4207 matches found
ZeroDay vulnerability fixed in Apple iOS and iPadOS
Apple has fixed a vulnerability in iOS and iPadOS. A malicious party could exploit the vulnerability to gain elevated permissions on the vulnerable system. Apple has received reports that this vulnerability may have been been actively exploited in versions of iOS prior to iOS 16.6 Apple has...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Increased user privileges The most serious...
Vulnerability fixed in IBM License Metric Tool
A vulnerability has been fixed in IBM License Metric Tool A malicious party can send a specially crafted URL request with "dot dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Exim
Exim has fixed vulnerabilities in Exim MTA. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to system/data data Exim has released updates to fix the vulnerabilities in Exim...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to manipulate projects and be able to cause damage cause damage in the following categories: Bypassing security measure. Remote code execution User rights Spoofing Accessing...
Vulnerabilities fixed in Cisco IOS
Cisco has fixed vulnerabilities in the IOS firmware of several systems, such as Catalyst, Aironet, Integrated Routers, Analog Voice Gateways. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service...
Vulnerabilities fixed in WS_FTP
Progress has fixed vulnerabilities in WSFTP. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...
Vulnerability fixed in pgAdmin
A vulnerability has been fixed in pgAdmin. The vulnerability allows an authenticated malicious person to execute arbitrary code execute arbitrary code on the PostgreSQL server. The developers of pgAdmin have released updates to fix the vulnerability in pgAdmin 7.7. For more information, see:...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. Although a total of 10 vulnerabilities have been fixed, Google has made some information of only 3 vulnerabilities made some information available. The listed vulnerabilities allow a malicious party to cause a denial-of-service, or to execute arbitrary...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in Apple MacOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerability fixed in Elastic ElasticSearch
Elastic has fixed a vulnerability in ElasticSearch. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service. Elastic has released updates to fix the vulnerability in ElasticSearch 7.17.13 and 8.9.0. For more information, see: https://discuss.elastic.co/t...
Vulnerability fixed in Rockwell Automation FactoryTalk
Rockwell has fixed a vulnerability in Factory Talk View Machine Edition. An unauthenticated malicious person could exploit the exploit the vulnerability to execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to the production network...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to circumvent a security measure circumvention or to grant himself elevated privileges and possibly execute code execute code with higher privileges than the user. Successful exploitation requires the...
ZeroDay vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to circumvent a security measure in order to bypass it, grant themselves elevated privileges granted and execute arbitrary code on the vulnerable system Apple has reports that the vulnerabilities...
Vulnerability fixed in Roundcube webmail
A vulnerability has been fixed in Roundcube webmail. A malicious party can exploit the vulnerability for a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. victim...
Vulnerability fixed in Drupal
Drupal has fixed a vulnerability in Drupal core. The vulnerability is located in the JSON:API module and allows an unauthenticated malicious party to gain access to sensitive data. No CVE ID has been disclosed for this vulnerability yet. Drupal has released updates to fix the vulnerability in...
Vulnerability fixed in Atlassian Confluence
Atlassian has fixed a vulnerability in Confluence. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the application. Atlassian has released updates to fix the vulnerability in Confluence 8.6.0, 8.5.1 and 7.19.14. For more information, see:...
Vulnerability fixed in Atlassian Bitbucket
Atlassian has fixed a vulnerability in Bitbucket. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code, possibly with elevated privileges. For successful abuse, the malicious party must be authenticated. Atlassian has released updates to fix the...
Vulnerability fixed in CUPS
A vulnerability has been fixed in CUPS. A malicious party could exploit the vulnerability to execute arbitrary code with permissions from the print server. For successful exploitation, the malicious party must offer a specially prepared Postscript file to the print server, or trick a trick a user...
Vulnerabilities fixed in ISC BIND
ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. The vulnerability with reference CVE-2023-3341 is located in the way in which control channel messages are processed. If too large messages, the named process can...
Vulnerabilities fixed in Progress MOVEit Transfer
Progress has fixed vulnerabilities in MOVEit Transfer. The vulnerabilities labeled CVE-2023-40043 and CVE-2023-42660 can be be exploited by an authenticated malicious person to gain access to sensitive data via an SQL injection to gain access to sensitive data. Misuse of the vulnerability with...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. A malicious party can exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...
Vulnerabilities fixed in Autodesk AutoCad
Autodesk has fixed vulnerabilities in several products of AutoCad. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute code with privileges of the user, or to gain access to sensitive data in the scope of the application. Successful exploitation requires the...
Vulnerabilities fixed in Hewlett Packard OneView
Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to bypass authentication bypass authentication to gain unauthenticated access to sensitive data within the application, or use the application. HPE has released updates to fix the...
Vulnerability fixed in Elastic Kibana
Elastic has fixed a vulnerability in Kibana. A authenticated malicious person could exploit the vulnerability to obtain obtain sensitive data from the log, such as user credentials and system credentials. Elastic has released updates to fix the vulnerability in Kibana 8.10.1. Version 8.10.0 has...
Vulnerability fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person could exploit the vulnerability to execute pipelines with the privileges of an arbitrary user to execute pipelines. When this arbitrary user has elevated privileges, execution of code wit...
Vulnerability fixed in Trend Micro Apex One
Trend Micro has fixed a vulnerability in Apex One. A local, authenticated malicious party can exploit the vulnerability exploit to execute arbitrary code with permissions from the system. For successful abuse, the malicious party must have prior sufficient privileges on the admin console of the...
Vulnerability fixed in Elastic ElasticSearch
Elastic has fixed a vulnerability in ElasticSearch. A malicious party could exploit the vulnerability to cause a denial-of-service attack. Elastic has released updates to fix the vulnerability in ElasticSearch 7.17.13 and 8.9.1. For more information, see: https://discuss.elastic.co/t...
Vulnerabilities fixed in QNAP QTS and QuTS Hero
QNAP has fixed vulnerabilities in QTS and QuTS Hero. A authenticated malicious party can exploit the vulnerabilities to cause a denial-of-service, or through command-injection execute arbitrary code on the system. QNAP has released updates to fix the vulnerabilities in QTS and QuTS Hero v...
Vulnerability fixed in Palo Alto PanOS
Palo Alto has fixed a vulnerability in PAN-OS. A malicious party could exploit the vulnerability to cause a denial-of-service attack. The vulnerability is in the way BGP UPDATEs are processed. When a specially prepared UPDATE is sent, it can cause the connection to be dropped. Repeatedly sending...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in IOS XR. A unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass existing ACLs bypassing them by sending specially prepared network traffic. Cisco has also fixed vulnerabilities that allow a local,...
Vulnerability fixed in FortiOS
Fortinet has fixed a vulnerability in FortiOS and FortiProxy. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim. Because the vulnerability is located in the guest-managemen...
Vulnerability fixed in Fortinet FortiWeb
Fortinet has fixed a vulnerability in FortiWeb. A malicious party can exploit the vulnerability to implement security measures against Cross-Site-Scripting XSS and Cross-Site-Request-Forgery XSRF and thus carry out these types of such attacks on web applications which should be protected against...
Vulnerabilities fixed in Zimbra
Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party can exploit the vulnerabilities to launch a Cross-Site Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's...
Vulnerability fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed a vulnerability in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. It is possible that by executing code, access can be gained to sensitive data in the victim's context. Successful exploitation requires...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to circumvent security measures bypass security measures, execute arbitrary code in the context of the browser, or to gain access to sensitive data in the context of the browser. Google reports having...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including. Business Objects, HANA, Netweaver and Powerdesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed vulnerabilities in Connect. A malicious person could exploit the vulnerabilities to launch a Cross-Site Scripting attack attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. Fo...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in components of Azure. A malicious party could exploit the vulnerabilities to gain elevated privileges, execute code with privileges of a user or gain access to sensitive data. Azure DevOps: |----------------|------|-------------------------------------| | CVE...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution User rights Spoofing Access to sensitive data...
Vulnerabilities fixed in FoxIT PDF Reader and PDF Editor
FoxIT has fixed vulnerabilities in PDF Reader and PDF Editor formerly PhantomPDF. A malicious person could exploit them to cause a denial-of-service, to execute arbitrary execute code with user privileges, or to access gain access to sensitive data in the context of the PDF software. Successful...
Vulnerabilities fixed in Hewlett Packard OneView
Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass authentication and gain access to sensitive data. HPE has released updates to fix the vulnerabilities in OneView 8.5 and 6.60.05. For more...
Zeroday vulnerability fixed in Google Chrome
Google has fixed a Zeroday vulnerability in Chrome. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code on the underlying operating system with permissions from the victim. If the victim's privileges are high enough are high enough, this allows the...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics and Dynamics Finance & Operations. A malicious person could exploit them to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange. A malicious party can exploit the vulnerabilities to impersonate as another user and use their privileges to execute arbitrary code be able to execute arbitrary code or gain access to sensitive data. For successful abuse, the malicious party must b...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Access to sensitive...
Vulnerabilities fixed in Nagios XI
Vulnerabilities have been fixed in Nagios XI. A malicious party can exploit the vulnerabilities to use SQL injection to manipulate data manipulate data or gain access to sensitive data within Nagios, or to perform a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrar...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant himself elevated privileges granted privileges or execute arbitrary code with privileges from the developer. Successful exploitation requires the...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in QMS Automotive, Parasolid, WIBU, TeamCenter, JT2GO, SIMATIC, SIPLUS and Ruggedcom products. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service Do...