Vulnerabilities fixed in Oracle Java SE

Vulnerabilities have been fixed in Oracle Java SE products. A malicious party could exploit the vulnerabilities to gain access to sensitive data. The malicious party must trick the victim into executing untrusted Java code. Oracle has fixed the vulnerabilities in the following products: - Oracle...

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft Enterprise PeopleTools. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to circumvent a security measure circumvention, execute code with user privileges or access gain access to sensitive data in the context of the browser. To do this, the malicious party must trick the...

Vulnerability fixed in Oracle Solaris

Oracle has fixed a vulnerability in Solaris. A local malicious person could exploit the vulnerability to execute arbitrary code execute arbitrary code as root. Oracle has made updates available to fix the vulnerabilities. fix. For more information, see:...

Vulnerabilities fixed in Atlassian Confluence

Atlassian has fixed vulnerabilities in Confluence. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code with application privileges and possibly thereby gain access to sensitive data. The malicious party needs prior authentication required. Atlassia...

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite products. A malicious party could exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Oracle has...

Vulnerabilities fixed in Oracle JD Edwards

Vulnerabilities have been fixed in Oracle JD Edwards products. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code with permissions of the application. Oracle has fixed the vulnerabilities in the following products: - JD Edwards...

Vulnerability fixed in Veritas NetBackup

Symantec has fixed a vulnerability in Veritas NetBackup. The vulnerability is located the BPCD process and allows an unauthenticated malicious person to upload and execute with permissions from the backup process. No CVE ID has been disclosed for this vulnerability yet. Symantec has released...

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...

Vulnerabilities fixed in Oracle Hyperion

Vulnerabilities have been fixed in Oracle Hyperion products. A malicious party can exploit the vulnerabilities to cause a denial-of-service, or to execute code with permissions of the application. Oracle has fixed the vulnerabilities in the following products: - Oracle Hyperion Data Relationship...

Vulnerabilities fixed in Oracle MySQL

Vulnerabilities have been fixed in Oracle MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Oracle has fixed the...

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Oracle has fixe...

Vulnerabilities fixed in Oracle Essbase

Vulnerabilities have been fixed in Oracle Essbase products. A authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data. Oracle has fixed the vulnerabilities in the following products: - Oracle Essbase - Oracle Hyperion Essbase Administration Services...

Vulnerabilities fixed in Oracle Analytics

Vulnerabilities have been fixed in Oracle Analytics products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights Remo...

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code executio...

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote cod...

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager products. A malicious party can exploit the vulnerabilities to execute attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to...

Vulnerabilities fixed in Oracle Financial Services Applications

Vulnerabilities have been fixed in Oracle Financial Services Applications products. A malicious party could exploit them to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

Vulnerabilities fixed in Oracle Supply Chain

Vulnerabilities have been fixed in Oracle Supply Chain products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data. Remote code execution User rights Access to...

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive...

Vulnerabilities fixed in Oracle Construction and Engineering

Vulnerabilities have been fixed in Oracle Construction and Engineering products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system data...

Vulnerabilities fixed in Zyxel products

Zyxel has fixed vulnerabilities in the firmware of several USG, ATP and VPN products. An unauthenticated malicious person can exploit the vulnerabilities from the LAN side to exploit them to cause a denial-of-service, or to execute commands on the underlying operating system. As far as is known,...

Vulnerabilities fixed in Citrix ADC and Citrix Gateway

Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to execute a cross-site scripting attack, obtain elevated privileges or execute arbitrary code. Citrix reports that the vulnerability with attribute CVE-2023-3519 is being...

Vulnerability fixed in Adobe ColdFusion

Adobe has fixed a vulnerability in ColdFusion. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with permissions from the application using ColdFusion. Due to the nature of such applications, it cannot be be ruled out that this would allow the...

Vulnerability fixed in Zimbra collaboration suite

A vulnerability has been fixed in Zimbra Collaboration Suite. The vulnerability allows a malicious party to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or potentially access sensitive data in the...

Vulnerabilities fixed in Kofax Power PDF

Kofax has fixed vulnerabilities in Power PDF. A malicious person could exploit the vulnerabilities to execute arbitrary code with privileges of the victim, or to gain access to sensitive data. To do this, the malicious party must trick the victim into opening a malicious file to open, or follow a...

Vulnerabilities fixed in Rockwell Automation ControlLogix communication modules

Rockwell Automation has fixed vulnerabilities in the firmware of several ControlLogix 1756-EN communications modules. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or possibly take control of the modules. For successful exploitation, the malicious party must ha...

Vulnerabilities fixed in Schneider Electric EcoStruxture components

Schneider Electric has fixed vulnerabilities in StruxtureWare Datacenter Expert and EcoStruxture OPC UA Server Expert. an authenticated malicious person could exploit the vulnerabilities to gain access to sensitive data or execute arbitrary commands execute arbitrary commands for which it is not...

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed vulnerabilities in JunOS for several router, firewall and switch products. A malicious party could exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution...

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with permissions of the user. To exploit the vulnerabilities, the malicious party needs local access to the application, or needs to trick ...

Vulnerability fixed in Ghostscript

Artifex has fixed a vulnerability in Ghostscript. A malicious party could exploit the vulnerability to be able to execute arbitrary be able to execute arbitrary commands with permissions from the Ghostscript process. To do this, the malicious party must trick the victim into opening a rogue file...

Vulnerability fixed in Asterisk

Asterisk developers have fixed a vulnerability in Asterisk VOIP. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. Asterisk has released updates to fix the vulnerability in all supported versions of Asterisk. For more information, see:...

Vulnerabilities fixed in Citrix Secure Access Clients

Citrix has fixed vulnerabilities in the Secure Access Client for Windows and Ubuntu. The vulnerability with reference CVE-2023-24491 is located in the Windows client and allows a local malicious person to grant themselves elevated privileges and execute code with privileges of SYSTEM The...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to circumvent a security measure, or execute arbitrary code execute with permissions from the application using ColdFusion. Due to the nature of such applications, it cannot be be ruled out that the...

Vulnerabilities fixed in FortiNet FortiOS and FortiProxy

FortiNet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system, or under specific circumstances to take over a user's session. The vulnerability with attribute CVE-2023-33308...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person with access to the development environment can exploit the vulnerabilities to exploit attacks that could lead to the following categories of damage: Bypassing security measure. Remote code execution User rights...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several MS Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution User rights Spoofing Access to sensitive data...

Vulnerabilities fixed in Microsoft Paint3D

Microsoft has fixed vulnerabilities in Paint3D. The vulnerabilities allow a malicious person to execute arbitrary execute code with user privileges. The malicious must do so to trick the victim into opening a rogue image. open. Paint3D comes installed by default, but maintained through the...

Vulnerability fixed in Apple macOS, iOS, iPadOS and Safari

Apple has released interim updates for macOS, iOS, iPadOS and Safari to fix a vulnerability in WebKit. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with user privileges. The malicious party must to do so, trick the victim into opening a rogue fi...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated permissions or gain access to sensitive data. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics 365 on prem. A malicious party could exploit the vulnerabilities to launch a Cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access to sensitive data in the context of th...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including. Business Objects, ECC, HANA, Netweaver, Business Warehouse and Solution Manager. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in SiPass, Tecnomatix, SIMATIC, and RUGGEDCOM products. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Servi...

Vulnerability fixed in Zoho ManageEngine ADAudit Plus

Zoho has fixed a vulnerability in ManageEngine ADAudit Plus. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser and potentially allows the malicious party able to gain access to...

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious party can exploit the exploit the vulnerabilities to execute arbitrary code with privileges of the application, or to grant itself locally elevated privileges granted. IBM has released updates to fix the vulnerabilities in DB2. For more informatio...

Vulnerability discovered in Cisco ACI Multi-Site CloudSec Encryption

Cisco has discovered in internal testing that the encryption as used with ACI Multi-Site CloudSec is not sufficient to provide adequate protection in the event of a man-in-the-middle attack. A malicious party capable of tapping the encrypted traffic between two ACI sites, and has sufficient...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that result in...

Vulnerabilities fixed in Progress MOVEit Transfer

Progress has fixed vulnerabilities in MOVEit Transfer. A unauthenticated malicious person could exploit the vulnerabilities to gain access to data in the MOVEit Transfer database. The vulnerabilities found are possibly related to the previously discovered and actively exploited vulnerabilities fo...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User Rights Spoofing This requires...