4179 matches found
Vulnerability fixed in Progress WS_FTP
Progress has fixed a vulnerability in WSFTP. A authenticated malicious party could exploit the vulnerability to upload files to any location on the file system of the system on which WSFTP is installed. This could result in data overwriting, or affect the operation of the operating system and...
Vulnerabilities fixed in SolarWinds Platform and Network Configuration Manager
SolarWinds has fixed vulnerabilities in SolarWinds Platform and Network Configuration Manager. A malicious party could exploit the vulnerabilities to gain access to system data or execute arbitrary code, possibly with SYSTEM privileges. SolarWinds has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges The most serious vulnerability allows a malicious part...
Vulnerabilities fixed in Veeam ONE
Veeam has fixed vulnerabilities in Veeam ONE. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive...
Maladies fixed in Qnap QTS and QuTS Hero
QNAP has fixed vulnerabilities in QTS and QuTS Hero. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code on the system. QNAP has released updates to fix the vulnerabilities in QTS and QuTS Hero. For more information, see:...
Vulnerability fixed in Roundcube Webmail
Roundcube has fixed a vulnerability in Roundcube Webmail. A malicious party could exploit the vulnerability to perform of a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or access sensitive data within the...
Vulnerabilities fixed in Nagios XI
Nagios has fixed vulnerabilities in Nagios XI. A malicious party could exploit the vulnerabilities to circumvent a circumvention of a security measure, to perform an SQL injection execute or for a cross-site scripting attack. Such attacks can lead to execution of arbitrary code and access to syst...
Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA)
Cisco has fixed vulnerabilities in the Adaptive Security Appliance ASA. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass security measures to bypass security measures to route unauthorized traffic through the system, or use a rogue ASA implementation to...
Vulnerability fixed in Apache Zookeeper
The Apache Foundation has fixed a vulnerability in Zookeeper. A malicious party could exploit the vulnerability to gain access gain access to data within Zookeeper. The vulnerability is in the way peer authentication takes place. For successful misuse, the malicious party must be able to be able ...
Vulnerability fixed in Cisco Meeting Server
Cisco has fixed a vulnerability in Meeting Server. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service. Cisco has released updates to fix the vulnerability in Meeting Server. For more information, see:...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to bypass command measures, gain access to system data or cause a denial-of-service cause. Also included in this update are updates to several Third-party...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...
Vulnerability fixed in Atlassian Confluence
Atlassian has fixed a vulnerability in Confluence Data Center and Confluence Server. A malicious party could exploit it to cause a denial-of-service, or execute arbitrary execute arbitrary code on the system that Confluence is installed on. is installed on. Atlassian reports that no misuse has be...
Vulnerability fixed in Apache ActiveMQ
The Apache Foundation has fixed a vulnerability in ActiveMQ. A malicious party could exploit the vulnerability to execute arbitrary execute arbitrary code on the system where ActiveMQ is installed. Apache Foundation has released updates to fix the vulnerability fix in ActiveMQ 5.15.16, 5.16.7,...
Vulnerabilities fixed in SugarCRM
Vulnerabilities have been fixed in SugarCRM. A malicious party can exploit the vulnerabilities to conduct a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or access sensitive data in the context of the victim's...
Vulnerabilities fixed in VMware Tools
VMware has fixed vulnerabilities in VMware Tools. A malicious person with access to a guest system in which VMWare Tools are installed can exploit the vulnerabilities to give themselves elevated privileges and thus potentially execute code with elevated privileges. VMware has released updates to...
Vulnerability fixed in F5 BIG-IP
F5 has fixed a vulnerability in BIG-IP. A malicious person could exploit the vulnerability to execute arbitrary code on the system. For successful exploitation, the malicious party must have physical or LAN access have access to the physical management port of the vulnerable device, or have acces...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with user privileges. Google has released updates to fix the vulnerability in Chrome 118.0.5993.117 and 118.0.5993.118. For more information, see:...
Vulnerabilities fixed in Tenable Nessus Network Monitor
Tenable has fixed vulnerabilities in Nessus Network Monitor. A local, authenticated malicious person could exploit them to grant themselves elevated privileges and execute arbitrary code with potentially SYSTEM privileges. In addition to the vulnerabilities in Nessus itself, Tenable has in this...
Vulnerabilities fixed in Aruba Networks Clearpass Policy Manager
Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. An authenticated malicious party can exploit the vulnerabilities exploit them to carry out attacks that can result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root rights...
Vulnerability fixed in Roundcube Webmail
Roundcube has fixed a vulnerability in Roundcube Webmail. A malicious party could exploit the vulnerability to launch a Stored Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim and access sensitive data in the context of the victim's...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Spoofi...
Vulnerabilities fixed in VMware vCenter Server
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to be able to execute arbitrary code on the underlying system. VMware has released updates to fix the vulnerabilities in vCenter Server. For more informatio...
Vulnerabilities in Best Practical RT fixed
Vulnerabilities have been fixed in Best Practical Request Tracker RT. The vulnerabilities allow an unauthenticated malicious person able to impersonate an RT user and to download specific email attachments to download. Best Practical has released updates to fix the vulnerabilities fixes in RT. Fo...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data...
Vulnerability fixed in Dell Openmanage
A vulnerability has been fixed in Dell OpenManage Server Administrator, version 11.0.0.0 and earlier. A local malicious user could exploit this security vulnerability to execute arbitrary execute code and obtain elevated user privileges. Dell has released updates to fix the vulnerability in OMSA...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite products. A malicious party could exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Manipulation of data Bypassing authentication Oracle has fixed the vulnerabilities in the following...
Vulnerabilities fixed in Liferay Portal and DXP
Liferay has fixed vulnerabilities in Portal and DXP. A malicious party could exploit the vulnerabilities to perform of cross-site scripting XSS attacks. Such attacks can lead to execution of script code in the context of the victim's browser, or access sensitive data in the context of the browser...
Vulnerabilities fixed in Oracle Analytics
Vulnerabilities have been fixed in Oracle Analytics products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Accessing syst...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed vulnerabilities in the following products: Oracl...
Vulnerabilities fixed in Zimbra Collaboration Suite
Zimbra has fixed vulnerabilities in the Zimbra Collaboration Suite ZCS. A malicious party could exploit the vulnerabilities to execute attacks that could lead to the execution of an Cross-Site Scripting XSS Zimbra has released updates to fix the vulnerabilities in ZCS 10.0.5, 9.0.0 Patch 37 and...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed the vulnerabilities in the following...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data Acce...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed the vulnerabilities in the followin...
Vulnerabilities fixed in Oracle Hyperion
Vulnerabilities have been fixed in Oracle Hyperion products. A malicious party can exploit the vulnerabilities to gain full control to the Oracle Hyperion infrastructure. ------------------.------.------------------------------------- | CVE-ID | CVSS | Vector |...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle VM VirtualBox. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Oracle has fixed the vulnerabilities in the following...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE products. A malicious party could exploit the vulnerabilities to gain access to sensitive data and/or perform a denial-of-service DoS. The malicious party must trick the victim into executing untrusted java code to execute. Oracle has fixed the...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. A malicious party can exploit the vulnerabilities exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Access to sensitive dat...
Vulnerability fixed in Oracle Supply Chain
Oracle has fixed a vulnerability in Agile PLM. A malicious party could exploit the vulnerability to gain sensitive information or full access to all data accessible to Oracle Agile PLM accessible data. Oracle has fixed the vulnerability in the following product: - Oracle Agile PLM...
Vulnerabilities fixed in Oracle Enterprise Manager
Vulnerabilities have been fixed in Oracle Enterprise Manager products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Oracle has fixed the...
Vulnerability fixed in Oracle Essbase
A vulnerability has been fixed in Oracle Essbase products. A authenticated malicious party can exploit the vulnerability to cause cause a denial-of-service DoS attack. Oracle has fixed the vulnerability in the following products: - Oracle Essbase...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications products. A malicious party could exploit them to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Oracle has...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security measure Oracle has...
Vulnerability fixed in Oracle JD Edwards
A vulnerability has been fixed in Oracle JD Edwards products. A malicious party could exploit the vulnerability to gain access gain access to sensitive data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerabilities fixed in Apache HTTP Server
Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch an attack that could result in a denial-of-service DoS attack. Apache has released updates to fix the vulnerabilities in Apache HTTP Server 2.4.x. For more information, see:...
Vulnerabilities fixed in Sonicwall
SonicWall has fixed vulnerabilities in SonicOS. A remote malicious party can exploit multiple vulnerabilities in SonicOS web interface and SSLVPN portal to cause a denial-of-service, gain access to sensitive data and/or obtain elevated user privileges. SonicWall has released updates to address th...
Vulnerabilities fixed in OTRS
OTRS developers have fixed vulnerabilities in OTRS. An authenticated malicious person could exploit the vulnerabilities to launch a cross-site scripting attack. In addition, a malicious party can bypass security measures using an invalid certificate. OTRS has released updates to fix the...
Vulnerability fixed in Fortinet FortiSandbox
A vulnerability has been fixed in FortiSandbox. A malicious person could exploit the vulnerability to remove arbitrary files on the http requests to delete arbitrary files on the vulnerable system. Fortinet has released updates to fix the vulnerability. fix. For more information, see:...