4179 matches found
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Spoofing Increased use...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as. SIMATIC, WinCC, Parasolid, RUGGEDCOM, Simcenter, SCALANCE, SIDIS, Teknomatix, Unicam and Location Intelligence. The vulnerabilities potentially enable a malicious party to conduct attacks that could result in the following categories ...
Vulnerabilities fixed in Microsoft .NET
Microsoft has fixed vulnerabilities in .NET. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause. Microsoft has made updates available that fix the described vulnerabilities described. We recommend that you install these updates. install. More information about...
Vulnerability fixed in Ivanti Connect Secure and Policy Secure Gateways
Ivanti has fixed a vulnerability in Ivanti Connect Secure, Policy Secure and ZTA gateway. The vulnerability allows a malicious party to use an XML External Entity attack to gain access to system resources without having the required authentication. The vulnerability was discovered during the...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. A unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. Also, a malicious party could potentially gain access to the FortiLink...
Vulnerabilities fixed in Cisco Expressway
Cisco has fixed vulnerabilities in Expressway. A malicious party could exploit the vulnerabilities to perform a Cross-Site-Request-forgery to execute on the Web-based management interface. Such an attack can lead to execution of arbitrary commands in the victim's context. Because cannot be ruled...
Vulnerabilities fixed in VMware Aria Operations Networks
VMWare has fixed vulnerabilities in Aria Operations Networks, formerly known as vRealize Network Insight. A malicious party could exploit the vulnerabilities to gain access to sensitive data, to elevate privileges or to launch a Cross-Site Scripting XSS attack. The vulnerability marked...
Vulnerabilities fixed in SolarWinds Platform
SolarWinds has fixed vulnerabilities in SolarWinds Platform. An authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data via SQL injection, or execute code that the malicious party is not initially authorized. SolarWinds has released updates to address the...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Increased user privileges Successful misuse requires...
Vulnerabilities fixed in QNAP QTS and QTS Hero
QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to bypass security measures, grant himself elevated privileges granted and execute code with administrator privileges and gain access to sensitive data on the vulnerable system. Successful misuse...
Vulnerability fixed in Nagios XI
Nagios has fixed a vulnerability in Nagios XI. A authenticated malicious party can exploit the vulnerability to perform execute a cross-site scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access data in the context of the victim's browser...
Vulnerabilities fixed in several Docker tools
Vulnerabilities have been fixed in Docker Moby, Docker desktop, runc and buildkit. A malicious party could exploit the vulnerabilities through a rogue docker image to gain elevated privileges within the environment and thus gain access to sensitive data or execute arbitrary code on the host where...
Vulnerability fixed in Rockwell Automation FactoryTalk
Rockwell Automation has fixed a vulnerability in FactoryTalk Service Platform. A malicious party could exploit the vulnerability to obtain the Service Token to gain unauthorized access gain unauthorized access to other FactoryTalk systems connected to the infrastructure. Once gained access, the...
Vulnerabilities fixed in GNU glibc
Vulnerabilities have been fixed in GNU glibc. A malicious party can exploit the vulnerabilities to cause a denial-of-service cause, or grant himself elevated privileges and execute arbitrary code, possibly with root privileges. For successful exploitation, the malicious party must have prior acce...
Vulnerability fixed in Progress MOVEit Transfer
Progress has fixed a vulnerability in MOVEit Transfer. A malicious party could exploit the vulnerability to cause a denial-of-service attack. For successful abuse, the malicious party must have prior authentication. Progress has released updates to fix the vulnerability in MOVEit Transfer 2023.1....
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...
Vulnerabilities fixed in Hewlett Packard OneView
Hewlett Packard has fixed vulnerabilities in OneView. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that could result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of authentication Remote code...
Vulnerability fixed in Cisco Unified Communications and Contact Center
Cisco has fixed a vulnerability in Unified Communications Manager and Contact Center. A malicious party could exploit it to execute arbitrary code with permissions from the web application. It is not out of the question that this could give the malicious party gain the ability to execute code tha...
Vulnerabilities fixed in Jenkins
Several vulnerabilities have been fixed in Jenkins core and modules. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Circumvention of security...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in Splunk
Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to sensitive data Access to system data Splunk has...
Vulnerabilities fixed in Lexmark printers
Lexmark has fixed vulnerabilities in the firmware of several printers. The vulnerabilities are located in the Postscript interpreter and allow a malicious person with the ability to print commands the ability to send arbitrary code execute arbitrary code on the vulnerable system. Lexmark has...
Vulnerability fixed in VMware Tanzu Spring Framework
VMWare Tanzu has fixed a vulnerability in Spring Framework. An unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service on an application running in the framework. The prerequisite for successful exploitation is that the application uses of the...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle...
Vulnerabilities fixed in Trend Micro Deep Security
Trend Micro has fixed vulnerabilities in Deep Security. A local malicious person can exploit the vulnerabilities to grant themselves elevated privileges and thus potentially execute arbitrary code execute arbitrary code with elevated privileges. Depending on the implementation this may include th...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in several Hyperion products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive...
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in several Financial Services applications. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in Enterprise Manager components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data Access to system data Oracle...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in several Fusion Middleware products. A malicious party can exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure...
Vulnerabilities fixed in Oracle Siebel CRM
Oracle has fixed vulnerabilities in Siebel CRM. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service. Oracle has made updates available to fix the vulnerabilities. fix. For more information, see: https://www.oracle.com/security-alerts/cpujan2024.html...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in PeopleSoft Enterprise PeopleTools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. Causing a Denial-of-Service does not require prior authentication is required. Successful access to sensiti...
Vulnerabilities fixed in Oracle Communications products
Oracle has fixed vulnerabilities in Communications products and applications. A malicious party can exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code...
Vulnerabilities fixed in Oracle Supply Chain products
Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data The vulnerabilities have been...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in several Java products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Database products
Oracle has fixed vulnerabilities in several Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system da...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in several Analytics products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle has...
Vulnerabilities fixed iin Oracle JD Edwards
Oracle has fixed vulnerabilities in JD Edwards. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Oracle has fixed the...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in several MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive da...
Vulnerability fixed in VMware Aria Automation
VMWare has fixed a vulnerability in Aria Automation, formerly known as vRealize Automation. An authenticated malicious party could exploit the vulnerability to gain access gain access to the Aria Automation instance, and possibly to systems of third parties. The malicious party can thus perform...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code with privileges of the browser, or to gain access to sensitive data in the context of the browser. Successful exploitation requires the malicious party to trick the victim in...
Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway
Citrix has fixed vulnerabilities in Netscaler ADC and Netscaler Gateway. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. The vulnerability with attribute CVE-2023-6548 is located in the...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products, including Confluence and Jira. A malicious party could exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure...
Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved
Vulnerabilities have been fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in Cacti
The developers of Cacti have fixed several vulnerabilities in Cacti. A malicious party can exploit the vulnerabilities to execute attacks that can result in the following categories of damage: SQL Injection Cross-Site Scripting XSS Remote code execution User rights Remote code execution...
Vulnerability fixed in Fortinet FortiOS and FortiProxy
Fortinet has fixed a vulnerability in FortiOS and FortiProxy. An authenticated malicious party can exploit the vulnerability to execute commands on the system that it is initially is not authorized to do. Fortinet has released an update to fix the vulnerability fix in FortiOS and FortiProxy. For...