4179 matches found
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Excel and Sharepoint. A malicious party can exploit the vulnerabilities to execute arbitrary code execute with the victim's privileges, or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixed vulnerabilities in Dynamics 365 Customer Insights. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to cause a buffer overflow and thereby potentially execute arbitrary code with privileges of the victim, or possibly gain access to sensitive data in the context of the browser. Google states that it is...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server. The vulnerability is located in the Power BI Client JavaScript SDK and allows a malicious party to gain access to sensitive data. Successful exploitation requires the malicious party to trick the deceive the victim into visiting a page with...
Vulnerability fixed in Microsoft Azure
Microsoft has fixed a vulnerability in Azure Migrate. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges, or to cause a denial-of-service attack. Successful exploitation requires the malicious party to trick the victim into...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products including. Parasolid, Ruggedcom, SIMATIC, SICAM and Tecnomatix. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in Cacti
Vulnerabilities have been fixed in Cacti. A malicious party could vulnerabilities to bypass authentication, perform an SQL-Injection, execute arbitrary code execution on the server, or to perform a Cross-Site Scripting attack. attack. Such an attack can lead to execution of arbitrary code in the...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. The vulnerability is located in the Visuals component, and a malicious party can exploit the exploit the vulnerability to execute arbitrary code in the context of the browser, or to cause a Denial-of-Service DoS cause. Google reports being aware that...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to cause a denial-of-service, access gain access to and manipulate system data, or launch a Server-Side Request Forgery SSRF exploit. Such an attack can lead to execution of...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in BIG-IP. A malicious party could exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Security measure circumvention SQL Injection Accessing sensitive data To perform an...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant himself elevated privileges granted, thus executing code with the victim's privileges or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...
Vulnerabilities fixed in pgAdmin
Vulnerabilities have been fixed in pgAdmin. A malicious party could exploit the vulnerabilities to bypass any set two-factor authentication in order to bypass it and gain easier access gain access to the system, or to launch a Cross-Site-Scripting XSS attack. attack. Such an attack can lead to...
Vulnerability fixed in Apache ActiveMQ
Apache Software Foundation has fixed a vulnerability in Apache ActiveMQ. A malicious party could exploit the vulnerability to gain access to the API layer and thus access sensitive data in the application using MQ, or potentially execute arbitrary code execute with privileges of the application...
Vulnerabilities fixed in ArubaOS
Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to too PAPI port, the management interface o...
Vulnerabilities fixed in Cisco IP phones
Cisco has fixed vulnerabilities in the firmware of several IP Phone systems. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data on the vulnerable device and thus potentially manipulate phone calls. Cisco has released updates to fix t...
Vulnerabilities fixed in ArubaOS and Aruba SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Mobility Controllers, WLAN Gateways and SD-WAN Gateways. A malicious party can exploit the vulnerabilities to launch a denial-of-service DoS, gain access to sensitive data or...
Vulnerabilities fixed in QNAP QTS and QTS Hero
QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Bypassing authentication. Circumvention of security measure Remote code execution Administrator/Root right...
Vulnerabilities fixed in IBM MQ
IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service or potentially execute arbitrary code on the vulnerable system. IBM has released updates to fix the vulnerabilities in MQ. For more information, see:...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to bypass security measures to gain access to sensitive data or, under specific circumstances, to take over an account ta...
Vulnerabilities fixed in Honeywell Experion and Safety Manager
Honeywell has fixed vulnerabilities in Experion, Experion Plantcruise and Safety Manager. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...
Vulnerability fixed in Rockwell Automation AENFTXT FactoryTalk IP devices
Rockwell Automation has fixed a vulnerability in 5015-AENFTXT IP devices. A malicious party could exploit it to cause a denial-of-service. For successful exploitation, the malicious party must have access to the production environment. It is good practice to have such an infrastructure not to hav...
Vulnerability fixed in MongoDB Compass
MongoDB developers have fixed a vulnerability in MongoDB Compass. A malicious party could exploit the vulnerability to use a Man-in-the-Middle attack to gain access to sensitive data, or impersonate another user. MongoDB has released updates to fix the vulnerability in Compass 1.42.1. For more...
Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA) and Firepower Threat defense (FTD).
Cisco has fixed actively exploited vulnerabilities in Adaptive Security Appliance and Firepower Threat defense FTD. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Remote code executi...
Vulnerabilities fixed in Oracle VirtualBox
Oracle has fixed vulnerabilities in VirtualBox. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data For successf...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in Solarwinds Platform. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...
Vulnerabilities fixed in Veritas BackupExec
Veritas has fixed vulnerabilities in BackupExec. A local malicious party can exploit the vulnerabilities to execute arbitrary code via a DLL injection to execute arbitrary code, or to remove arbitrary files from the system, potentially causing a Denial-of-Service. No CVE IDs have been disclosed f...
Vulnerabilities fixed in Owncloud
Vulnerabilities have been fixed in Owncloud. A malicious party could exploit the vulnerabilities to cause a denial-of-service cause, or to bypass authentication and gain access to the victim's data. Owncloud has released updates to fix the vulnerabilities in Owncloud. For more information, see:...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in Oracle Supply Chain products
Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in several PeopleSoft products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution User Rights Access to sensitive data...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in several MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle has fixed the...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform Perform cross-site scripting XSS attacks. Such attacks can lead to execution of arbitrary code in the victim's victim's browser, or access sensitive data in the...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in several Hyperion products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in several Analytics products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in several Java products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in several Financial Services applications. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution...
Vulnerabilities fixed in Oracle Communications products
Oracle has fixed vulnerabilities in Communications products and applications. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in several Fusion Middleware products. A malicious party can exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...
Vulnerabilities fixed in Oracle Database Products
Oracle has fixed vulnerabilities in several Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Access to sensitive data...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in Enterprise Manager components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remote code execution...
Vulnerabilities fixed in IBM Websphere Application Server
Vulnerabilities have been fixed in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty.The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Server Side Request Forgery SSRF. Access to sensitive data IBM has releas...
Vulnerability fixed in Putty
Putty has fixed a vulnerability in Putty Client. The vulnerability in Putty is in how the ECDSA nonce is created when using NIST P-521. This makes possible for a malicious person to guess the nonce and use using the signed text to retrieve the private key. Putty is also used in the following...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to execute a Cross-Site Scripting attack. Such an attack could result in execution of arbitrary code in the victim's...
Vulnerability discovered in Palo Alto PAN-OS
Palo Alto has discovered a vulnerability in PAN-OS. A unauthenticated malicious person can exploit the vulnerability to execute arbitrary code on the vulnerable system with root privileges. The vulnerability is found only in PAN-OS versions 10.2, 11.0 and 11.1, if both the GlobalProtect Gateway a...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto has fixed vulnerabilities in PAN-OS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or bypass security measures, allowing traffic to pass through pass traffic that was not initially authorized. Palo Alto has released updat...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to bypass security measures to allow traffic pass through traffic that was not initially authorized. Juniper has release...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Animate. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code with the privileges of the victim, or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...