Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Circumvention of...

Vulnerabilities fixed in Google Chrome

Google has fixed two vulnerabilities in Chrome. Of one vulnerability no substantive information or CVE attribute has been disclosed stated. The vulnerability with attribute CVE-2023-3079 allows a malicious person to remotely capable of executing arbitrary code in the scope of the browser,...

Vulnerabilities fixed in IBM Aspera Connect and Aspera Cargo

IBM has fixed vulnerabilities in Aspera Connect and Aspera Cargo. A malicious party could exploit the vulnerabilities to access gain access to login credentials, or to be able to execute arbitrary code execute with application privileges. IBM has released updates to fix the vulnerabilities in...

Vulnerability fixed in Sailpoint IdentityIQ

Sailpoint has fixed a vulnerability in IdentityIQ. A authenticated malicious person could exploit the vulnerability to execute arbitrary code in the application, potentially gain access to user credentials and authorization information. Sailpoint has released updates to fix the vulnerability in a...

Vulnerabilities fixed in Splunk

Splunk has fixed vulnerabilities in Splunk Enterprise, Splunk Universal Forwarders and Splunk Cloud. A malicious party could vulnerabilities to exploit attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remote code...

Vulnerabilities fixed in Rancher

Vulnerabilities have been fixed in Rancher. The vulnerability with reference CVE-2022-43760 allows a malicious person to perform a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the browser of the victim. The vulnerabilities marked...

Vulnerabilities fixed in IBM QRadar Wincollect Agent

IBM has fixed vulnerabilities in the Wincollect Agent of QRadar. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute code with permissions from the underlying system. IBM has released updates to fix the...

Vulnerability fixed in Arista series 7000 switches

Arista has fixed a vulnerability in the EOS software of several Series 7000 switches. A malicious party can exploit abuse the vulnerability to use a manipulated DHCP packet to crash and restart the DHCP relay service to crash and restart, thus creating a partial Denial-of-Service can occur. Arist...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. This requires the malicious party to trick the...

Vulnerability fixed in VMWare Workspace ONE and Identity Manager

VMWare has fixed a vulnerability in Workspace ONE and Identity Manager vIDM. A malicious party could exploit it for a redirect attack, thus tricking the victim into trick the victim into contacting a server under its own control. This may allow the malicious party to obtain login credentials and...

Actively exploited vulnerability fixed in Progress MOVEit

Progress has fixed a vulnerability in MOVEit Transfer. The vulnerability allows an unauthenticated remote malicious person able to obtain sensitive data processed through the application being processed. In addition, the vulnerability could potentially be exploited to obtain administrator...

Vulnerabilities fixed in Joomla!

Joomla! has fixed vulnerabilities in the MultiFactor Authentication system of Joomla! CMS. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack, or to use brute force to access the account. forcing to gain access to a user's account and...

Vulnerabilities fixed in Dell EMC Powerpath

Dell has fixed vulnerabilities in Powerpath. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute code with SYSTEM privileges, or to gain access to the license key and thereby perform unauthorized new installations. Dell has released updat...

Vulnerabilities fixed in Zimbra Collaboration Suite

Zimbra has fixed vulnerabilities in the Zimbra Collaboration Suite ZCS. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Bypassing security measure...

Vulnerabilities fixed in LibreOffice

The Document Foundation has fixed two vulnerabilities in LibreOffice. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or possibly execute code with the victim's privileges. This requires the malicious party to trick the victim into opening a malicious document to...

Vulnerability fixed in Atlassian Confluence

Atlassian has fixed a vulnerability in Confluence. A authenticated malicious person with read-only privileges can exploit the exploit the vulnerability to upload files in places where the malicious party is not authorized to do. Atlassian has released updates to fix the vulnerability in Confluenc...

ZeroDay vulnerability fixed in Barracuda Email Security Gateway

Barracuda Networks has fixed a vulnerability in its Email Security Gateway appliance ESG. The vulnerability allows an unauthenticated malicious person to gain access gain access to the vulnerable system and execute arbitrary code. execute. Barracuda Networks indicates that this vulnerability has...

Vulnerability fixed in VMWare NSX-T

VMWare has fixed a vulnerability in NSX-T. A unauthenticated malicious person could exploit the vulnerability to perform perform a cross-site scripting attack on the underlying applications. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access t...

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab 16.0.0. A unauthenticated remote malicious person could exploit to gain access to arbitrary files on the server via a path traversal. The vulnerability is exploitable when the malicious party has knowledge has knowledge of an attachment in a public proje...

Vulnerability fixed in BitDefender

BitDefender has fixed a vulnerability in Bitdefender Total Security, Bitdefender Internet Security and Bitdefender Antivirus Plus. A malicious person could exploit the vulnerability to grant themselves granted elevated privileges and potentially execute arbitrary code execute arbitrary code with...

Vulnerabilities fixed in Zyxel firewalls

Zyxel has fixed vulnerabilities in the firmware of firewall series ATP, USG FLEX, VPN and ZyWall/USG. An unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, and possibly also to execute arbitrary execute arbitrary code on the vulnerable system. Zyxel ha...

Vulnerability fixed in WordPress Essential Addons For Elementor plugin

A vulnerability has been fixed in Essential Addons for Elementor, a popular WordPress plugin with more than a million active installations. The vulnerability allows unauthenticated malicious parties to be able to reset the passwords of arbitrary users on the affected site to reset them, giving th...

Vulnerability fixed in MikroTik RouterOS

MikroTik has fixed a vulnerability in RouterOS. A unauthenticated malicious person could potentially abuse it to execute arbitrary code. To do so, malicious network traffic should be sent to the vulnerable device. sent. MikroTik indicates that systems are only vulnerable when they are use a...

Vulnerability discovered in Keepass

A vulnerability has been discovered in Keepass v2.A local malicious party can exploit the vulnerability to retrieve the master password password. To do this, the malicious party must already have access to the local environment of the victim. The vulnerability is in how the input field of the...

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerabilities fixed in cisco Small Business Switch

Cisco has fixed vulnerabilities in a number of series of Small Business Switches. The vulnerabilities are located in the Web interface and enable an unauthenticated malicious person to able to cause a denial-of-service, or to execute arbitrary execute arbitrary code as root. The malicious party...

Vulnerability fixed in CUPS

OpenPrinting has fixed a vulnerability in CUPS. A malicious person with access to the print server, and the ability to create printers, could exploit the vulnerability to execute arbitrary code with print server privileges. OpenPrinting has released updates to fix the vulnerability fix in CUPS. F...

Vulnerabilities fixed in Tracker Software PDF-Xchange

Tracker Software has fixed vulnerabilities in PDF-Xchange. A malicious party could exploit the vulnerabilities to cause a denial-of-service and potentially execute code with privileges of the victim. This requires the malicious party to trick the victim into opening a malicious file to open...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

Vulnerabilities fixed in Cisco Identity Services Engine (ISE).

Cisco has fixed vulnerabilities in Identity Services Engine ISE. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution Administrator/Root rights...

Vulnerabilities fixed in Mitel MiVoice Connect

Mitel has fixed vulnerabilities in several components of MiVoice Connect, such as Mobility router, Edge Gateway, HQ and DVS. A malicious party can exploit the vulnerabilities to execute arbitrary code within the context of the application. To execute code as an administrator, the malicious party...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. This requires the malicious party to trick the...

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. A malicious party could exploit the vulnerabilities to gain elevated permissions, gain access to sensitive information or execute arbitrary code with privileges from the vulnerable system. Trend Micro has released updates to address the...

Vulnerability fixed in Netapp SnapCenter

Netapp has fixed a vulnerability in SnapCenter. A unauthenticated malicious party could exploit the vulnerability to gain access to the backup environment with administrator privileges. This allows the malicious party to gain access to sensitive information, manipulate data or cause a...

Vulnerabilities fixed in several Autodesk products

Autodesk has fixed vulnerabilities in several products. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code within the vulnerable application by injecting a rogue pskernel.dll. Inserting such a rogue .dll file requires social engineering, or...

Vulnerabilities fixed in VMWare Aria

VMWare has fixed vulnerabilities in Aria formerly: vRealize. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary commands as "root. For successful abuse, it is necessary that the malicious party already has elevated privileges has. The vulnerability with...

Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS

Aruba Networks has fixed vulnerabilities in systems running run on ArubaOS and InstantOS. An unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to system data or execute code on the underlying system with user privileges. To exploit the...

Vulnerability fixed in IBM Websphere

IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to launch an XML External Entity attack. By serving a rogue XML file, the malicious party can cause a denial-of-service cause, or potentially gain access to sensitive information. IBM...

Vulnerability fixed in the Linux Kernel

A vulnerability has been fixed in the linux kernel. The vulnerability is in the netfilter module. This module is used by the kernel to process network traffic, routing and filtering. This module is only in use when the affected system is actually actively manipulating network traffic, because, fo...

Firmware and Intel Boot Guard keys leaked in ransomware attack on MSI

In late March, hardware manufacturer MSI was hit by a ransomware attack. As a result of this ransomware attack, private keys were according to security firm Binarly, private keys were leaked that are used to digitally sign firmware for motherboards. Also compromised were private keys used by Inte...

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP, SAP Gui, CRM, Netweaver and Business Objects. A malicious person could vulnerabilities potentially exploit and cause damage in the categories below: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome and Chromium. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive...

Vulnerabilities fixed in Mozilla Firefox and Firefox ESR

Mozilla has fixed vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to perform attacks that could lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofi...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in two Developer Tools. In order to exploit the vulnerabilities, the malicious party must have local access to the development environment. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Microsoft Teams: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impa...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in SIMATIC Cloud Connect, Siveillance, SINEC, Solid Edge and Scalance products. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation ...

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person with user privileges could exploit the vulnerability to use a GraphQL endpoint to install rogue runners in any project within the environment and thus execute arbitrary code execute. GitL...

Vulnerability fixed in OPC Foundation .NET Reference Server

OPC Foundation has fixed a vulnerability in .NET Reference Server. An unauthenticated malicious person could exploit it to cause a denial-of-service. OPC Foundation has released updates to fix the vulnerability fix in OPC .NET Reference Server 1.4.371.86. For more information, see:...

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy and FortiADC. The vulnerability with reference CVE-2023-22640 relates FortiOS and FortiProxy and allows an authenticated remote malicious person to execute arbitrary code via specially prepared requests to execute arbitrary code. The...