4207 matches found
Vulnerabilities fixed in Citrix ADC and Citrix Gateway
Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to execute a cross-site scripting attack, obtain elevated privileges or execute arbitrary code. Citrix reports that the vulnerability with attribute CVE-2023-3519 is being...
Vulnerability fixed in Adobe ColdFusion
Adobe has fixed a vulnerability in ColdFusion. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with permissions from the application using ColdFusion. Due to the nature of such applications, it cannot be be ruled out that this would allow the...
Vulnerabilities fixed in Kofax Power PDF
Kofax has fixed vulnerabilities in Power PDF. A malicious person could exploit the vulnerabilities to execute arbitrary code with privileges of the victim, or to gain access to sensitive data. To do this, the malicious party must trick the victim into opening a malicious file to open, or follow a...
Vulnerability fixed in Zimbra collaboration suite
A vulnerability has been fixed in Zimbra Collaboration Suite. The vulnerability allows a malicious party to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or potentially access sensitive data in the...
Vulnerabilities fixed in Rockwell Automation ControlLogix communication modules
Rockwell Automation has fixed vulnerabilities in the firmware of several ControlLogix 1756-EN communications modules. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or possibly take control of the modules. For successful exploitation, the malicious party must ha...
Vulnerability fixed in Asterisk
Asterisk developers have fixed a vulnerability in Asterisk VOIP. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. Asterisk has released updates to fix the vulnerability in all supported versions of Asterisk. For more information, see:...
Vulnerability fixed in Ghostscript
Artifex has fixed a vulnerability in Ghostscript. A malicious party could exploit the vulnerability to be able to execute arbitrary be able to execute arbitrary commands with permissions from the Ghostscript process. To do this, the malicious party must trick the victim into opening a rogue file...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunOS for several router, firewall and switch products. A malicious party could exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to circumvent a security measure, or execute arbitrary code execute with permissions from the application using ColdFusion. Due to the nature of such applications, it cannot be be ruled out that the...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with permissions of the user. To exploit the vulnerabilities, the malicious party needs local access to the application, or needs to trick ...
Vulnerabilities fixed in FortiNet FortiOS and FortiProxy
FortiNet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system, or under specific circumstances to take over a user's session. The vulnerability with attribute CVE-2023-33308...
Vulnerabilities fixed in Citrix Secure Access Clients
Citrix has fixed vulnerabilities in the Secure Access Client for Windows and Ubuntu. The vulnerability with reference CVE-2023-24491 is located in the Windows client and allows a local malicious person to grant themselves elevated privileges and execute code with privileges of SYSTEM The...
Vulnerabilities fixed in Schneider Electric EcoStruxture components
Schneider Electric has fixed vulnerabilities in StruxtureWare Datacenter Expert and EcoStruxture OPC UA Server Expert. an authenticated malicious person could exploit the vulnerabilities to gain access to sensitive data or execute arbitrary commands execute arbitrary commands for which it is not...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in SiPass, Tecnomatix, SIMATIC, and RUGGEDCOM products. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Servi...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including. Business Objects, ECC, HANA, Netweaver, Business Warehouse and Solution Manager. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in Microsoft Paint3D
Microsoft has fixed vulnerabilities in Paint3D. The vulnerabilities allow a malicious person to execute arbitrary execute code with user privileges. The malicious must do so to trick the victim into opening a rogue image. open. Paint3D comes installed by default, but maintained through the...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics 365 on prem. A malicious party could exploit the vulnerabilities to launch a Cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access to sensitive data in the context of th...
Vulnerability fixed in Apple macOS, iOS, iPadOS and Safari
Apple has released interim updates for macOS, iOS, iPadOS and Safari to fix a vulnerability in WebKit. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with user privileges. The malicious party must to do so, trick the victim into opening a rogue fi...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated permissions or gain access to sensitive data. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person with access to the development environment can exploit the vulnerabilities to exploit attacks that could lead to the following categories of damage: Bypassing security measure. Remote code execution User rights...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several MS Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution User rights Spoofing Access to sensitive data...
Vulnerability fixed in Zoho ManageEngine ADAudit Plus
Zoho has fixed a vulnerability in ManageEngine ADAudit Plus. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser and potentially allows the malicious party able to gain access to...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party can exploit the exploit the vulnerabilities to execute arbitrary code with privileges of the application, or to grant itself locally elevated privileges granted. IBM has released updates to fix the vulnerabilities in DB2. For more informatio...
Vulnerability discovered in Cisco ACI Multi-Site CloudSec Encryption
Cisco has discovered in internal testing that the encryption as used with ACI Multi-Site CloudSec is not sufficient to provide adequate protection in the event of a man-in-the-middle attack. A malicious party capable of tapping the encrypted traffic between two ACI sites, and has sufficient...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User Rights Spoofing This requires...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that result in...
Vulnerabilities fixed in Progress MOVEit Transfer
Progress has fixed vulnerabilities in MOVEit Transfer. A unauthenticated malicious person could exploit the vulnerabilities to gain access to data in the MOVEit Transfer database. The vulnerabilities found are possibly related to the previously discovered and actively exploited vulnerabilities fo...
Vulnerabilities fixed in IBM Integration Bus
IBM has fixed vulnerabilities in Integration Bus. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. IBM has released updates to fix the vulnerabilities in Integration Bus 10.1.0.1 Interim fix. For...
Vulnerability fixed in Elasticsearch
Elastic has fixed a vulnerability in Elasticsearch. A malicious party could exploit the vulnerability to cause a denial-of-service attack. Elastic has released updates to fix the vulnerability in Elasticsearch 8.8.2 and 7.17.11. For more information, see: https://discuss.elastic.co/t...
Vulnerability fixed in Xwiki
The developers of Xwiki have fixed a vulnerability in the CKEditor of Xwiki. An authenticated malicious person with editing privileges in the CKeditor could exploit the vulnerability to modify arbitrary files in Xwiki, including those for which it is not authorized. This allows the malicious pers...
Vulnerabilities fixed in Citrix ADC and Gateway
Citrix has fixed vulnerabilities in ADC and Gateway. A malicious party could exploit the vulnerabilities to gain access to system data, or to perform a cross-site scripting attack. Such an attack could result in execution of code in the victim's browser. To access system data, the malicious party...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Accessing...
Vulnerability fixed in Sitecore products
Sitecore has fixed a vulnerability in Experience Manager, Experience Platform and Experience Commerce. A malicious party could exploit the vulnerability to execute arbitrary code with rights of the application, or to gain access to sensitive data in the application. Sitecore has released updates ...
Vulnerability fixed in Schneider Electric EcoStruxture Operator Terminal Expert
Schneider Electric has fixed a vulnerability in the EcoStruxture Operator Terminal Expert. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system and gain access to sensitive data. To do this, the malicious party must have local access to the vulnerab...
Vulnerabilities fixed in IBM MQ
IBM has fixed vulnerabilities in MQ, in both the appliance and the server software. A malicious party could exploit them to cause a denial-of-service DoS, gain access gain access to sensitive data in the queue or to execute arbitrary execute arbitrary code with user privileges. IBM has released...
Vulnerabilities fixed in NVIDIA GPU products
Nvidia has fixed vulnerabilities in the drivers and control software of several GPUs. A malicious party could exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root...
Vulnerabilities fixed in Synology Mail Station
Synology has fixed vulnerabilities in MailStation. A malicious party can exploit the vulnerabilities to use SQL injection to execute arbitrary code, or gain access to sensitive data. No CVE identifiers have been disclosed for the vulnerabilities yet. Synology gives the vulnerabilities the status...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the browser, or potentially access gain access to sensitive data in the context of the browser. The malicious party must trick th...
Vulnerability fixed in Grafana
Grafana Labs has fixed a vulnerability in Grafana. The vulnerability is in the way accounts are validated when using Azure Active Directory for authentication. A malicious party could exploit it to completely take over an account and thus gain access gain access to sensitive data in that account...
Vulnerabilities fixed in Fortinet FortiNAC
Fortinet has fixed vulnerabilities in FortiNAC. A unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code or manipulate files on the FortiNAC system. This requires malicious network traffic must be sent to TCP port 1050 or 5555. Fortinet has released updates t...
Vulnerabilities fixed in HP Laserjet and MultiFunctionals
Hewlett Packard has fixed vulnerabilities in the firmware of various HP Laserjet and MultiFunctional devices. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, or to execute arbitrary code on the vulnerable device. HP has released updates to fix the...
Vulnerability fixed in TOPdesk
TOPdesk has fixed a vulnerability in TOPdesk Self-service and TOPdesk Operator. A malicious party with a valid account can exploit the exploit the vulnerability to impersonate any other user and thus gain access to and manipulate their data. manipulate. The vulnerability lies in the way SAML Sing...
Vulnerabilities fixed in IBM Qradar
IBM has fixed vulnerabilities in QRadar. An authenticated malicious party can exploit the vulnerabilities to launch attacks execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Access to system...
Vulnerabilities fixed in Apple macOS, iOS, iPadOS and Safari
Apple has fixed vulnerabilities in macOS, iOS, iPadOS and Safari. An unauthenticated malicious person could exploit them to execute arbitrary code on the vulnerable system. The most serious vulnerability has been assigned attribute CVE-2023-32434 assigned and allows a malicious person to execute...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Increased user privileges Node.js has released updates...
Vulnerabilities fixed in VMware vCenter
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code be able to execute arbitrary code on the underlying system. The malicious party does not need to have prior authentication to do this...
Vulnerability fixed in Juniper JunOS
Juniper has fixed a vulnerability in JunOS. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service. The vulnerability is in the way BGP traffic is handled. In specific circumstances, a BGP update can result in the disconnection of the connection...
Vulnerabilities fixed in IBM Spectrum Protect
IBM fixed vulnerabilities in Spectrum Protect Plus Microsoft Filesystem Backup and Restore. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, or gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Spectru...
Vulnerabilities fixed in Mattermost
The developers of Mattermost have fixed vulnerabilities in Mattermost. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, bypass, manipulate the operation of the application and thus gain access gain access to channels and conversations to...