4179 matches found
Vulnerability fixed in Cisco IOS XE
Cisco has fixed a vulnerability in IOS XE. This vulnerability allows an unauthenticated malicious person to remotely create an account - with access level 15 - on an affected device. Through that account, full control over the affected device. As mitigating measures, Cisco makes the following...
Vulnerabilities fixed Node.js
Several vulnerabilities have been fixed in Node.js. A malicious party could potentially exploit the vulnerabilities remotely to cause a denial-of-service DoS, bypass of authentication and/or gaining access to sensitive data. The vulnerability with attribute CVE-2023-44487 is a Denial-of-Service D...
Vulnerability fixed in FortiManager and FortiAnalyzer
FortiNet has fixed a vulnerability in FortiManager and FortiAnalyzer. The vulnerability involves a "relative path traversal" vulnerability in FortiManager and FortiAnalyzer and could allow a remote malicious party to execute unauthorized code. execute. FortiNet has released updates to fix the...
Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved
Vulnerabilities have been fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data Junipe...
Vulnerabilities fixed in FortiOS
FortiNet has fixed vulnerabilities in FortiOS. The vulnerabilities are located in the management environment and allow an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, execute arbitrary code on the...
Vulnerabilities fixed in Adobe Bridge and Photoshop
Adobe has fixed vulnerabilities in Photoshop and Bridge. A malicious party could exploit the vulnerabilities to execute attacks that could lead to the execution of arbitrary code with the victim's privileges. In order for the code to be executed in order for the code to be executed, the malicious...
Vulnerabilities fixed in NetScaler ADC and NetScaler Gateway
Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to obtain sensitive information or cause a denial-of-service attack. Citrix has released updates to fix the vulnerabilities. For more information, see:...
Vulnerability fixed in libcurl
There is a vulnerability in the SOCKS5 proxy handshake of libcurl. A malicious party could potentially exploit the vulnerability to cause a crash in the application using libcurl. To perform this attack successfully, several conditions must be met such as using a SOCKS5 proxy, the use of a long...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Business Objects, SAP HANA, SAP Netweaver and SAP PowerDesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSR...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to executing arbitrary code or to obtain elevated privileges. Microsoft Office: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed a vulnerability in Exchange Server. A malicious party could potentially exploit the vulnerability to execute arbitrary code under SYSTEM privileges. For successful exploitation, the malicious party must be authenticated and authorized on the local network. As far as is known,...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a cross-site scripting attack, to gain access to sensitive data or to perform a denial-of-service. Microsoft Common Data Model SDK:...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in components of Azure. A malicious party could exploit the vulnerabilities to afford elevated privileges or to execute code with privileges of a user. Azure Real Time Operating System: |----------------|------|-------------------------------------| | CVE ID |...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in QMS Automotive, Parasolid, WIBU, Teamcenter, JT2Go, Spectrum Power 7, SIMATIC, SIPLUS and RUGGEDCOM products. The vulnerabilities allow a malicious potentially able to carry out attacks that could result in the following categories of damage: Denial-of-Service...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed four vulnerabilities in OLEDB and the ODBC Driver. These components are used by clients to communicate with SQL Server. A malicious party could exploit the vulnerability to execute arbitrary code on the client that using them. The malicious party must trick the victim into...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The most serious vulnerability with reference CVE-2023-35349 is in Microsoft Message Queueing MSQS. This vulnerability allows an unauthenticated remote malicious person to execute arbitrary execute arbitrary code with service privileges. MSMQ is...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in BIG-IP. An authenticated malicious person with access to the management interface, or access to the shell of the system, could exploit the vulnerabilities to cause a Denial-of-Service, obtain sensitive information or, through a Cross-Site-Scripting attack, execute...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service attack. Of the vulnerabilities with reference CVE-2023-44487, Microsoft has information that they are being exploited to a limited extent. HTTP/2:...
Vulnerabilities fixed in Kofax Power PDF
Kofax has fixed vulnerabilities in Power PDF. A malicious person could exploit the vulnerabilities to execute arbitrary code with privileges of the victim, or to gain access to sensitive data. To do this, the malicious party must trick the victim into opening a malicious file to open, or follow a...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party can exploit the exploit the vulnerabilities to execute arbitrary code with application privileges, perform a denial-of-service DoS or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2. For more...
Vulnerability fixed in Cisco IOS XE
Cisco has fixed a vulnerability in IOS XE. A authenticated malicious person could remotely exploit it to gain root privileges on the vulnerable system. Cisco has released updates to fix the vulnerability in IOS XE. For more information, see: https://sec.cloudapps.cisco.com/security/center/content...
ZeroDay vulnerability fixed in Apple iOS and iPadOS
Apple has fixed a vulnerability in iOS and iPadOS. A malicious party could exploit the vulnerability to gain elevated permissions on the vulnerable system. Apple has received reports that this vulnerability may have been been actively exploited in versions of iOS prior to iOS 16.6 Apple has...
Vulnerability fixed in Atlassian Confluence
Atlassian has fixed a vulnerability in Confluence. A malicious party could exploit the vulnerability to break into publicly accessible Confluence Data Center and Server instances, create unauthorized Confluence administrator accounts and gain access to Confluence instances. Atlassian has released...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Increased user privileges The most serious...
Vulnerability fixed in IBM License Metric Tool
A vulnerability has been fixed in IBM License Metric Tool A malicious party can send a specially crafted URL request with "dot dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Exim
Exim has fixed vulnerabilities in Exim MTA. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to system/data data Exim has released updates to fix the vulnerabilities in Exim...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to manipulate projects and be able to cause damage cause damage in the following categories: Bypassing security measure. Remote code execution User rights Spoofing Accessing...
Vulnerabilities fixed in WS_FTP
Progress has fixed vulnerabilities in WSFTP. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...
Vulnerabilities fixed in Cisco IOS
Cisco has fixed vulnerabilities in the IOS firmware of several systems, such as Catalyst, Aironet, Integrated Routers, Analog Voice Gateways. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service...
Vulnerability fixed in pgAdmin
A vulnerability has been fixed in pgAdmin. The vulnerability allows an authenticated malicious person to execute arbitrary code execute arbitrary code on the PostgreSQL server. The developers of pgAdmin have released updates to fix the vulnerability in pgAdmin 7.7. For more information, see:...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in Apple MacOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. Although a total of 10 vulnerabilities have been fixed, Google has made some information of only 3 vulnerabilities made some information available. The listed vulnerabilities allow a malicious party to cause a denial-of-service, or to execute arbitrary...
Vulnerability fixed in Elastic ElasticSearch
Elastic has fixed a vulnerability in ElasticSearch. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service. Elastic has released updates to fix the vulnerability in ElasticSearch 7.17.13 and 8.9.0. For more information, see: https://discuss.elastic.co/t...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to circumvent a security measure circumvention or to grant himself elevated privileges and possibly execute code execute code with higher privileges than the user. Successful exploitation requires the...
ZeroDay vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to circumvent a security measure in order to bypass it, grant themselves elevated privileges granted and execute arbitrary code on the vulnerable system Apple has reports that the vulnerabilities...
Vulnerability fixed in Roundcube webmail
A vulnerability has been fixed in Roundcube webmail. A malicious party can exploit the vulnerability for a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. victim...
Vulnerability fixed in Rockwell Automation FactoryTalk
Rockwell has fixed a vulnerability in Factory Talk View Machine Edition. An unauthenticated malicious person could exploit the exploit the vulnerability to execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to the production network...
Vulnerability fixed in Atlassian Bitbucket
Atlassian has fixed a vulnerability in Bitbucket. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code, possibly with elevated privileges. For successful abuse, the malicious party must be authenticated. Atlassian has released updates to fix the...
Vulnerability fixed in CUPS
A vulnerability has been fixed in CUPS. A malicious party could exploit the vulnerability to execute arbitrary code with permissions from the print server. For successful exploitation, the malicious party must offer a specially prepared Postscript file to the print server, or trick a trick a user...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. A malicious party can exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...
Vulnerabilities fixed in Autodesk AutoCad
Autodesk has fixed vulnerabilities in several products of AutoCad. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute code with privileges of the user, or to gain access to sensitive data in the scope of the application. Successful exploitation requires the...
Vulnerability fixed in Atlassian Confluence
Atlassian has fixed a vulnerability in Confluence. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the application. Atlassian has released updates to fix the vulnerability in Confluence 8.6.0, 8.5.1 and 7.19.14. For more information, see:...
Vulnerabilities fixed in Progress MOVEit Transfer
Progress has fixed vulnerabilities in MOVEit Transfer. The vulnerabilities labeled CVE-2023-40043 and CVE-2023-42660 can be be exploited by an authenticated malicious person to gain access to sensitive data via an SQL injection to gain access to sensitive data. Misuse of the vulnerability with...
Vulnerabilities fixed in Hewlett Packard OneView
Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to bypass authentication bypass authentication to gain unauthenticated access to sensitive data within the application, or use the application. HPE has released updates to fix the...
Vulnerability fixed in Drupal
Drupal has fixed a vulnerability in Drupal core. The vulnerability is located in the JSON:API module and allows an unauthenticated malicious party to gain access to sensitive data. No CVE ID has been disclosed for this vulnerability yet. Drupal has released updates to fix the vulnerability in...
Vulnerabilities fixed in ISC BIND
ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. The vulnerability with reference CVE-2023-3341 is located in the way in which control channel messages are processed. If too large messages, the named process can...
Vulnerability fixed in Trend Micro Apex One
Trend Micro has fixed a vulnerability in Apex One. A local, authenticated malicious party can exploit the vulnerability exploit to execute arbitrary code with permissions from the system. For successful abuse, the malicious party must have prior sufficient privileges on the admin console of the...
Vulnerability fixed in Elastic Kibana
Elastic has fixed a vulnerability in Kibana. A authenticated malicious person could exploit the vulnerability to obtain obtain sensitive data from the log, such as user credentials and system credentials. Elastic has released updates to fix the vulnerability in Kibana 8.10.1. Version 8.10.0 has...
Vulnerability fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person could exploit the vulnerability to execute pipelines with the privileges of an arbitrary user to execute pipelines. When this arbitrary user has elevated privileges, execution of code wit...