be ruled out that the ssh process is running with elevated privileges, making it possibl...
Vulnerabilities fixed in Adobe Commerce
Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code, possibly with administrator privileges. Proof-of-Concept code PoC has been published for the vulnerability with reference...
Vulnerability fixed in Juniper Session Smart Router
Juniper has fixed a vulnerability in Session Smart Router SSR. SSR is a software router application for SD-WAN systems. An unauthenticated malicious person with access to the infrastructure can exploit the vulnerability to access and take over the system. The limiting condition, however, is that...
Vulnerabilities fixed in Progress MOVEit
Progress has fixed vulnerabilities in MOVEit Transfer and MOVEit Gateway. During the vulnerability investigation, a vulnerability was also discovered in an unnamed Third-Party component in use by MOVEit Transfer. The vulnerabilities are located in the SFTP module of the affected applications and...
Vulnerabilities fixed in WordPress
WordPress developers have fixed vulnerabilities in WordPress. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or possibly access to sensitive data in the context of the...
Vulnerability fixed in XWiki
The developers of XWiki have fixed a vulnerability in XWiki. The vulnerability is in the way documents are imported into articles. The document's permissions remain on the person importing the document, allowing anyone with permissions to the original document to perform actions with permissions...
Vulnerabilities fixed in Avaya IP Office
Avaya has fixed vulnerabilities in IP Office. A malicious party could exploit the vulnerabilities to execute arbitrary code on the central system, potentially taking over the system. For successful abuse, the malicious party must have access to the Web Control interface, but does not need prior...
Vulnerabilities fixed in Autodesk Autocad
Autodesk has fixed vulnerabilities in several AutoCad products. The vulnerabilities are in various parsers for cad file types. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code within the application. Successful exploitation...
Vulnerabilities fixed in VMware vCenter
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the server. For successful abuse, however, the malicious party must have access to the LAN infrastructure. VMware has...
Vulnerability fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to execute arbitrary code on the vulnerable system through a Cross-Site-Scripting attack, or through SQL-Injection. Also, a malicious party can bypass security measures and thus allow traffic to pass...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Endpoint Manager. A malicious party can exploit the vulnerabilities to execute arbitrary code on the system using SQL Injection. For successful abuse, the malicious party must have access to the local infrastructure where the EPM system is implemented...
Vulnerabilities fixed in Nvidia GPU Drivers
Nvidia has fixed vulnerabilities in GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and execute code with elevated privileges, or gain access to sensitive data. Nvidia has released...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed a large number of vulnerabilities in Experience Manager. A malicious party can exploit the vulnerabilities to bypass security measures and launch a Cross-Site Scripting attack in various ways. Such an attack often results in execution of arbitrary code in the victim's browser, or...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, or perform a Cross-Site-Scripting attack. Such an attack could result in execution of arbitrary code in the victim's browser, ...
Vulnerability fixed in Adobe Creative Cloud Desktop Application
Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A malicious person could exploit the vulnerability to execute arbitrary code with the victim's privileges. For successful abuse, the malicious party must trick the victim into opening a rogue file. Adobe has released updates t...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to bypass a security measure and gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. See attached references for more information...
Vulnerabilities fixed in Adobe FrameMaker Publishing Server
Adobe has fixed vulnerabilities in FrameMaker Publishing Server. A malicious party could exploit the vulnerabilities to bypass authentication and potentially take over the system. In particular, systems that are accessible from public networks without additional measures are at increased risk...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe has released updates to fix the...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics and Dynamics Business Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code with potentially elevated privileges and gain access to sensitive data in the application. For...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data in the victim's context. Successful exploitation requires the malicious party to...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution Administrator/Root rights - Remote code...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products, including SCALANCE, SICAM, Tecnomatix, SITOP and PowerSys. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including Business Objects, HANA, CRM and NetWeaver. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Bypassing authentication - Cross-Site...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro fixed vulnerabilities in Apex One A local malicious party could exploit the vulnerabilities to cause a denial-of-service DoS, or grant themselves elevated privileges and potentially execute arbitrary code on the local system. Trend Micro has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Schneider Electric Sage RTU systems
Schneider Electric has fixed vulnerabilities in Sage RTU devices. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Bypassing authentication - Circumvention of security...
Vulnerabilities fixed in Veeam Backup Enterprise Manager
Veeam has fixed vulnerabilities in Backup Enterprise Manager. A malicious party could exploit the vulnerabilities to access user accounts active within Enterprise Manager without prior authentication to gain access to sensitive data within the context of the acquired account, and potentially...
Vulnerabilities fixed in PHP
Vulnerabilities have been fixed in PHP. A malicious person could exploit the vulnerabilities to execute arbitrary code with application privileges. The vulnerability with attribute CVE-2024-4577 is actually a re-entry of the vulnerability with attribute CVE-2012-1823. This vulnerability allows th...
Vulnerabilities fixed in RoundCube Webmail
RoundCube has fixed vulnerabilities in RoundCube Webmail. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser and potentially access sensitive data in the context of the victim'...
Vulnerabilities fixed in FortiNet FortiWebManager
FortiNet has fixed vulnerabilities in FortiWebManager. A malicious party could exploit the vulnerabilities to bypass a security measure and potentially perform actions that the malicious party is not initially authorized to perform. For successful exploitation, the malicious party must have at...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. The vulnerabilities allow a malicious person to grant themselves elevated privileges, cause a denial-of-service or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue link, or...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in Solarwinds Platform. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, execute a command injection, or perform a Cross-Site-Scripting attack. Such an attack can result in execution of arbitrary code in the victim's browser. For...
Vulnerability fixed in Check Point VPN products
Check Point has fixed a vulnerability in Quantum Gateway VPN systems. Check Point reports observing active abuse attempts. A path-traversal bug allows a malicious party to gain access to the username and password credentials of local accounts on the VPN system. If these local accounts, are...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service DoS, or collect sensitive data via a Cross-Site-Scripting attack XSS to take over accounts. GitLab has released updates to fix the...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's browser, potentially gaining access to sensitive data in the context of the victim's browser. Google says it has received reports of limited and targeted abuse o...