4179 matches found
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A local, authenticated malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute arbitrary code, possibly as SYSTEM. Trend Micro has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights SQL Injection Access...
Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Mitigation measures are available for two vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure Gateways that are being are being actively exploited. The vulnerability with attribute CVE-2023-46805 enables an unauthenticated remote malicious person to bypass authentication. The...
Vulnerabilities fixed in Microsoft Office and Sharepoint
Microsoft has fixed vulnerabilities in Office and Sharepoint. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code. Successful exploitation of the vulnerability with reference CVE-2024-20677 requires the malicious party to trick the victim into opening a...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure Products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system, with permissions from the process. Due to the nature of the process, the...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products including. SIMATIC, SICAM, Solid Edge, Spectrum Power and Teamcenter. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass a security measure, gain bypass, gain elevated privileges and thus potentially execute arbitrary code with SYSTEM privileges. Obtaining...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server. A malicious party can exploit the vulnerability to use a Man-in-the-Middle attack to intercept and decrypt, potentially gaining access to the sensitive data in that traffic. Abuse is not easily accomplished and requires the malicious party is in...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP, Netweaver, SAP GUI and HANA. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure. Remote...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in several DB2 products such as DB2, DB2 for Cloud Pak and Web Query for i. A malicious party could exploit the exploit the vulnerabilities to grant himself locally elevated privileges assigned arbitrary code and thus execute arbitrary code with potentially privilege...
Vulnerabilities fixed in Rockwell Automation FactoryTalk Activation Manager
Rockwell Automation has fixed vulnerabilities in the FactoryTalk Activation Manager. A malicious party could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system and thereby take over the system and thus access and manipulate the system data an...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive data Increased user rights...
Vulnerability fixed in NetApp Active IQ Unified Manager
NetApp has fixed a vulnerability in the Spring Web Services component of Active IQ Unified Manager for Windows, Linux, and VMware vSphere. The vulnerability allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a denial-of-service. NetApp has release...
Vulnerability fixed in ProFTPd
A vulnerability has been fixed in ProFTPd. The vulnerability allows an authenticated remote malicious person to perform a denial-of-service DoS via a specially prepared command to cause a denial-of-service DoS cause. The developers of ProFTP have released updates to fix the vulnerability. For mor...
Vulnerabilities fixed in Apache OpenOffice
Apache has fixed vulnerabilities in OpenOffice. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the application, with permissions from the victim, or to bypass a security measure. Apache has released updates to fix the...
Vulnerability fixed in IBM Informix
IBM has fixed a vulnerability in the JDBC driver of Informix. A malicious person with rights to use the API could can exploit the vulnerability to execute arbitrary code execute code with permissions from the application using the JDBC driver. Because it cannot be estimated with what permissions...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. The vulnerability is located in WebRTC, and a malicious person could exploit it to execute arbitrary code in the context of the browser. Google reports being aware that exploit code is being shared in limited shared. This exploit code is not yet publicl...
Vulnerabilities fixed in Tenable Nessus Network Monitor
Tenable has fixed vulnerabilities in Nessus Network Monitor and underlying software. An unauthenticated malicious person could potentially exploit the vulnerability with reference CVE-2023-5363 potentially exploit it to cause a denial-of-service DoS or to gain access to sensitive system data. In...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS; Circumvention of security measure; Remote code execution User Rights;...
Vulnerabilities fixed in Zabbix
Vulnerabilities have been fixed in Zabbix. A malicious party can exploit the exploit the vulnerabilities to cause a Denial-of-Service, potentially execute arbitrary code with the privileges of the application, or use session hijacking to gain access to the data of a logged-in user. The developers...
Vulnerability fixed in OpenSSH
A vulnerability has been fixed in OpenSSH. A malicious party could potentially use a Man-in-the-Middle attack to weaken the connection between a client and server and thus gain access to the data transmitted over this connection. This Man-in-the-Middle attack has been given the name "Terrapin...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Manipulation of data. Circumvention of security measure Spoofing Access to sensitive data...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in MQ. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. IBM has released updates to fix the vulnerability in the supported versions of MQ. For more information, see: https://www.ibm.com/support/pages/node/7096710...
Vulnerabilities fixed in Fortinet FortiMail
Fortinet has fixed vulnerabilities in FortiMail. The vulnerability with reference CVE-2022-47538 allows an unauthenticated malicious party to use a specially prepared request, authentication on the management interface to bypassing authentication on the management interface. The malicious party c...
Vulnerabilities fixed in Zoom
Zoom has fixed vulnerabilities in Zoom clients for Android, iOS, macOS, Linux and Windows. An authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data, grant themselves elevated privileges or cause a denial-of-service attack. Zoom has released updates to fix...
Vulnerabilities fixed in Fortinet FortiSandbox
Fortinet has fixed vulnerabilities in FortiSandbox. A malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser...
Vulnerabilities fixed in Nagios XI
Nagios has fixed vulnerabilities in Nagios XI. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code. It is possible that code execution could occur with privileges higher than user level. For successful exploitation, the malicious party must trick...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS, as used in FortiProxy and FortiPAM. An unauthenticated malicious person could exploit the vulnerability with reference CVE-2023-47536 to exploit a security measure to bypass and route traffic through the system that should not be allowed should be...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in After Effects. A malicious party could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. The malicious party does not need any prior authorizations required. Adobe has released updates to fix t...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A malicious party could exploit the vulnerabilities to gain access to sensitive data. The malicious party does not need any prior authorizations required. Adobe has released updates to fix the vulnerability in Dimension 3.4.11. For more information,...
Vulnerabilities fixed in SAP
SAP has fixed vulnerabilities in several products, including. Business Objects, SAP GUI, Master Data Governance, Netweaver and Solution Manager. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator 2023 and 2024. A malicious person could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges. The malicious person does not need prior authorizations to do so. Adobe has released updates to fix the vulnerabilitie...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or to gain access to sensitive data. The malicious party does not need prior authorizations to do so. Adobe has released updates to fix the vulnerabilities in versi...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to impersonate another user through a Cross-Site-Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, gain access to sensitive data, or to impersonate another user via a cross-site scripting attack. Such an attack can lead to execution of...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to system data Increased user privilege...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to impersonate another user or gain access to sensitive data, potentially including full access to the local file system. Successful exploitation requires the malicious party to tri...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access ...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products including. SIMATIC, SCALANCE, SIPROTEC, TIA and RUGGEDCOM. The vulnerabilities potentially enable a malicious person to carry out attacks that could result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Servi...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive data Access to system data Successful...
Vulnerability fixed in Apache Struts
Apache Foundation has fixed a vulnerability in Struts. A malicious person with rights to upload files can exploit the exploit the vulnerability to upload a rogue file to potentially potentially execute or cause to be executed arbitrary code within the application using Struts. Apache Foundation h...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in Jira Assets Discovery. A malicious person with access to the connection between the Assets Discovery Agent and the Assets Discovery application, can exploit the exploit the vulnerability to execute arbitrary code on the system where the Assets Discovery Agen...
Vulnerability fixed in Atlassian Confluence
Atlassian has fixed a vulnerability in Confluence Data Center and Confluence Server. The vulnerability allows an authenticated malicious person able to execute arbitrary execute code with application privileges, potentially gain access to sensitive data. If access is configured as "anonymous...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Zyxel products
Zyxel has fixed vulnerabilities in the firmware of several ATP and USG series firewalls. A malicious party could exploit them to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to system data...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to grant himself elevated privileges, or to cause a denial-of-service by executing a specially prepared query. These updates also include several updates to third-party products to include older...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a denial-of-service DoS cause, manipulate data, or launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary co...
Vulnerabilities fixed in Squid
Vulnerabilities have been fixed in Squid. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. The developers of Squid have released updates to fix the vulnerabilities in Squid 6.5. For more information, see:...