4207 matches found
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User...
Vulnerabilities fixed in Aruba Networks Clearpass Policy Manager
Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. An authenticated malicious party can exploit the vulnerabilities exploit them to carry out attacks that can result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in VMware vCenter Server
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to be able to execute arbitrary code on the underlying system. VMware has released updates to fix the vulnerabilities in vCenter Server. For more informatio...
Vulnerabilities in Best Practical RT fixed
Vulnerabilities have been fixed in Best Practical Request Tracker RT. The vulnerabilities allow an unauthenticated malicious person able to impersonate an RT user and to download specific email attachments to download. Best Practical has released updates to fix the vulnerabilities fixes in RT. Fo...
Vulnerabilities fixed in Liferay Portal and DXP
Liferay has fixed vulnerabilities in Portal and DXP. A malicious party could exploit the vulnerabilities to perform of cross-site scripting XSS attacks. Such attacks can lead to execution of script code in the context of the victim's browser, or access sensitive data in the context of the browser...
Vulnerabilities fixed in Zimbra Collaboration Suite
Zimbra has fixed vulnerabilities in the Zimbra Collaboration Suite ZCS. A malicious party could exploit the vulnerabilities to execute attacks that could lead to the execution of an Cross-Site Scripting XSS Zimbra has released updates to fix the vulnerabilities in ZCS 10.0.5, 9.0.0 Patch 37 and...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite products. A malicious party could exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Manipulation of data Bypassing authentication Oracle has fixed the vulnerabilities in the following...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle VM VirtualBox. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Oracle has fixed the vulnerabilities in the following...
Vulnerability fixed in Dell Openmanage
A vulnerability has been fixed in Dell OpenManage Server Administrator, version 11.0.0.0 and earlier. A local malicious user could exploit this security vulnerability to execute arbitrary execute code and obtain elevated user privileges. Dell has released updates to fix the vulnerability in OMSA...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. A malicious party can exploit the vulnerabilities exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Access to sensitive dat...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed the vulnerabilities in the followin...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE products. A malicious party could exploit the vulnerabilities to gain access to sensitive data and/or perform a denial-of-service DoS. The malicious party must trick the victim into executing untrusted java code to execute. Oracle has fixed the...
Vulnerability fixed in Oracle Supply Chain
Oracle has fixed a vulnerability in Agile PLM. A malicious party could exploit the vulnerability to gain sensitive information or full access to all data accessible to Oracle Agile PLM accessible data. Oracle has fixed the vulnerability in the following product: - Oracle Agile PLM...
Vulnerability fixed in Oracle Essbase
A vulnerability has been fixed in Oracle Essbase products. A authenticated malicious party can exploit the vulnerability to cause cause a denial-of-service DoS attack. Oracle has fixed the vulnerability in the following products: - Oracle Essbase...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed vulnerabilities in the following products: Oracl...
Vulnerabilities fixed in Apache HTTP Server
Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch an attack that could result in a denial-of-service DoS attack. Apache has released updates to fix the vulnerabilities in Apache HTTP Server 2.4.x. For more information, see:...
Vulnerabilities fixed in Oracle Analytics
Vulnerabilities have been fixed in Oracle Analytics products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Accessing syst...
Vulnerabilities fixed in Oracle Hyperion
Vulnerabilities have been fixed in Oracle Hyperion products. A malicious party can exploit the vulnerabilities to gain full control to the Oracle Hyperion infrastructure. ------------------.------.------------------------------------- | CVE-ID | CVSS | Vector |...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security measure Oracle has...
Vulnerability fixed in Oracle JD Edwards
A vulnerability has been fixed in Oracle JD Edwards products. A malicious party could exploit the vulnerability to gain access gain access to sensitive data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerabilities fixed in Oracle Enterprise Manager
Vulnerabilities have been fixed in Oracle Enterprise Manager products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Oracle has fixed the...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed the vulnerabilities in the following...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications products. A malicious party could exploit them to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Oracle has...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data Acce...
Vulnerabilities fixed in Sonicwall
SonicWall has fixed vulnerabilities in SonicOS. A remote malicious party can exploit multiple vulnerabilities in SonicOS web interface and SSLVPN portal to cause a denial-of-service, gain access to sensitive data and/or obtain elevated user privileges. SonicWall has released updates to address th...
Vulnerability fixed in Cisco IOS XE
Cisco has fixed a vulnerability in IOS XE. This vulnerability allows an unauthenticated malicious person to remotely create an account - with access level 15 - on an affected device. Through that account, full control over the affected device. As mitigating measures, Cisco makes the following...
Vulnerability fixed in Fortinet FortiSandbox
A vulnerability has been fixed in FortiSandbox. A malicious person could exploit the vulnerability to remove arbitrary files on the http requests to delete arbitrary files on the vulnerable system. Fortinet has released updates to fix the vulnerability. fix. For more information, see:...
Vulnerabilities fixed in OTRS
OTRS developers have fixed vulnerabilities in OTRS. An authenticated malicious person could exploit the vulnerabilities to launch a cross-site scripting attack. In addition, a malicious party can bypass security measures using an invalid certificate. OTRS has released updates to fix the...
Vulnerabilities fixed Node.js
Several vulnerabilities have been fixed in Node.js. A malicious party could potentially exploit the vulnerabilities remotely to cause a denial-of-service DoS, bypass of authentication and/or gaining access to sensitive data. The vulnerability with attribute CVE-2023-44487 is a Denial-of-Service D...
Vulnerability fixed in FortiManager and FortiAnalyzer
FortiNet has fixed a vulnerability in FortiManager and FortiAnalyzer. The vulnerability involves a "relative path traversal" vulnerability in FortiManager and FortiAnalyzer and could allow a remote malicious party to execute unauthorized code. execute. FortiNet has released updates to fix the...
Vulnerabilities fixed in Adobe Bridge and Photoshop
Adobe has fixed vulnerabilities in Photoshop and Bridge. A malicious party could exploit the vulnerabilities to execute attacks that could lead to the execution of arbitrary code with the victim's privileges. In order for the code to be executed in order for the code to be executed, the malicious...
Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved
Vulnerabilities have been fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data Junipe...
Vulnerabilities fixed in FortiOS
FortiNet has fixed vulnerabilities in FortiOS. The vulnerabilities are located in the management environment and allow an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, execute arbitrary code on the...
Vulnerabilities fixed in NetScaler ADC and NetScaler Gateway
Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to obtain sensitive information or cause a denial-of-service attack. Citrix has released updates to fix the vulnerabilities. For more information, see:...
Vulnerability fixed in libcurl
There is a vulnerability in the SOCKS5 proxy handshake of libcurl. A malicious party could potentially exploit the vulnerability to cause a crash in the application using libcurl. To perform this attack successfully, several conditions must be met such as using a SOCKS5 proxy, the use of a long...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to executing arbitrary code or to obtain elevated privileges. Microsoft Office: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed a vulnerability in Exchange Server. A malicious party could potentially exploit the vulnerability to execute arbitrary code under SYSTEM privileges. For successful exploitation, the malicious party must be authenticated and authorized on the local network. As far as is known,...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a cross-site scripting attack, to gain access to sensitive data or to perform a denial-of-service. Microsoft Common Data Model SDK:...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Business Objects, SAP HANA, SAP Netweaver and SAP PowerDesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSR...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service attack. Of the vulnerabilities with reference CVE-2023-44487, Microsoft has information that they are being exploited to a limited extent. HTTP/2:...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in QMS Automotive, Parasolid, WIBU, Teamcenter, JT2Go, Spectrum Power 7, SIMATIC, SIPLUS and RUGGEDCOM products. The vulnerabilities allow a malicious potentially able to carry out attacks that could result in the following categories of damage: Denial-of-Service...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed four vulnerabilities in OLEDB and the ODBC Driver. These components are used by clients to communicate with SQL Server. A malicious party could exploit the vulnerability to execute arbitrary code on the client that using them. The malicious party must trick the victim into...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in components of Azure. A malicious party could exploit the vulnerabilities to afford elevated privileges or to execute code with privileges of a user. Azure Real Time Operating System: |----------------|------|-------------------------------------| | CVE ID |...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The most serious vulnerability with reference CVE-2023-35349 is in Microsoft Message Queueing MSQS. This vulnerability allows an unauthenticated remote malicious person to execute arbitrary execute arbitrary code with service privileges. MSMQ is...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in BIG-IP. An authenticated malicious person with access to the management interface, or access to the shell of the system, could exploit the vulnerabilities to cause a Denial-of-Service, obtain sensitive information or, through a Cross-Site-Scripting attack, execute...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party can exploit the exploit the vulnerabilities to execute arbitrary code with application privileges, perform a denial-of-service DoS or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2. For more...
Vulnerabilities fixed in Kofax Power PDF
Kofax has fixed vulnerabilities in Power PDF. A malicious person could exploit the vulnerabilities to execute arbitrary code with privileges of the victim, or to gain access to sensitive data. To do this, the malicious party must trick the victim into opening a malicious file to open, or follow a...
Vulnerability fixed in Cisco IOS XE
Cisco has fixed a vulnerability in IOS XE. A authenticated malicious person could remotely exploit it to gain root privileges on the vulnerable system. Cisco has released updates to fix the vulnerability in IOS XE. For more information, see: https://sec.cloudapps.cisco.com/security/center/content...
Vulnerability fixed in Atlassian Confluence
Atlassian has fixed a vulnerability in Confluence. A malicious party could exploit the vulnerability to break into publicly accessible Confluence Data Center and Server instances, create unauthorized Confluence administrator accounts and gain access to Confluence instances. Atlassian has released...