4179 matches found
Vulnerability fixed in Elastic ElasticSearch
Elastic has fixed a vulnerability in ElasticSearch. A malicious party could exploit the vulnerability to cause a denial-of-service attack. Elastic has released updates to fix the vulnerability in ElasticSearch 7.17.13 and 8.9.1. For more information, see: https://discuss.elastic.co/t...
Vulnerabilities fixed in QNAP QTS and QuTS Hero
QNAP has fixed vulnerabilities in QTS and QuTS Hero. A authenticated malicious party can exploit the vulnerabilities to cause a denial-of-service, or through command-injection execute arbitrary code on the system. QNAP has released updates to fix the vulnerabilities in QTS and QuTS Hero v...
Vulnerability fixed in Palo Alto PanOS
Palo Alto has fixed a vulnerability in PAN-OS. A malicious party could exploit the vulnerability to cause a denial-of-service attack. The vulnerability is in the way BGP UPDATEs are processed. When a specially prepared UPDATE is sent, it can cause the connection to be dropped. Repeatedly sending...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in IOS XR. A unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass existing ACLs bypassing them by sending specially prepared network traffic. Cisco has also fixed vulnerabilities that allow a local,...
Vulnerability fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed a vulnerability in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. It is possible that by executing code, access can be gained to sensitive data in the victim's context. Successful exploitation requires...
Vulnerability fixed in Fortinet FortiWeb
Fortinet has fixed a vulnerability in FortiWeb. A malicious party can exploit the vulnerability to implement security measures against Cross-Site-Scripting XSS and Cross-Site-Request-Forgery XSRF and thus carry out these types of such attacks on web applications which should be protected against...
Vulnerabilities fixed in Zimbra
Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party can exploit the vulnerabilities to launch a Cross-Site Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to circumvent security measures bypass security measures, execute arbitrary code in the context of the browser, or to gain access to sensitive data in the context of the browser. Google reports having...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed vulnerabilities in Connect. A malicious person could exploit the vulnerabilities to launch a Cross-Site Scripting attack attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. Fo...
Vulnerability fixed in FortiOS
Fortinet has fixed a vulnerability in FortiOS and FortiProxy. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim. Because the vulnerability is located in the guest-managemen...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including. Business Objects, HANA, Netweaver and Powerdesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data...
Vulnerabilities fixed in Nagios XI
Vulnerabilities have been fixed in Nagios XI. A malicious party can exploit the vulnerabilities to use SQL injection to manipulate data manipulate data or gain access to sensitive data within Nagios, or to perform a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrar...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant himself elevated privileges granted privileges or execute arbitrary code with privileges from the developer. Successful exploitation requires the...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in QMS Automotive, Parasolid, WIBU, TeamCenter, JT2GO, SIMATIC, SIPLUS and Ruggedcom products. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service Do...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange. A malicious party can exploit the vulnerabilities to impersonate as another user and use their privileges to execute arbitrary code be able to execute arbitrary code or gain access to sensitive data. For successful abuse, the malicious party must b...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics and Dynamics Finance & Operations. A malicious person could exploit them to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the...
Vulnerabilities fixed in FoxIT PDF Reader and PDF Editor
FoxIT has fixed vulnerabilities in PDF Reader and PDF Editor formerly PhantomPDF. A malicious person could exploit them to cause a denial-of-service, to execute arbitrary execute code with user privileges, or to access gain access to sensitive data in the context of the PDF software. Successful...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution User rights Spoofing Access to sensitive data...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in components of Azure. A malicious party could exploit the vulnerabilities to gain elevated privileges, execute code with privileges of a user or gain access to sensitive data. Azure DevOps: |----------------|------|-------------------------------------| | CVE...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Access to sensitive...
Vulnerabilities fixed in Hewlett Packard OneView
Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass authentication and gain access to sensitive data. HPE has released updates to fix the vulnerabilities in OneView 8.5 and 6.60.05. For more...
Zeroday vulnerability fixed in Google Chrome
Google has fixed a Zeroday vulnerability in Chrome. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code on the underlying operating system with permissions from the victim. If the victim's privileges are high enough are high enough, this allows the...
Vulnerabilities fixed in IBM Aspera Faspex
IBM has fixed vulnerabilities in Aspera Faspex. A malicious party could exploit the vulnerabilities to circumvent a security measure, perform a Man-In-The-Middle attack or perform a Cross-Site-Scripting XSS attack and gain access to sensitive data, or to execute code execute code in the context o...
Vulnerabilities fixed in Notepad++
Vulnerabilities have been fixed in Notepad++. A malicious person could exploit the vulnerabilities to gain access to memory locations to which the malicious party is not authorized, or potentially execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious...
ZeroDay vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed two ZeroDay vulnerabilities in iOS and iPadOS. A malicious person could exploit the vulnerabilities to execute arbitrary execute arbitrary code as a user of the system. Successful exploitation requires the malicious party to trick the victim into opening a rogue image, or opening ...
ZeroDay vulnerability fixed in Apple macOS
Apple has fixed a ZeroDay vulnerability in macOS. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code as a user. For successful exploitation, the malicious party must trick the victim into opening a rogue image. Apple reports having reports that the...
Vulnerabilities fixed in Zoom
Zoom has fixed vulnerabilities in the clients of Zoom and Zoom Rooms. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, gain access to system data or cause a denial-of-service. To cause a Denial-of-Service, the malicious party does not need prior...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to circumvent security measures bypass security measures, gain access to system data or execute code execute code in the context of the browser. Successful exploitation requires the malicious party to...
Vulnerability fixed in Cisco Identity Services Engine
Cisco has fixed a vulnerability in Identity Services Engine. An unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service. The vulnerability is located in the way RADIUS is processed. Sending specially prepared RADIUS packets can cause the system stop processin...
Vulnerabilities fixed in Cacti
The developers of Cacti have fixed vulnerabilities in several modules of Cacti. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User righ...
Vulnerability fixed in Cisco ASA and Firepower systems
Cisco has fixed a vulnerability in Adaptive Security Appliance and Firepower Threat Defense. The vulnerability is located in the way the Remote Access VPN handles login attempts, allowing a malicious party to use brute-force access to user accounts and potentially take over the system. take over...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Increased user privileges The most serious...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code in the context of the browser. For successful abuse, the malicious party must trick the victim into opening a rogue Web page. Google has released updates to...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Access to syst...
Vulnerabilities fixed in Mozilla firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...
Vulnerabilities fixed in Splunk Enterprise
Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant himself elevated privileges granted to itself and to execute arbitrary code with permissions from the application. Included in these updates are update...
Vulnerability fixed in Juniper JunOS and JunOS Evolved
Juniper has fixed a vulnerability in JunOS and JunOS Evolved. A malicious party could exploit the vulnerability to cause a denial-of-service attack. The vulnerability is in the way BGP UPDATEs are processed. When a specially prepared UPDATE is sent, it can cause the connection to be dropped...
Vulnerabilities fixed in VMware Aria Operations Networks
VMWare has fixed vulnerabilities in Aria Operations Networks, formerly known as vRealize Network Insight. A malicious party could exploit the vulnerabilities to bypass authentication, or to execute arbitrary code on the underlying system. The most serious vulnerability has been given attribute...
Vulnerability fixed in VMware Tools
VMware has fixed a vulnerability in VMware Tools for Windows and Linux. A malicious party could use a man-in-the-middle attack to bypass SAML tokens and thus manipulate the operation of VMware Guests manipulate. As a result, the malicious party could potentially gain access to sensitive data or...
Vulnerabilities fixed in 7-zip
Vulnerabilities have been fixed in 7-zip. The vulnerabilities are located in the way 7Z and SQFS files are processed and allow a malicious person to execute arbitrary code execute arbitrary code in the context of the user. Successful exploitation requires the malicious party to trick the victim...
Vulnerability fixed in Apache Tomcat
Apache Foundation has fixed a vulnerability in Tomcat. The vulnerability is in the way authentication via FORM is implemented and allows a malicious party to execute an open redirect. This can lead to Cross-Site Scripting Attacks. Such an attack can lead to execution of arbitrary code in the...
Vulnerability fixed in Cisco Firepower and UCS
Cisco has fixed a vulnerability in Firepower 4100 and 9300 systems and in UCS 6300 systems. The vulnerability is located in SNMP handling and allows a malicious party to cause a denial-of-service exploit. Cisco has released updates to fix the vulnerability in the vulnerable UCS and Firepower...
Vulnerability fixed in Zimbra
Zimbra has fixed a vulnerability in Zimbra Collaboration. An unauthenticated malicious person could exploit the vulnerability to gain access to a user account and thus potentially gain access to sensitive data in the context of that account. To the best of our knowledge, no user interaction is...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the browser, or gain access to sensitive data in the context of the browser. Successful exploitation requires the malicious party to trick the victim into...
Vulnerabilities fixed in Rarlab WinRAR
Rarlab has fixed vulnerabilities in WinRAR. A malicious person could exploit the vulnerabilities to execute arbitrary execute arbitrary code with user privileges. The vulnerability with reference CVE-2023-40477 is located in the way How WinRAR handles Recovery Volumes. A malicious party can creat...
Vulnerability fixed in Ivanti MobileIron Sentry
Ivanti has fixed a vulnerability in MobileIron Sentry. A unauthenticated malicious person with access to the management interface could exploit the vulnerability to use API calls to manipulate the Sentry system and execute commands with administrator privileges. For successful misuse, the malicio...
Vulnerabilities fixed in Sonicwall
SonicWall has fixed vulnerabilities in Global Management System GMS and Analytics. A malicious party could exploit them to launch attacks that could result in the following categories of damage: Manipulation of data. Bypassing authentication Circumvention of security measure Remote code execution...
Vulnerabilities fixed in IBM Cognos Analytics
IBM has fixed vulnerabilities in Cognos Analytics. A malicious party could exploit the vulnerabilities to perform a Server-Site-Request-Forgery attack in order to collect system information without prior authorizations to collect system information. Also, a malicious party could potentially execu...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Access to...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in the PHP layer of J-web, running on EX and SRX series systems. An unauthenticated malicious person with access to J-web could exploit the vulnerabilities to bypass security measures, manipulate settings and upload arbitrary files to the vulnerable system. In...