4209 matches found
Vulnerabilities fixed in IBM Spectrum Protect
IBM fixed vulnerabilities in Spectrum Protect Plus Microsoft Filesystem Backup and Restore. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, or gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Spectru...
Vulnerabilities fixed in Mattermost
The developers of Mattermost have fixed vulnerabilities in Mattermost. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, bypass, manipulate the operation of the application and thus gain access gain access to channels and conversations to...
Vulnerabilities fixed in Liferay Portal and DXP
Liferay has fixed vulnerabilities in Portal and DXP. A malicious party can exploit the vulnerabilities for various redirection attacks, such as Cross-site Scripting XSS and Cross-Source-Request-Forgery CSRF. Such attacks can lead to execution of script code in the context of the victim's browser,...
Fixed vulnerabilities in Microsoft ODBC driver for SQL Server
Microsoft has fixed vulnerabilities in the ODBC Driver for SQL Server. A malicious party could exploit the vulnerabilities to execute arbitrary code on the vulnerable system. To exploit the vulnerabilities, the malicious party must have a rogue SQL server and trick the victim into connecting...
Vulnerability discovered in MOVEit Transfer
Progress has indicated in a blog post that a vulnerability has been found in MOVEit Transfer. The vulnerability allows an unauthenticated remote malicious person to obtain sensitive data through of an SQL injection to obtain sensitive data. The vulnerability has not yet been assigned a CVE...
Vulnerability fixed in ESET Security products
ESET has fixed a vulnerability in the following Security products for Linux and macOS: Server Security for Linux Endpoint Antivirus for Linux Cyber Security Endpoint Antivirus for macOS A local malicious agent can exploit the vulnerability to grant themselves elevated privileges and execute code...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A local malicious party can exploit the vulnerabilities to gain elevated permissions and affect the operation of Apex One, or to execute arbitrary code with elevated privileges. Trend Micro has released updates to address the vulnerabilities fixe...
Vulnerability fixed in Citrix Virtual Apps and Deckstops
Citrix has fixed a vulnerability in the Virtual Delivery Agent for Virtual Apps and Desktops. An authenticated malicious party can exploit the vulnerability to launch applications and desktops for which it is not authorized. Citrix has released updates to fix the vulnerability in Virtual Apps and...
Vulnerability fixed in Adobe Animate
Adobe has fixed a vulnerability in Animate. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. The malicious person needs to trick the victim into opening a rogue file to do so. open. Adobe has released updates to fix the vulnerability in Animate...
Vulnerability fixed in HP LaserJet Multifunctionals
Hewlett Packard has fixed a vulnerability in the firmware of several LaserJet and Scanjet Multifunctionals. An unauthenticated malicious party could exploit the vulnerability to cause a buffer overflow cause a buffer overflow and execute arbitrary code on the vulnerable systems when HP Workpath i...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to circumvent a security measure, gain access to arbitrary files on the vulnerable system and execute arbitrary code. Adobe has released updates to fix the vulnerabilities in Adobe Commerc...
Vulnerabilities fixed in Microfocus ArcSight Logger
Micro Focus has fixed vulnerabilities in ArcSight Logger. A malicious party could exploit the vulnerabilities to launch a Cross-site Scripting attack, or an XML External Entity Injection. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access data...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or potentially execute arbitrary code with privileges of the victim. Google has released updates to fix the vulnerabilities in Chrome 114.0.5735.133 for linux and...
Vulnerability fixed in Citrix Sharefile and Content Collaboration
Citrix has fixed a vulnerability in the StorageZones Controller as in use with Sharefile and Content Collaboration. A malicious party could exploit the vulnerability to gain access gain access to sensitive data. Citrix has released updates to fix the vulnerability in Sharefile and Content...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange. A authenticated malicious person with the ability to Powershell scripts can execute the vulnerabilities exploit them to execute arbitrary code with permissions from the application. Microsoft Exchange Server:...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in SIMATIC, SICAM, SIMOTION, WinCC, Solid Edge and Scalance products. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data...
Vulnerabilities fixed in Zoom
Zoom has fixed vulnerabilities in the Zoom client for Windows and macOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant themselves elevated privileges granted or gain access to sensitive information. Zoom has released updates to fix the vulnerabilities ...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Increased user privileges In order to...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Power Apps and Dynamics. An authenticated malicious person could exploit the vulnerabilities to impersonate another user and execute arbitrary code execute arbitrary code with privileges of that user. Microsoft Power Apps:...
Vulnerabilities fixed in SAP
SAP has fixed vulnerabilities in several products, including NetWeaver, CRM and SAPUI5. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication SQL Injection SAP has...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Remote code execution...
Vulnerabilities fixed in Fortinet FortiGate
Fortinet has released updates to its FortiGate software. Security researchers indicate that in these updates a serious vulnerability has been fixed in the VPN-SSL. A malicious party could exploit the vulnerability to execute arbitrary code without prior authentication to execute arbitrary code on...
Vulnerability fixed in Cisco Anyconnect Secure Mobility Client and Secure Client
Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client and Secure Client for windows. A local, authenticated malicious party could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code execute code with privileges from SYSTEM. Cisco has release...
Vulnerabilities fixed in VMware Aria Operations Networks
VMware has fixed vulnerabilities in Aria Operations Networks aka vRealize Network Insight. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code on the underlying system. The most serious vulnerability has been labeled CVE-2023-20887 an...
Vulnerabilities fixed in Cisco Unified Communication Manager
Cisco has fixed vulnerabilities in Unified Communication Manager. An unauthenticated malicious person with access to the web interface could exploit the vulnerabilities to cause a denial-of-service attack. Cisco has released updates to fix the vulnerabilities in Unified Communication Manager. For...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox and Firefox ESR. A malicious party could exploit the vulnerabilities to circumvent a security measure, cause a denial-of-service cause, or potentially execute arbitrary code in the scope of the browser. Mozilla has released updates to fix the...
Vulnerability fixed in Cisco ASA and Firepower Threat defense
Cisco has fixed a vulnerability in ASA and FTD. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the vulnerable system. The vulnerability is in the way ASA and FTD handle SSL/TLS traffic. Cisco has released updates to fix the vulnerability i...
Vulnerabilities fixed in GeoServer
GeoServer has fixed vulnerabilities in the OGC filters of GeoServer and GeoTools. A malicious party can exploit exploit the vulnerabilities to improperly access publicly access publicly accessible data or execute arbitrary SQL code on the underlying database. execute arbitrary SQL code on the...
Vulnerabilities fixed in Google Chrome
Google has fixed two vulnerabilities in Chrome. Of one vulnerability no substantive information or CVE attribute has been disclosed stated. The vulnerability with attribute CVE-2023-3079 allows a malicious person to remotely capable of executing arbitrary code in the scope of the browser,...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Widevine. The vulnerabilities potentially enable a malicious person to execute attacks that...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Circumvention of...
Vulnerability fixed in Sailpoint IdentityIQ
Sailpoint has fixed a vulnerability in IdentityIQ. A authenticated malicious person could exploit the vulnerability to execute arbitrary code in the application, potentially gain access to user credentials and authorization information. Sailpoint has released updates to fix the vulnerability in a...
Vulnerabilities fixed in IBM Aspera Connect and Aspera Cargo
IBM has fixed vulnerabilities in Aspera Connect and Aspera Cargo. A malicious party could exploit the vulnerabilities to access gain access to login credentials, or to be able to execute arbitrary code execute with application privileges. IBM has released updates to fix the vulnerabilities in...
Vulnerabilities fixed in Splunk
Splunk has fixed vulnerabilities in Splunk Enterprise, Splunk Universal Forwarders and Splunk Cloud. A malicious party could vulnerabilities to exploit attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remote code...
Vulnerabilities fixed in Rancher
Vulnerabilities have been fixed in Rancher. The vulnerability with reference CVE-2022-43760 allows a malicious person to perform a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the browser of the victim. The vulnerabilities marked...
Vulnerability fixed in Arista series 7000 switches
Arista has fixed a vulnerability in the EOS software of several Series 7000 switches. A malicious party can exploit abuse the vulnerability to use a manipulated DHCP packet to crash and restart the DHCP relay service to crash and restart, thus creating a partial Denial-of-Service can occur. Arist...
Vulnerabilities fixed in IBM QRadar Wincollect Agent
IBM has fixed vulnerabilities in the Wincollect Agent of QRadar. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute code with permissions from the underlying system. IBM has released updates to fix the...
Actively exploited vulnerability fixed in Progress MOVEit
Progress has fixed a vulnerability in MOVEit Transfer. The vulnerability allows an unauthenticated remote malicious person able to obtain sensitive data processed through the application being processed. In addition, the vulnerability could potentially be exploited to obtain administrator...
Vulnerability fixed in VMWare Workspace ONE and Identity Manager
VMWare has fixed a vulnerability in Workspace ONE and Identity Manager vIDM. A malicious party could exploit it for a redirect attack, thus tricking the victim into trick the victim into contacting a server under its own control. This may allow the malicious party to obtain login credentials and...
Vulnerabilities fixed in Joomla!
Joomla! has fixed vulnerabilities in the MultiFactor Authentication system of Joomla! CMS. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack, or to use brute force to access the account. forcing to gain access to a user's account and...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. This requires the malicious party to trick the...
Vulnerabilities fixed in Dell EMC Powerpath
Dell has fixed vulnerabilities in Powerpath. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute code with SYSTEM privileges, or to gain access to the license key and thereby perform unauthorized new installations. Dell has released updat...
Vulnerabilities fixed in Zimbra Collaboration Suite
Zimbra has fixed vulnerabilities in the Zimbra Collaboration Suite ZCS. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Bypassing security measure...
Vulnerabilities fixed in LibreOffice
The Document Foundation has fixed two vulnerabilities in LibreOffice. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or possibly execute code with the victim's privileges. This requires the malicious party to trick the victim into opening a malicious document to...
Vulnerability fixed in Atlassian Confluence
Atlassian has fixed a vulnerability in Confluence. A authenticated malicious person with read-only privileges can exploit the exploit the vulnerability to upload files in places where the malicious party is not authorized to do. Atlassian has released updates to fix the vulnerability in Confluenc...
Vulnerability fixed in VMWare NSX-T
VMWare has fixed a vulnerability in NSX-T. A unauthenticated malicious person could exploit the vulnerability to perform perform a cross-site scripting attack on the underlying applications. Such an attack can lead to execution of arbitrary code in the context of the victim's browser, or access t...
Vulnerabilities fixed in Zyxel firewalls
Zyxel has fixed vulnerabilities in the firmware of firewall series ATP, USG FLEX, VPN and ZyWall/USG. An unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, and possibly also to execute arbitrary execute arbitrary code on the vulnerable system. Zyxel ha...
ZeroDay vulnerability fixed in Barracuda Email Security Gateway
Barracuda Networks has fixed a vulnerability in its Email Security Gateway appliance ESG. The vulnerability allows an unauthenticated malicious person to gain access gain access to the vulnerable system and execute arbitrary code. execute. Barracuda Networks indicates that this vulnerability has...
Vulnerability fixed in BitDefender
BitDefender has fixed a vulnerability in Bitdefender Total Security, Bitdefender Internet Security and Bitdefender Antivirus Plus. A malicious person could exploit the vulnerability to grant themselves granted elevated privileges and potentially execute arbitrary code execute arbitrary code with...