4207 matches found
Vulnerability discovered in Cisco Secure Web Appliance
A vulnerability has been discovered in Cisco Secure Web Appliance. The vulnerability is in how the scanning process handles with deflate, lzma and brotli content types. The deflate content type is not enabled by default. Izma and brotli are. A malicious party can exploit the vulnerabilities to pa...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
Vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. An authenticated malicious party can exploit the vulnerabilities to exploit attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in BIG-IP. An authenticated malicious person with access to the management interface, or access to the shell of the system, could exploit the vulnerabilities to cause a Denial-of-Service, obtain sensitive information or, through a Cross-Site-Scripting attack, execute...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code...
Vulnerabilities fixed in Brocade FabricOS
Vulnerabilities have been fixed in Brocade FabricOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Data manipulation. Remote code execution...
Vulnerability fixed in Splunk SOAR
Splunk has fixed a vulnerability in Splunk SOAR. The vulnerability allows an unauthenticated malicious person to inject inject ANSI escape code into a log file. To do so, the malicious party must send a specially prepared HTTP request to the Spunk SOAR instance. When this log file is read in a...
Vulnerability discovered in Supermicro BMC firmware
A vulnerability has been discovered in the Baseboard Management Controller BMC of Supermicro X12, X13, H12 and H13 systems. A malicious person with access to the data center, could exploit it to change arbitrary settings and thereby alter the operation of the Supermicro systems through the...
Vulnerability fixed in Ivanti Endpoint Manager
Ivanti has fixed a vulnerability in Endpoint Manager. A malicious person with administrator privileges can exploit the vulnerability exploit to execute arbitrary OS commands with, among other among other things, permissions from the tomcat process. This vulnerability is different from the...
Vulnerabilities fixed in Zoho ManageEngine Password Manager pro
Zoho has fixed vulnerabilities in ManageEngine Password Manager pro. An authenticated malicious person could exploit them to bypass a security measure, manipulate data manipulate data for which the malicious party is not authorized, and gain access to sensitive data. No CVE ID has been disclosed...
Vulnerability fixed in libarchive
A vulnerability has been fixed in libarchive, a widely used library used by backup tools and tools such as tar, cpio etc. A local malicious person could exploit the vulnerability to cause a buffer overflow and thus potentially execute arbitrary code execute arbitrary code. In reporting the...
Vulnerability fixed in QNAP firmware
QNAP has fixed a vulnerability in the firmware of several NAS and virtualization systems running QTS, QuTS Hero, QuTScloud and QVR. A malicious party could exploit the vulnerability to cause a denial-of-service. QNAP has released updates to fix the vulnerability in the firmware for QTS, QuTS Hero...
Vulnerabilities fixed in Zimbra
Vulnerabilities have been fixed in Zimbra. A malicious party could exploit vulnerabilities to gain access to system data, bypass a security measure, or launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or...
Vulnerabilities fixed in Foxit Reader and PDF
Foxit has fixed vulnerabilities in its Reader and PDF editor vh. PhantomPDF. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or in specific circumstances, execute arbitrary code with permissions from the user and thereby potentially gain access to sensitive data ...
Vulnerability fixed in Apache Jackrabbit
Apache Foundation has fixed a vulnerability in Jackrabbit. A malicious party could exploit the vulnerability to execute arbitrary execute code with permissions from the application using of Jackrabbit. Because Jackrabbit is executed with the privileges of the application, it cannot be ruled out...
Vulnerability fixed in Atlassian Bamboo
Atlassian has fixed a vulnerability in Bamboo Server and Bamboo Data Center. An authenticated malicious person can exploit the exploit the vulnerability to use command-injection to execute arbitrary execute arbitrary code with application privileges and thus potentially gain access to sensitive...
Vulnerabilities fixed in Paessler PRTG
Paessler has fixed vulnerabilities in PRTG Network Monitoring. An authenticated malicious party could exploit the vulnerabilities to bypass a security measure, or perform a Cross-Site-Request-Forgery CSRF, and thereby potentially execute arbitrary execute arbitrary code and gain access to sensiti...
Vulnerability fixed in Veritas NetBackup Snapshot Manager
Veritas has fixed a vulnerability in NetBackup Snapshot Manager. Due to a flaw in the way client certificates are processed, it is possible for a malicious party to access backups and restores for which the malicious party is not authorized. This allows the malicious party to gain access to...
Vulnerabilities fixed in Sophos Unified Threat Management (UTM)
Sophos has fixed vulnerabilities in Unified Threat Management UTM. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with application privileges. Sophos has released updates to fix the vulnerabilities in UTM 9.716. For more...
Vulnerabilities fixed in Jenkins (core) and plugins
Vulnerabilities have been fixed in Jenkins and some plugins, such as Bazaar, GitLab Authentication and Gradle. A malicious person could exploit the vulnerabilities to perform a Cross-Site-Scripting attack XSS, or a Cross-Site-Request-Forgery CSRF. Such an attack can lead to execution of arbitrary...
Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS
Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS. A malicious party can exploit the vulnerabilities to gain access to system data, or to execute arbitrary code execute arbitrary code with elevated privileges. Successful exploitation requires the malicious party to have access to...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerability fixed in Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron Core).
Ivanti has fixed a vulnerability in Endpoint Manager Mobile EPMM, formerly MobileIron Core. The vulnerability allows an unauthenticated remote malicious person to access gain access to sensitive data or potentially take control of the EPMM system. The vulnerability is being actively exploited on ...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...
Vulnerability fixed in AMD Zen 2 platform
AMD has fixed a vulnerability in its Zen 2 platform. The involves a hardware vulnerability that allows a malicious person to able to read out part of the processor memory. The malicious party could theoretically use this to gain access to sensitive information, such as key material. Because this ...
Vulnerabilities fixed in IBM Cognos
IBM has fixed vulnerabilities in Cognos Analytics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access to sensitiv...
Vulnerability fixed in Avaya Aura
Avaya has fixed a vulnerability in the Aura Device Services web service. An unauthenticated malicious person can exploit the exploit the vulnerability to execute arbitrary code with the permissions of the web service. Avaya has released updates to fix the vulnerability in Aura Device Services...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion. A malicious party can exploit the vulnerabilities to bypass a security measure and execute arbitrary code with privileges of the application using ColdFusion. Due to the nature of such applications, it cannot be ruled out that this allows the malicio...
Vulnerability fixed in Veritas NetBackup
Symantec has fixed a vulnerability in Veritas NetBackup. The vulnerability is located the BPCD process and allows an unauthenticated malicious person to upload and execute with permissions from the backup process. No CVE ID has been disclosed for this vulnerability yet. Symantec has released...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite products. A malicious party could exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Oracle has...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Oracle has fixe...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Oracle has fixed the...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE products. A malicious party could exploit the vulnerabilities to gain access to sensitive data. The malicious party must trick the victim into executing untrusted Java code. Oracle has fixed the vulnerabilities in the following products: - Oracle...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft Enterprise PeopleTools. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive...
Vulnerabilities fixed in Oracle Communications
Vulnerabilities have been fixed in Oracle Communications products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code executio...
Vulnerabilities fixed in Atlassian Confluence
Atlassian has fixed vulnerabilities in Confluence. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code with application privileges and possibly thereby gain access to sensitive data. The malicious party needs prior authentication required. Atlassia...
Vulnerabilities fixed in Oracle Essbase
Vulnerabilities have been fixed in Oracle Essbase products. A authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data. Oracle has fixed the vulnerabilities in the following products: - Oracle Essbase - Oracle Hyperion Essbase Administration Services...
Vulnerability fixed in Oracle Solaris
Oracle has fixed a vulnerability in Solaris. A local malicious person could exploit the vulnerability to execute arbitrary code execute arbitrary code as root. Oracle has made updates available to fix the vulnerabilities. fix. For more information, see:...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards products. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code with permissions of the application. Oracle has fixed the vulnerabilities in the following products: - JD Edwards...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to circumvent a security measure circumvention, execute code with user privileges or access gain access to sensitive data in the context of the browser. To do this, the malicious party must trick the...
Vulnerabilities fixed in Oracle Enterprise Manager
Vulnerabilities have been fixed in Oracle Enterprise Manager products. A malicious party can exploit the vulnerabilities to execute attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to...
Vulnerabilities fixed in Oracle VirtualBox
Oracle has fixed vulnerabilities in VirtualBox. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code with application privileges. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerabilities fixed in Oracle Analytics
Vulnerabilities have been fixed in Oracle Analytics products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights Remo...
Vulnerabilities fixed in Oracle Construction and Engineering
Vulnerabilities have been fixed in Oracle Construction and Engineering products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system data...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive...
Vulnerabilities fixed in Oracle Supply Chain
Vulnerabilities have been fixed in Oracle Supply Chain products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data. Remote code execution User rights Access to...
Vulnerabilities fixed in Oracle Hyperion
Vulnerabilities have been fixed in Oracle Hyperion products. A malicious party can exploit the vulnerabilities to cause a denial-of-service, or to execute code with permissions of the application. Oracle has fixed the vulnerabilities in the following products: - Oracle Hyperion Data Relationship...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications products. A malicious party could exploit them to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote cod...
Vulnerabilities fixed in Zyxel products
Zyxel has fixed vulnerabilities in the firmware of several USG, ATP and VPN products. An unauthenticated malicious person can exploit the vulnerabilities from the LAN side to exploit them to cause a denial-of-service, or to execute commands on the underlying operating system. As far as is known,...