4179 matches found
Vulnerabilities fixed in Apple iOS, iPadOS, MacOS and Safari
Apple has fixed vulnerabilities in iOS, iPadOS, MacOS and Safari. A malicious party could exploit the vulnerabilities to execute arbitrary code with user privileges, or to gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into following a rogu...
Vulnerability fixed in IBM AIX
IBM has fixed a vulnerability in AIX. Through an error in the invscout command, a local malicious person can execute arbitrary execute arbitrary commands on the system. IBM has released updates to fix the vulnerability in AIX invscout. For more information, see:...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code with privileges of the browser, or to access sensitive data in the context of the browser. Successful exploitation requires the malicious party to trick the victim into openi...
Vulnerability fixed in Apache ActiveMQ
Apache Foundation has fixed a vulnerability in ActiveMQ. A authenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Apache Foundation has released updates to fix the vulnerability fix in ActiveMQ 5.16.6, 5.17.4, 5.18.0 & 6.0.0. For more...
Vulnerabilities fixed in MOVEit Transfer
Progress has fixed vulnerabilities in MOVEit Transfer. A malicious party could exploit the vulnerability with attribute CVE-2023-6217 exploit for a Cross-Site Scripting ace trap. Such an attack can lead to execution of arbitrary code in the browser of the victim, or potentially access sensitive...
Vulnerabilities fixed in QlikTech Qlik Sense Vulnerabilities fixed in QlikTech Qlik Sense
QlikTech has fixed vulnerabilities in Qlik Sense Enterprise. An unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code on the system where Qlik Sense is installed, potentially taking over that system. take over. Qlik Sense reports having received reports that...
Vulnerabilities fixed in MediaWiki
Vulnerabilities have been fixed in MediaWiki. A malicious party can exploit the vulnerabilities to cause a denial-of-service cause, or to launch a Cross-Site-Scripting attack XSS which may allow the malicious party to grant itself elevated privileges when the administrator of a wiki allows XML...
Vulnerability fixed in Solarwinds Platform
Solarwinds has fixed a vulnerability in Solarwinds Platform. A malicious party could exploit the vulnerability to use SQL-Injection to gain access to sensitive data, or potentially execute arbitrary code with application privileges. For successful exploitation, the malicious party must be...
Vulnerability fixed in Splunk
A vulnerability has been fixed in Splunk. A malicious person with prior authentication and rights to upload XSLT files, could exploit the vulnerability to execute arbitrary code via the upload of an XSLT file to execute arbitrary code with permissions from the application. Because it is not...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to system data Successful...
Vulnerabilities fixed in Foxit PDF Reader and PDF Editor
Foxit has fixed vulnerabilities in PDF Reader and PDF Editor formerly PhantomPDF. A malicious party could exploit them to cause a denial-of-service, execute arbitrary execute arbitrary code with the victim's privileges or to access gain access to sensitive data in the victim's context. Successful...
Vulnerabilities discovered in OwnCloud
Vulnerabilities have been discovered in OwnCloud's core software and in the apps oauth2 and graphapi. An unauthenticated malicious person could exploit the vulnerabilities to arbitrarily delete files delete or gain access to sensitive data Because a configuration change is sufficient to remove...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products such as Jira, Confluence and Bitbucket. A malicious party can exploit the exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remot...
Vulnerabilities fixed in Nagios XI
Vulnerabilities have been fixed in Nagios XI. A malicious party can exploit the vulnerabilities to launch a cross-site scripting attack. execute. Such an attack could lead to execution of arbitrary code in the victim's browser, or possibly access to sensitive data in the context of the victim's...
Vulnerabilities fixed in Elastic Kibana and Logstash
Elastic has fixed vulnerabilities in Kibana and Logstash. The vulnerability with reference CVE-2023-46671 is located in Kibana and allows an authenticated malicious party to obtain sensitive data from the log, such as api keys, user credentials and system credentials. The vulnerability with...
Vulnerabilities fixed in Adobe Photoshop
Adobe has fixed vulnerabilities in Photoshop. A malicious person can exploit the vulnerabilities to execute arbitrary code with privileges of the victim and to gain access to sensitive data in the victim's context. Successful exploitation requires the malicious party to trick the victim into...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in After Effects. A malicious party could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adob...
Vulnerabilities fixed in Fortinet FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerability to cause a denial-of-service, or to reboot the system with a rogue image. To reboot, the malicious party needs prior administrator privileges. Fortinet has released updates to fix the...
Vulnerability fixed in Adobe Animate
Adobe has fixed a vulnerability in Animate. A local malicious party could exploit the vulnerability to gain access to sensitive data. The malicious party does not need any prior authorizations required. Adobe has released updates to fix the vulnerability in Animate 24.0 and 23.0.3. For more...
Vulnerabilities fixed in Cisco Identity Services Engine (ISE).
Cisco has fixed two vulnerabilities in Cisco Identity Services Engine ISE. A malicious party can exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Cross-Site Scripting XSS; Access to system data; To carry out the attacks, the malicious party needs...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed a vulnerability in Dimension. A local malicious party could exploit the vulnerability to gain access to sensitive data. The malicious party does not need any prior authorizations required. Adobe has released updates to fix the vulnerability in Dimension 3.4.10. For more informatio...
Vulnerabilities fixed in Adobe Coldfusion
Adobe has fixed vulnerabilities in Coldfusion. A unauthenticated remote malicious person could exploit them to bypass a security measure and execute arbitrary execute arbitrary code with permissions from the application that uses Coldfusion uses and thus potentially gain access to sensitive data...
Vulnerabilities fixed in Fortinet FortiClient
Fortinet has fixed vulnerabilities in FortiClient. A local malicious party can exploit the vulnerabilities to gain elevated permissions, bypass security measures and via DDL hijacking or by deleting arbitrary files to alter the operation of the system on which FortiClient is installed. manipulate...
Vulnerability fixed in Adobe InCopy
Adobe has fixed a vulnerability in InCopy. A malicious person could exploit the vulnerability to execute arbitrary code with privileges of the victim. For successful abuse, the malicious party must trick the victim into opening a rogue file. Adobe has released updates to fix the vulnerability in...
Vulnerabilities fixed in Adobe Premiere Pro
Adobe has fixed vulnerabilities in Premiere Pro. A malicious party could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe...
Vulnerability fixed in VMware Cloud Director Appliance
VMware has discovered a vulnerability in Cloud Director Appliance. A workaround for this has been published. The vulnerability occurs only when Cloud Director Appliance has received an upgrade to 10.5.0 from a lower version. Newly installed systems running on 10.5.0, or systems running on older...
Vulnerabilities fixed in Citrix Hypervisor
Citrix has released an update to fix vulnerabilities in Citrix hypervisor. The vulnerability with reference CVE-2023-23583 allows a local malicious party to use a virtual guest system to compromise the host system via PCI passthrough. This vulnerability is only present when the vulnerable product...
Vulnerabilities fixed in GIMP
Vulnerabilities have been fixed in GIMP. A malicious person could vulnerabilities to execute arbitrary code with victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. The developers of...
Vulnerabilities fixed in Fortinet FortiMail
Fortinet has fixed vulnerabilities in FortiMail. A malicious party can exploit the vulnerability with reference CVE-2023-45582 exploited to gain brute-force access to the mail environment. The vulnerability with reference CVE-2023-36633 allows an authenticated malicious person to gain access to...
Vulnerabilities fixed in Adobe Media Encoder
Adobe has fixed vulnerabilities in Media Encoder. A malicious party could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adob...
Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious person could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges and to access gain access to sensitive data in the victim's context. Successful exploitation requires the malicious...
Vulnerabilities fixed in Adobe Audition
Adobe has fixed vulnerabilities in Audition. A malicious person could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe ha...
Vulnerabilities fixed in HPE Aruba Access Points
Vulnerabilities have been fixed in HPE Aruba Access Points. The vulnerabilities allow a local malicious party to manipulate data, perform a denial-of-service and execute unauthenticated arbitrary code. The vulnerability with attribute CVE-2023-45616 has received a CVSS score assigned of 9.8. HPE...
Vulnerabilities fixed in Microsoft System Center
Microsoft has fixed vulnerabilities in System Center. A malicious party could exploit the vulnerabilities to gain elevated permissions or gain access to sensitive data. For successful abuse, the malicious party needs local access. Open Management Infrastructure:...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in Business One and Netweaver. A malicious party can exploit the vulnerabilities to circumvent a bypass a security measure, or gain access via brute-force gain access to sensitive data. SAP has released updates to fix the vulnerabilities in the vulnerable products. F...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to circumvent a security measure or execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in several Dynamics products. A malicious party could exploit the vulnerabilities to impersonate another user and thus potentially gain access gain access to sensitive data. Microsoft Dynamics 365 Sales:...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Exchange server. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code as SYSTEM, or impersonate another user and thus potentially gain access to sensitive data. For successful abuse, the malicious party must ha...
Vulnerabilities fixed in TYPO3 Core
Vulnerabilities have been fixed in TYPO3 Core. A malicious person could exploit the vulnerabilities to circumvent a security measure circumvention, gain access to system data, or launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the...
Vulnerabilities fixed in Microsoft Edge
Microsoft has fixed vulnerabilities in Edge. A malicious person could exploit the vulnerabilities to impersonate another user, grant himself elevated privileges or execute arbitrary code execute arbitrary code in the context of the browser. Successful exploitation requires the malicious party to...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, bypass, grant himself elevated privileges or impersonate impersonate another user. Successful exploitation requires the...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in components of Azure. A malicious party could exploit the vulnerabilities to circumvent a security measure, execute arbitrary code with the victim's privileges or gain access to sensitive data. Azure:...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products including. SIMATIC, SINEC, SIPROTEC and RUGGEDCOM. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention o...
Vulnerability fixed in Checkpoint Endpoint Security
Checkpoint has fixed a vulnerability in Endpoint Security. A local malicious party could exploit the vulnerability to grant themselves elevated privileges and execute code with potentially privileges of SYSTEM. Checkpoint has released updates to fix the vulnerability fix in Endpoint Security...
Vulnerabilities fixed in Ivanti Endpoint Manager Mobile
Ivanti has fixed vulnerabilities in Endpoint Manager Mobile formerly MobileIron. A malicious party could exploit the vulnerabilities to request certificates on behalf of another user request certificates, or register a mobile device in someone else's name. This allows the malicious party to gain...
Vulnerabilities fixed in Ivanti Secure Access Client
Ivanti has fixed vulnerabilities in Secure Access Client formerly Pulse Secure Desktop Client. A local malicious person could exploit the vulnerabilities to grant himself elevated privileges granted and thus execute code with potentially system privileges and/or gain access to sensitive data...
Vulnerabilities fixed in Foxit PDF Editor
Foxit has fixed vulnerabilities in PDF Editor for Mac formerly PhantomPDF. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code within the context of the application and gain access to sensitive data within...
Vulnerabilities fixed in PostgreSQL
Vulnerabilities have been fixed in PostgreSQL. A malicious person could exploit the vulnerabilities to gain access to system data, cause a denial-of-service, or to execute arbitrary code with application privileges. The vulnerabilities have also been fixed in PostgreSQL 11 11.22. This are, howeve...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A local, authenticated malicious party could exploit the vulnerabilities to grant themselves elevated privileges and potentially access gain access to data for which the malicious party is not initially authorized. Trend Micro has released update...