Vulnerability fixed in node.js

A vulnerability has been fixed in node.js. A malicious party can exploit the vulnerability to use a command-injection to execute arbitrary code on the system with permissions of the application running in the vulnerable node.js. The developers of node.js have released updates to fix the...

Vulnerability fixed in Adobe Media Encoder

Adobe has fixed a vulnerability in Media Encoder. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into opening a rogue media file. Adobe has...

Vulnerabilities fixed in Microsoft Defender for IoT

Microsoft has fixed vulnerabilities in Defender for IoT. A malicious party can exploit the vulnerabilities to afford elevated permissions and execute arbitrary code with permissions of the process. Microsoft has made updates available that fix the described vulnerabilities described. We recommend...

Vulnerabilities fixed in Microsoft Azure products

Microsoft has fixed vulnerabilities in Azure and various applications within Azure. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system...

Vulnerabilities fixed in Micorosft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are located in the various ODBC and OLE DB drivers and allow a malicious party to execute arbitrary code execute application privileges, potentially gaining access gain access to sensitive data. Successful abuse requires the...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Excel and Sharepoint. The vulnerability in Excel allows a malicious person to execute arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into opening a rogue file. The vulnerability in Sharepoi...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing...

Vulnerabilities fixed in Fortinet

Fortinet has fixed a number of vulnerabilities in FortiOS, FortiProxy, FortiNAC, FortiSandbox and FortiClient. A malicious person could exploit the vulnerability marked CVE-2023-45590 to executing code on a FortiClientLinux system by getting a user to visit a rogue website. Other vulnerabilities...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Netweaver, HANA, Fiori and Business Objects. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products including. Parasolid, Ruggedcom, SCALANCE, SIMATIC, SINEC and Telecontrol. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that could lead to the following categories of damage: Cross-Site Scripting...

Vulnerabilities fixed in Red Hat Openshift

Red Hat has released updates to Red Hat OpenShift Container Platform to address several vulnerabilities in underlying software modules fixes. A malicious party could potentially exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Circumvention of securit...

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Apache has released updates to fix the vulnerabilities in Apache server 2.4.59...

Vulnerability fixed in IBM Personal Communications

IBM has fixed a vulnerability in Personal Communications PCOMM. The vulnerability is located in an underlying Windows component and allows a malicious person to afford granted elevated privileges and execute code with privileges of SYSTEM. IBM has released updates to fix the vulnerability in...

Vulnerability fixed in IBM Websphere Application Server

IBM has fixed a vulnerability in Websphere Application Server. The vulnerability is located in the underlying jose4j library and allows an unauthenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability in Websphere Application Server. For...

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. A malicious party can exploit the vulnerability to execute arbitrary code on the underlying system. For successful abuse, the malicious party must have prior authentication on the vulnerable pgAdmin installation. The developers of pgAdmin have released...

Vulnerabilities Fixed in Lexmark Multifunctionals

Lexmark has fixed vulnerabilities in the firmware of several types of multifunction devices. A malicious person could exploit them to bypass a security measure and thus provide the vulnerable system with outdated, or potentially rogue, firmware, or to execute arbitrary code on the system. Lexmark...

Vulnerabilities fixed in Broadcom Brocade Fabric OS

Broadcom has fixed vulnerabilities in Brocade Fabric OS. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code on the system, or to manipulate the operation of the system manipulate. To do this, the malicious party does not need prior authentication...

Vulnerabilities fixed in Esri Arcgis Portal

Esri has fixed vulnerabilities in Arcgis Portal. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack, or perform a Cross-Site-Request-Forgery execution. Such attacks can lead to execution of arbitrary code in the victim's browser, or access to sensitive dat...

Vulnerabilities fixed in Cisco Nexus Dashboard

Cisco has fixed vulnerabilities in the Nexus Dashboard and underlying modules, such as Fabric Controller and Orchestrator. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Da...

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed a vulnerability in Unified Communications Manager. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim'...

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure Gateways

Ivanti has fixed vulnerabilities in Ivanti Connect Secure and Policy Secure. The vulnerabilities allow an unauthenticated malicious party able to remotely perform a Denial of Service execution. For CVE-2024-21894, Ivanti indicates that in certain circumstances could potentially lead to the...

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Identity Services Engine. The vulnerabilities are located in the management interface and allow a malicious person with access to that interface to perform a Server-Side-Request-Forgery, or a Cross-Site-Request-Forgery to perform execution. Such an attack can le...

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in IBM DB2. For more information, see:...

Vulnerability fixed in Flexera Software FlexNet Publisher

Flexera Software has fixed a vulnerability in FlexNet Publisher. A local malicious person could exploit the vulnerability to grant itself elevated privileges and execute code with elevated privileges. To exploit the vulnerability, a malicious party must load a specially prepared SSL configuration...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or grant themselves elevated privileges to gain gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into followi...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS GitLab has released updates to fix th...

Vulnerability fixed in liblzma (XZ Utils)

Malicious code has been found in liblzma XZ Utils software. XZ Utils is used for compression of data and may be present in Linux distributions. The vulnerability has been labeled CVE-2024-3094 and has been found in versions 5.6.0 and 5.6.1 of XZ Utils. A malicious party can exploit the...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Increased user...

Vulnerabilities fixed in Synology Surveillance Station

Synology has fixed vulnerabilities in Surveillance Station. A malicious party can exploit the vulnerabilities to execute arbitrary code via SQL injection to execute arbitrary code, or gain access to sensitive data. Synology has released updates to fix the vulnerabilities in Surveillance Station...

Vulnerabilities fixed in Splunk

Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Circumvention of security measure. Accessing sensitive data Access to system data Splunk has released...

Vulnerabilities fixed in SugarCRM

Vulnerabilities have been fixed in SugarCRM. A malicious party could exploit the vulnerabilities to launch cross-site scripting or SQL injection attacks, manipulate data or execute code execute code. No CVE IDs have yet been disclosed for the vulnerabilities. SugarCRM has released updates to fix...

Vulnerability fixed in Microsoft .NET

Microsoft has fixed a vulnerability in .NET. A malicious party could exploit the vulnerability to gain access to sensitive data. Microsoft has made available an update that fixes the described vulnerability described. We recommend that you install. More information about the vulnerability, the...

Vulnerabilities fixed in MISP

The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities allow a malicious person to to bypass security measures. The MISP community has released updates to fix the vulnerabilities fixes in MISP. For more information, see: https://github.com/MISP/MISP/commit...

| Vulnerability fixed in Ivanti Standalone Sentry

A vulnerability has been fixed in Ivanti Standalone Sentry. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code on the underlying operating system of the vulnerable appliance. Successful misuse does not require prior authentication, but it does require...

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products such as Bamboo, Bitbucket, Jira and Confluence. A malicious party can exploit the exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights SQL...

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...

Vulnerability fixed in Autodesk

Autodesk has fixed a vulnerability in DWG Trueview. A malicious party can exploit the vulnerability to cause a denial-of-service, execute arbitrary code with application privileges, or to gain access to sensitive data in the context of the application. Successful exploitation requires the malicio...

Vulnerabilities fixed in Fortinet FortiManager, FortiAnalyzer and FortiClient-EMS

Vulnerabilities have been fixed in Fortinet FortiManager, FortiAnalyzer and FortiClient-EMS. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: SQL Injection; Manipulation of data; Remote code execution User Rights; Circumvention of...

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in IOS XR. A malicious person could exploit the vulnerabilities to circumvent a security measure bypass, cause a denial-of-service, or execute arbitrary execute arbitrary code on the vulnerable system. To successfully execute arbitrary code, the malicious party mus...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Netweaver, HANA, Fiori and Business Objects. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

Vulnerabilities fixed in Adobe Animate

Adobe has fixed vulnerabilities in Adobe Animate. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...

Vulnerability fixed in Schneider Electric EcoStruxure Power Design

Schneider Electric has fixed a vulnerability in EcoStruxure Power Design. A malicious party could exploit the vulnerability to execute arbitrary code with privileges of the Power Design user. Successful exploitation requires the malicious party to trick the victim into opening and executing a rog...

Vulnerability fixed in Adobe ColdFusion

Adobe has fixed a vulnerability in ColdFusion. A malicious party can exploit the vulnerability to bypass a security measure to bypass the vulnerability and thus gain access to sensitive data in the affected Adobe ColdFusion application. Adobe has released updates to fix the vulnerability in...

Vulnerabilities fixed in Adobe Bridge

Adobe has fixed vulnerabilities in Adobe Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...

Vulnerability fixed in JFrog Artifactory

JFrog has fixed a vulnerability in Artifactory. A malicious party could exploit the vulnerability to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. JFrog...

Vulnerabilities fixed in Fortinet FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary code, gain access to sensitive data or to elevate privileges. The vulnerability with reference CVE-2024-23112 applies to FortiOS and FortiProxy SSLVPN, and allows...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Successful misuse...

Vulnerability fixed in Microsoft Skype

Microsoft has fixed a vulnerability in Skype. A malicious party can exploit the vulnerability to execute arbitrary code execute with the victim's privileges, potentially gaining access gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed and vulnerability in SQL Server. The vulnerability is located in the Django backend and allows a malicious party to be able to use the client application of the victim to execute an SQL injection and thus execute arbitrary code execute arbitrary code with the victim's privileg...

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Dynamics. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of the...