4179 matches found
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure products. A malicious party could exploit the vulnerabilities to gain elevated privileges and potentially execute arbitrary code with elevated privileges, or gain access to sensitive data. The most serious vulnerability is located in the...
Vulnerability fixed in Microsoft Exchange
Microsoft has fixed a vulnerability in Exchange Server. A malicious party can exploit the vulnerability to execute arbitrary code execute with privileges of the victim, potentially gaining access gain access to sensitive data in the victim's context. Successful exploitation requires the malicious...
Vulnerabilities fixed in Microsoft System Center
Microsoft has fixed vulnerabilities in two System Center components. A malicious party could exploit the vulnerabilities to bypass security measures, grant himself elevated privileges grant themselves elevated privileges or execute arbitrary code. Open Management Infrastructure:...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer tools. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or grant himself elevated privileges to granted and thereby potentially execute arbitrary code for which the malicious party is not initially authorized...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as. Cerberus, Ruggedcom, SCALANCE, Sentron, SIMATIC, Sinema, Sinteso, Siveillance and Solid Edge. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage:...
Vulnerability fixed in pgAdmin
A vulnerability has been fixed in pgAdmin. An authenticated malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with application privileges. Because pgAdmin was developed as a management tool for PostgreSQL databases, it is therefore not rule out the...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Circumvention of security measure. Accessing sensitive data Denial-of-Service DoS. Successful abuse requires the malicious party to trick the...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerability fixed in Cisco Secure Client
Cisco has fixed a vulnerability in the Secure Client. A malicious party could exploit the vulnerability to use a malicious link to gain access to the SAML token of the victim and thus establish a VPN connection. Access to underlying systems and applications still require authentication. Cisco has...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Circumvention of security measure. Increased user privileges GitLab has released updates to...
Vulnerabilities fixed in Foxit PDF Reader and PDF Editor
Foxit has fixed vulnerabilities in PDF Reader and PDF Editorformerly PhantomPDF. A malicious party could exploit them to cause a denial-of-service DoS, execute arbitrary code with the victim's privileges, to elevate privileges, or to gain access to sensitive data in the context of the victim...
Vulnerabilities fixed in ArubaOS and Aruba SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by, among others, Aruba Mobility Conductor former Mobility Master, Mobility Controllers, Access-Points and SD-WAN Gateways. A malicious party can exploit the vulnerabilities to launch a denial-of-service DoS, gain access to...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Manipulation of data; Circumvention of security measure; Accessing sensitive data. For successful exploitatio...
Vulnerabilities fixed in VMware products
VMware has fixed several vulnerabilities in VMware ESXI, VMware Workstation and VMware Fusion. A malicious person with local administrator rights in a virtual machine can exploit the vulnerabilities to execute code - with the rights of the application - execute code on the system on which the...
Vulnerabilities fixed in Zimbra Collaboration
Zimbra has fixed vulnerabilities in Zimbra Collaboration formerly Zimbra Collaboration Suite. The vulnerabilities allow a malicious party to obtain elevated user privileges, or to launch a Cross-Site Scripting XSS attack. A such attack can lead to execution of arbitrary code in too context of the...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data Increased user privileges The...
Vulnerability fixed in Mozilla Thunderbird
Mozilla has fixed a vulnerability in Thunderbird. Due to an flaw in the processing of email messages in the local cache, the encrypted data, such as the subject line, from email messages could be included in other email messages. When the user replies to such such an infected email message, for...
Vulnerabilities fixed in IBM MQ
IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service gain access to sensitive data, or to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or...
Vulnerabilities fixed in Cisco Nexus
Cisco has fixed vulnerabilities in NX-OS, as in use on various Nexus platforms. A malicious party could exploit them to bypass security measures to allow allow unauthorized network traffic to pass through, or to cause a denial-of-service attack. Cisco has released updates to fix the vulnerabiliti...
Vulnerabilities fixed in Nvidia GPU driver
Nvidia has fixed vulnerabilities in its driver for GPU chipsets and associated controller software. A local malicious party could exploit the vulnerabilities to cause a denial-of-service cause, or to grant themselves elevated privileges in order to execute arbitrary code with privileges from SYST...
Vulnerabilities fixed in Aruba Networks Clearpass Policy Manager
Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. A malicious party could exploit the vulnerabilities to execute digital attacks that can result in the following categories of damage: Remote code execution User rights; Remote code execution Administrator/Root rights; Cross-Sit...
Vulnerability fixed in Eclipse Jetty
A vulnerability has been fixed in Jetty. A malicious person at remote can exploit the vulnerability to cause a denial-of-service DoS attack. Eclipse has released updates to fix the vulnerability in Eclipse Jetty. For more information, see: https://eclipse.dev/jetty/download.php...
Vulnerability fixed in CheckMK
A vulnerability has been fixed in the CheckMK Windows Agent. The vulnerability allows an authenticated local malicious agent to able to execute with arbitrary code under higher privileges. CheckMK has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in Arista EOS
Arista has fixed a vulnerability in Arista NG Firewall, part of Arista EOS Edge Threat Management. The vulnerability allows a malicious person with access rights to 'advanced report application' could, through SQL injection, execute code with elevated privileges to execute code on the underlying...
Vulnerability fixed in SonicWall SSL-VPN products
SonicWall has fixed a vulnerability in SMA 100 series SSL VPNs. An authenticated malicious party can exploit the vulnerability exploit the vulnerability to establish a link to the mobile MFA device of another user and thus potentially gain access to sensitive data in the victim's context. SonicWa...
Vulnerabilities fixed in Liferay Portal and DXP
Liferay has fixed vulnerabilities in Liferay Portal and DXP. A malicious party can exploit the vulnerabilities to launch a variety of ways to launch a Cross-Site Scripting attack. A such an attack can lead to execution of arbitrary code in the victim's victim's browser, or access sensitive data i...
Vulnerabilities fixed in Joomla!
Vulnerabilities have been fixed in Joomla! CMS. A malicious person can exploit the vulnerabilities to bypass a security measure bypass or perform a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the...
Vulnerability fixed in Progress Kemp LoadMaster
Progress Kemp has fixed a vulnerability in LoadMaster. The vulnerability allows a malicious party to use specially API calls to issue system commands without being authorized. being authorized to do so. For successful exploitation, the malicious party must have access to the management interface...
Vulnerabilities fixed in Nagios XI
Nagios has fixed vulnerabilities in Nagios XI. A malicious party can exploit the vulnerabilities to use SQL injection, or through a Cross-Site-Scripting XSS attack execute arbitrary code with the victim's privileges, or to gain access to system data. Nagios has released updates to fix the...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Circumvention o...
Vulnerability fixed in Atlassian Confluence
Atlassian has fixed a vulnerability in Confluence. A authenticated malicious party could exploit the vulnerability to perform execute a stored cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive information in the...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Remote code execution User Rights Spoofing Increased user privileges Access to...
Vulnerabilities fixed in ConnectWise ScreenConnect
Connectwise has fixed vulnerabilities in ScreenConnect. A unauthenticated malicious person could exploit the vulnerabilities to create a new administrator account. An exploit is available that makes the chance of exploitation significant. At this no CVEs have yet been assigned to the...
Vulnerabilities fixed in IBM WebSphere Application Server
IBM has fixed vulnerabilities in WebSphere. The vulnerabilities are located in the Java component of WebSphere and allow a malicious party to carry out attacks that could lead to loss of data integrity and confidentiality. IBM did not release any other detailed information. A more precise risk...
Vulnerabilities fixed in IBM Qradar
IBM has fixed vulnerabilities in Qradar and underlying components such as SIEM, Wincollect and Case Manager. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...
Vulnerabilities fixed in Liferay Portal and DXP
Liferay has fixed vulnerabilities in Portal and DXP. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to system information, or impersonate another user. Liferay has released updates to fix the vulnerabilities in Portal and DXP. For more information,...
Vulnerabilities fixed in F5 BIG-IP and BIG-IQ
F5 has fixed vulnerabilities in BIG-IP and BIG-IQ products. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to bypass a security measure in order to bypass a security measure and thus use command-injection to manipulate the operation of the system manipulate t...
Vulnerability fixed in Rockwell Automation FactoryTalk Service Platform
Rockwell Automation has fixed a vulnerability in FactoryTalk Service Platform FTSP. An authenticated malicious party could exploit the exploit the vulnerability to grant themselves elevated privileges and gain access to FTSP as an Administrator. For successful misuse, the malicious party must hav...
Vulnerabilities fixed in Scheider Electric EcoStruxture and Modicon
Schneider Electric has fixed vulnerabilities in EcoStruxture and Modicon systems. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass security measures, allowing the malicious party to affect the operation of PLC components. For successful misuse, the...
Vulnerabilities fixed in ISC BIND
ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND 9.19.21, 9.18.24 S1, 9.16.48 S1 For more information, see: https://kb.isc.org/docs/cve-2023-4408...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including Netweaver and CRM. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Circumvention of security measure Remote code...
Vulnerabilities fixed in Adobe Acrobat and Reader
Adobe has fixed vulnerabilities in Adobe Acrobat and Reader. A malicious party can exploit the vulnerabilities to cause a denial-of-service DoS, execute arbitrary code execute with the victim's privileges and to gain access to sensitive data in the victim's context. To exploit the exploit...
Vulnerability fixed in Adobe Audition
Adobe has fixed a vulnerability in Adobe Audition. The vulnerability allows a malicious person to execute arbitrary code execute arbitrary code with the victim's privileges. Successful exploit requires user interaction from the victim. Adobe has released updates to fix the vulnerabilities in...
Vulnerabilities fixed in Zoom products
Zoom has fixed vulnerabilities in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. A malicious party could exploit the vulnerabilities to gain access to sensitive data, grant themselves elevated permissions, or to cause a denial-of-service. To cause ...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Adobe Commerce and Magento Open Source. The vulnerabilities allow an authenticated malicious person to cause a denial-of-service execute arbitrary code or to bypass a security measure. circumvention. Adobe has released updates to fix the vulnerabilities in Adobe...
Vulnerability fixed in Microsoft Exchange
Microsoft has fixed a vulnerability in Exchange Server. A malicious party could exploit the vulnerability to use a previously stolen NTLM hash to gain access to the account and the data of the victim. Successful exploitation thus requires a previous successful attack on a client that uses NTLM...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of the...
Vulnerability fixed in Microsoft Windows Defender
Microsoft has fixed a vulnerability in Defender for Endpoint. A local malicious agent could exploit the vulnerability to execute arbitrary code with SYSTEM privileges and thus potentially gain access to sensitive data on the system. Microsoft has made updates available that fix the described...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges For successful...