Vulnerability fixed in Cisco Unified Communications

Cisco has fixed a vulnerability in Unified Communications Manager CM, Unified CM Session Management Edition SME and Unified Communications Manager IM & Presence Service IM&P. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. In addition to the vulnerabilities in OpenSSL, for which the NCSC has published previous security advisories published, a vulnerability has also been fixed in the urllib.parse component. Because proper input validation does not take place, it is possible...

Vulnerabilities fixed in OPNSense

Vulnerabilities have been fixed in OPNSense. A malicious party could exploit the vulnerabilities to grant himself elevated privileges granted, execute arbitrary code on the system or access gain access to system data. For successful abuse, the malicious party needs prior authentication required...

Vulnerability fixed in AMD processors

A vulnerability has been fixed in the microcode of AMD processors. The vulnerability has been named "Inception" and enables a local, authenticated malicious person to manipulate the operation of the Predictive Algorithms, which could circumvent measures in place to prevent unauthorized instructio...

Vulnerability fixed in Intel processors

A vulnerability has been fixed in the microcode of several Intel processors1. The vulnerability has been named "Downfall" and allows a local, authenticated malicious person to manipulate the operation of memory optimization. This allows the malicious party to gain access to memory locations...

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to gain access to system data, or to grant himself elevated privileges and execute arbitrary code with elevated privileges. To obtain elevated privileges and execute code, the the maliciou...

Vulnerabilities fixed in Adobe Dimension

Adobe has fixed vulnerabilities in Dimension. A malicious person could exploit the vulnerabilities to execute arbitrary code in the victim's scope, or to gain access to sensitive data in the victim's scope. For successful exploitation, the malicious party must trick the victim into opening a rogu...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including Business Objects, Netweaver and Powerdesigner. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing...

Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Acces...

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. A malicious party could exploit the vulnerabilities to impersonate as another user and execute arbitrary code with privileges of that user, or gain access to the sensitive data in the victim's context. The most serious vulnerability has been given...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to afford elevated privileges, or execute arbitrary code with user privileges. Successful exploitation requires the malicious party to trick the victim into following a rogue link or opening a rog...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerability fixed in Mirth Connect

A vulnerability has been fixed in Mirth Connect. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Because Mirth Connect without additional configuration by default installed with elevated privileges by default, it cannot be...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer tools. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to sensitive data...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in OLEDB, a component used by clients to communicate with SQL Server. A malicious party could exploit the vulnerability to execute arbitrary execute arbitrary code on the client using OLEDB. The malicious party must trick the victim into contacting a rogue SQL...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories of...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to impersonate another user and potentially gain access gain access to sensitive data. These updates also additionally...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially gaining access gain access to sensitive data in the victim's context, or execute code with the victim's privileges. Successful exploitation...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Parasolid, Solid Edge, TeamCenter, SoftwareCenter, SIMATIC, SICAM and Ruggedcom products. The vulnerabilities potentially enable a malicious party to execute attacks that could result in the following categories of damage: Denial-of-Service DoS. Manipulation o...

Vulnerability fixed in Ivanti Endpoint manager Mobile (EPMM, formerly MobileIron Core).

A vulnerability has been fixed in Ivanti Endpoint Manager formerly MobileIron Core. An unauthenticated malicious person could exploit the vulnerability to access arbitrary files thus gaining access to sensitive data and potentially execute arbitrary code on the vulnerable system. This vulnerabili...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...

Vulnerabilities fixed in VMware Horizon

VMware has fixed vulnerabilities in Horizon Server. A unauthenticated malicious party could exploit the vulnerabilities to gain access to system data, or through an HTTP-Request Smuggling potentially to gain access to sensitive data. The vulnerabilities are not present in the latest version of...

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed vulnerabilities in BIG-IP. An authenticated malicious person with access to the management interface, or access to the shell of the system, could exploit the vulnerabilities to cause a Denial-of-Service, obtain sensitive information or, through a Cross-Site-Scripting attack, execute...

Vulnerabilities fixed in Brocade FabricOS

Vulnerabilities have been fixed in Brocade FabricOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Data manipulation. Remote code execution...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

Vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. An authenticated malicious party can exploit the vulnerabilities to exploit attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing...

Vulnerability discovered in Cisco Secure Web Appliance

A vulnerability has been discovered in Cisco Secure Web Appliance. The vulnerability is in how the scanning process handles with deflate, lzma and brotli content types. The deflate content type is not enabled by default. Izma and brotli are. A malicious party can exploit the vulnerabilities to pa...

Vulnerability fixed in Splunk SOAR

Splunk has fixed a vulnerability in Splunk SOAR. The vulnerability allows an unauthenticated malicious person to inject inject ANSI escape code into a log file. To do so, the malicious party must send a specially prepared HTTP request to the Spunk SOAR instance. When this log file is read in a...

Vulnerability discovered in Supermicro BMC firmware

A vulnerability has been discovered in the Baseboard Management Controller BMC of Supermicro X12, X13, H12 and H13 systems. A malicious person with access to the data center, could exploit it to change arbitrary settings and thereby alter the operation of the Supermicro systems through the...

Vulnerabilities fixed in Zoho ManageEngine Password Manager pro

Zoho has fixed vulnerabilities in ManageEngine Password Manager pro. An authenticated malicious person could exploit them to bypass a security measure, manipulate data manipulate data for which the malicious party is not authorized, and gain access to sensitive data. No CVE ID has been disclosed...

Vulnerability fixed in Ivanti Endpoint Manager

Ivanti has fixed a vulnerability in Endpoint Manager. A malicious person with administrator privileges can exploit the vulnerability exploit to execute arbitrary OS commands with, among other among other things, permissions from the tomcat process. This vulnerability is different from the...

Vulnerability fixed in libarchive

A vulnerability has been fixed in libarchive, a widely used library used by backup tools and tools such as tar, cpio etc. A local malicious person could exploit the vulnerability to cause a buffer overflow and thus potentially execute arbitrary code execute arbitrary code. In reporting the...

Vulnerability fixed in QNAP firmware

QNAP has fixed a vulnerability in the firmware of several NAS and virtualization systems running QTS, QuTS Hero, QuTScloud and QVR. A malicious party could exploit the vulnerability to cause a denial-of-service. QNAP has released updates to fix the vulnerability in the firmware for QTS, QuTS Hero...

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in Zimbra. A malicious party could exploit vulnerabilities to gain access to system data, bypass a security measure, or launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or...

Vulnerabilities fixed in Jenkins (core) and plugins

Vulnerabilities have been fixed in Jenkins and some plugins, such as Bazaar, GitLab Authentication and Gradle. A malicious person could exploit the vulnerabilities to perform a Cross-Site-Scripting attack XSS, or a Cross-Site-Request-Forgery CSRF. Such an attack can lead to execution of arbitrary...

Vulnerabilities fixed in Foxit Reader and PDF

Foxit has fixed vulnerabilities in its Reader and PDF editor vh. PhantomPDF. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or in specific circumstances, execute arbitrary code with permissions from the user and thereby potentially gain access to sensitive data ...

Vulnerability fixed in Veritas NetBackup Snapshot Manager

Veritas has fixed a vulnerability in NetBackup Snapshot Manager. Due to a flaw in the way client certificates are processed, it is possible for a malicious party to access backups and restores for which the malicious party is not authorized. This allows the malicious party to gain access to...

Vulnerability fixed in Apache Jackrabbit

Apache Foundation has fixed a vulnerability in Jackrabbit. A malicious party could exploit the vulnerability to execute arbitrary execute code with permissions from the application using of Jackrabbit. Because Jackrabbit is executed with the privileges of the application, it cannot be ruled out...

Vulnerabilities fixed in Paessler PRTG

Paessler has fixed vulnerabilities in PRTG Network Monitoring. An authenticated malicious party could exploit the vulnerabilities to bypass a security measure, or perform a Cross-Site-Request-Forgery CSRF, and thereby potentially execute arbitrary execute arbitrary code and gain access to sensiti...

Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS

Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS. A malicious party can exploit the vulnerabilities to gain access to system data, or to execute arbitrary code execute arbitrary code with elevated privileges. Successful exploitation requires the malicious party to have access to...

Vulnerability fixed in Atlassian Bamboo

Atlassian has fixed a vulnerability in Bamboo Server and Bamboo Data Center. An authenticated malicious person can exploit the exploit the vulnerability to use command-injection to execute arbitrary execute arbitrary code with application privileges and thus potentially gain access to sensitive...

Vulnerabilities fixed in Sophos Unified Threat Management (UTM)

Sophos has fixed vulnerabilities in Unified Threat Management UTM. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with application privileges. Sophos has released updates to fix the vulnerabilities in UTM 9.716. For more...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

Vulnerability fixed in AMD Zen 2 platform

AMD has fixed a vulnerability in its Zen 2 platform. The involves a hardware vulnerability that allows a malicious person to able to read out part of the processor memory. The malicious party could theoretically use this to gain access to sensitive information, such as key material. Because this ...

Vulnerability fixed in Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron Core).

Ivanti has fixed a vulnerability in Endpoint Manager Mobile EPMM, formerly MobileIron Core. The vulnerability allows an unauthenticated remote malicious person to access gain access to sensitive data or potentially take control of the EPMM system. The vulnerability is being actively exploited on ...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerabilities fixed in IBM Cognos

IBM has fixed vulnerabilities in Cognos Analytics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access to sensitiv...

Vulnerability fixed in Avaya Aura

Avaya has fixed a vulnerability in the Aura Device Services web service. An unauthenticated malicious person can exploit the exploit the vulnerability to execute arbitrary code with the permissions of the web service. Avaya has released updates to fix the vulnerability in Aura Device Services...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party can exploit the vulnerabilities to bypass a security measure and execute arbitrary code with privileges of the application using ColdFusion. Due to the nature of such applications, it cannot be ruled out that this allows the malicio...

Vulnerabilities fixed in Oracle VirtualBox

Oracle has fixed vulnerabilities in VirtualBox. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code with application privileges. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...