Vulnerabilities fixed in IBM Integration Bus

IBM has fixed vulnerabilities in Integration Bus. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. IBM has released updates to fix the vulnerabilities in Integration Bus 10.1.0.1 Interim fix. For...

Vulnerability fixed in Xwiki

The developers of Xwiki have fixed a vulnerability in the CKEditor of Xwiki. An authenticated malicious person with editing privileges in the CKeditor could exploit the vulnerability to modify arbitrary files in Xwiki, including those for which it is not authorized. This allows the malicious pers...

Vulnerability fixed in Elasticsearch

Elastic has fixed a vulnerability in Elasticsearch. A malicious party could exploit the vulnerability to cause a denial-of-service attack. Elastic has released updates to fix the vulnerability in Elasticsearch 8.8.2 and 7.17.11. For more information, see: https://discuss.elastic.co/t...

Vulnerabilities fixed in Citrix ADC and Gateway

Citrix has fixed vulnerabilities in ADC and Gateway. A malicious party could exploit the vulnerabilities to gain access to system data, or to perform a cross-site scripting attack. Such an attack could result in execution of code in the victim's browser. To access system data, the malicious party...

Vulnerability fixed in Schneider Electric EcoStruxture Operator Terminal Expert

Schneider Electric has fixed a vulnerability in the EcoStruxture Operator Terminal Expert. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system and gain access to sensitive data. To do this, the malicious party must have local access to the vulnerab...

Vulnerability fixed in Sitecore products

Sitecore has fixed a vulnerability in Experience Manager, Experience Platform and Experience Commerce. A malicious party could exploit the vulnerability to execute arbitrary code with rights of the application, or to gain access to sensitive data in the application. Sitecore has released updates ...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Accessing...

Vulnerabilities fixed in IBM MQ

IBM has fixed vulnerabilities in MQ, in both the appliance and the server software. A malicious party could exploit them to cause a denial-of-service DoS, gain access gain access to sensitive data in the queue or to execute arbitrary execute arbitrary code with user privileges. IBM has released...

Vulnerabilities fixed in NVIDIA GPU products

Nvidia has fixed vulnerabilities in the drivers and control software of several GPUs. A malicious party could exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root...

Vulnerabilities fixed in Synology Mail Station

Synology has fixed vulnerabilities in MailStation. A malicious party can exploit the vulnerabilities to use SQL injection to execute arbitrary code, or gain access to sensitive data. No CVE identifiers have been disclosed for the vulnerabilities yet. Synology gives the vulnerabilities the status...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the browser, or potentially access gain access to sensitive data in the context of the browser. The malicious party must trick th...

Vulnerabilities fixed in IBM Qradar

IBM has fixed vulnerabilities in QRadar. An authenticated malicious party can exploit the vulnerabilities to launch attacks execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Access to system...

Vulnerabilities fixed in Fortinet FortiNAC

Fortinet has fixed vulnerabilities in FortiNAC. A unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code or manipulate files on the FortiNAC system. This requires malicious network traffic must be sent to TCP port 1050 or 5555. Fortinet has released updates t...

Vulnerabilities fixed in HP Laserjet and MultiFunctionals

Hewlett Packard has fixed vulnerabilities in the firmware of various HP Laserjet and MultiFunctional devices. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, or to execute arbitrary code on the vulnerable device. HP has released updates to fix the...

Vulnerability fixed in Grafana

Grafana Labs has fixed a vulnerability in Grafana. The vulnerability is in the way accounts are validated when using Azure Active Directory for authentication. A malicious party could exploit it to completely take over an account and thus gain access gain access to sensitive data in that account...

Vulnerability fixed in TOPdesk

TOPdesk has fixed a vulnerability in TOPdesk Self-service and TOPdesk Operator. A malicious party with a valid account can exploit the exploit the vulnerability to impersonate any other user and thus gain access to and manipulate their data. manipulate. The vulnerability lies in the way SAML Sing...

Vulnerability fixed in Juniper JunOS

Juniper has fixed a vulnerability in JunOS. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service. The vulnerability is in the way BGP traffic is handled. In specific circumstances, a BGP update can result in the disconnection of the connection...

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Increased user privileges Node.js has released updates...

Vulnerabilities fixed in VMware vCenter

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code be able to execute arbitrary code on the underlying system. The malicious party does not need to have prior authentication to do this...

Vulnerabilities fixed in Apple macOS, iOS, iPadOS and Safari

Apple has fixed vulnerabilities in macOS, iOS, iPadOS and Safari. An unauthenticated malicious person could exploit them to execute arbitrary code on the vulnerable system. The most serious vulnerability has been assigned attribute CVE-2023-32434 assigned and allows a malicious person to execute...

Vulnerabilities fixed in IBM Spectrum Protect

IBM fixed vulnerabilities in Spectrum Protect Plus Microsoft Filesystem Backup and Restore. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, or gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Spectru...

Vulnerabilities fixed in Mattermost

The developers of Mattermost have fixed vulnerabilities in Mattermost. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, bypass, manipulate the operation of the application and thus gain access gain access to channels and conversations to...

Fixed vulnerabilities in Microsoft ODBC driver for SQL Server

Microsoft has fixed vulnerabilities in the ODBC Driver for SQL Server. A malicious party could exploit the vulnerabilities to execute arbitrary code on the vulnerable system. To exploit the vulnerabilities, the malicious party must have a rogue SQL server and trick the victim into connecting...

Vulnerabilities fixed in Liferay Portal and DXP

Liferay has fixed vulnerabilities in Portal and DXP. A malicious party can exploit the vulnerabilities for various redirection attacks, such as Cross-site Scripting XSS and Cross-Source-Request-Forgery CSRF. Such attacks can lead to execution of script code in the context of the victim's browser,...

Vulnerability discovered in MOVEit Transfer

Progress has indicated in a blog post that a vulnerability has been found in MOVEit Transfer. The vulnerability allows an unauthenticated remote malicious person to obtain sensitive data through of an SQL injection to obtain sensitive data. The vulnerability has not yet been assigned a CVE...

Vulnerability fixed in ESET Security products

ESET has fixed a vulnerability in the following Security products for Linux and macOS: Server Security for Linux Endpoint Antivirus for Linux Cyber Security Endpoint Antivirus for macOS A local malicious agent can exploit the vulnerability to grant themselves elevated privileges and execute code...

Vulnerability fixed in Citrix Virtual Apps and Deckstops

Citrix has fixed a vulnerability in the Virtual Delivery Agent for Virtual Apps and Desktops. An authenticated malicious party can exploit the vulnerability to launch applications and desktops for which it is not authorized. Citrix has released updates to fix the vulnerability in Virtual Apps and...

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. A local malicious party can exploit the vulnerabilities to gain elevated permissions and affect the operation of Apex One, or to execute arbitrary code with elevated privileges. Trend Micro has released updates to address the vulnerabilities fixe...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or potentially execute arbitrary code with privileges of the victim. Google has released updates to fix the vulnerabilities in Chrome 114.0.5735.133 for linux and...

Vulnerabilities fixed in Microfocus ArcSight Logger

Micro Focus has fixed vulnerabilities in ArcSight Logger. A malicious party could exploit the vulnerabilities to launch a Cross-site Scripting attack, or an XML External Entity Injection. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access data...

Vulnerability fixed in Adobe Animate

Adobe has fixed a vulnerability in Animate. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. The malicious person needs to trick the victim into opening a rogue file to do so. open. Adobe has released updates to fix the vulnerability in Animate...

Vulnerability fixed in HP LaserJet Multifunctionals

Hewlett Packard has fixed a vulnerability in the firmware of several LaserJet and Scanjet Multifunctionals. An unauthenticated malicious party could exploit the vulnerability to cause a buffer overflow cause a buffer overflow and execute arbitrary code on the vulnerable systems when HP Workpath i...

Vulnerability fixed in Citrix Sharefile and Content Collaboration

Citrix has fixed a vulnerability in the StorageZones Controller as in use with Sharefile and Content Collaboration. A malicious party could exploit the vulnerability to gain access gain access to sensitive data. Citrix has released updates to fix the vulnerability in Sharefile and Content...

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to circumvent a security measure, gain access to arbitrary files on the vulnerable system and execute arbitrary code. Adobe has released updates to fix the vulnerabilities in Adobe Commerc...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Increased user privileges In order to...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Remote code execution...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerabilities fixed in SAP

SAP has fixed vulnerabilities in several products, including NetWeaver, CRM and SAPUI5. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication SQL Injection SAP has...

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. A authenticated malicious person with the ability to Powershell scripts can execute the vulnerabilities exploit them to execute arbitrary code with permissions from the application. Microsoft Exchange Server:...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Power Apps and Dynamics. An authenticated malicious person could exploit the vulnerabilities to impersonate another user and execute arbitrary code execute arbitrary code with privileges of that user. Microsoft Power Apps:...

Vulnerabilities fixed in Zoom

Zoom has fixed vulnerabilities in the Zoom client for Windows and macOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant themselves elevated privileges granted or gain access to sensitive information. Zoom has released updates to fix the vulnerabilities ...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in SIMATIC, SICAM, SIMOTION, WinCC, Solid Edge and Scalance products. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data...

Vulnerabilities fixed in Fortinet FortiGate

Fortinet has released updates to its FortiGate software. Security researchers indicate that in these updates a serious vulnerability has been fixed in the VPN-SSL. A malicious party could exploit the vulnerability to execute arbitrary code without prior authentication to execute arbitrary code on...

Vulnerability fixed in Cisco ASA and Firepower Threat defense

Cisco has fixed a vulnerability in ASA and FTD. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the vulnerable system. The vulnerability is in the way ASA and FTD handle SSL/TLS traffic. Cisco has released updates to fix the vulnerability i...

Vulnerabilities fixed in Cisco Unified Communication Manager

Cisco has fixed vulnerabilities in Unified Communication Manager. An unauthenticated malicious person with access to the web interface could exploit the vulnerabilities to cause a denial-of-service attack. Cisco has released updates to fix the vulnerabilities in Unified Communication Manager. For...

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed vulnerabilities in Firefox and Firefox ESR. A malicious party could exploit the vulnerabilities to circumvent a security measure, cause a denial-of-service cause, or potentially execute arbitrary code in the scope of the browser. Mozilla has released updates to fix the...

Vulnerability fixed in Cisco Anyconnect Secure Mobility Client and Secure Client

Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client and Secure Client for windows. A local, authenticated malicious party could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code execute code with privileges from SYSTEM. Cisco has release...

Vulnerabilities fixed in VMware Aria Operations Networks

VMware has fixed vulnerabilities in Aria Operations Networks aka vRealize Network Insight. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code on the underlying system. The most serious vulnerability has been labeled CVE-2023-20887 an...

Vulnerabilities fixed in GeoServer

GeoServer has fixed vulnerabilities in the OGC filters of GeoServer and GeoTools. A malicious party can exploit exploit the vulnerabilities to improperly access publicly access publicly accessible data or execute arbitrary SQL code on the underlying database. execute arbitrary SQL code on the...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Widevine. The vulnerabilities potentially enable a malicious person to execute attacks that...