4179 matches found
Vulnerabilities fixed in several F5 products
F5 has fixed several vulnerabilities in BIG-IP and NGINX. A remote malicious party can exploit the vulnerabilities in BIG-IP exploit them to cause a denial-of-service DOS on the Traffic Management Microkernel TMM subprocess. To do this, the vulnerable system must be configured with a specific UDP...
Vulnerabilities fixed in Elastic products
Vulnerabilities have been fixed in the Kibana and Filebeat products from Elastic. These vulnerabilities allow an attacker to perform cross-site scripting attacks, read system data such as read logs or execute arbitrary code under user privileges. The vulnerability with attribute CVE-2023-31415 in...
Vulnerabilities fixed in IBM MQ
IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a Denial-of-Service, or to gain access to sensitive data. To access sensitive data, the malicious party must have access to a client where the Trace feature is enabled. IBM has released...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that...
Vulnerability fixed in IBM Websphere Application Server
IBM has fixed a vulnerability in the management interface of Websphere Application Server. A malicious person with access to this interface could exploit the vulnerability to launch a Cross-Site Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the context of the...
Vulnerabilities fixed in Git for Windows
The Git community has fixed vulnerabilities in Git for Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root...
Vulnerabilities fixed in IBM App Connect Enterprise and Integration Bus
IBM fixed vulnerabilities in Integration Bus and App Connect Enterprise. The vulnerabilities are in the underlying Eclipse Mosquito and allow a malicious party to perform a denial-of-service attack. IBM has released updates to fix the vulnerabilities in Integration Bus and App Connect Enterprise...
Vulnerabilities fixed in Grafana
Grafana Labs has fixed vulnerabilities in Grafana. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. Grafana Labs has released updates to address the vulnerabilities fixes in Grafana. For more information, see:...
Vulnerability fixed in Dradis Pro
Dradis has fixed a vulnerability in Dradis Pro. A malicious party could exploit the vulnerability to perform a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the browser of the victim, or access sensitive data within that same context of the...
Vulnerabilities fixed in Foxit PDF Editor and PDF Reader
Foxit has fixed vulnerabilities in its PDF Reader and Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with the victim's privileges. This requires the malicious party to trick the victim into opening a malicious file to...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service. The vulnerability with reference CVE-2023-29257 allows a malicious person with management privileges on a database to execute arbitrary code execute arbitrary code, ...
Vulnerability fixed in Rancher
A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...
Vulnerabilities fixed in Zyxel Firewalls and Access Points
Zyxel has fixed vulnerabilities in the firmware of several USG, APT, VPN and ZyWall systems. A malicious party can exploit the vulnerabilities exploit them for attacks that can result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...
Vulnerabilities fixed in APC Easy UPS Online. Monitoring
APC has fixed vulnerabilities in Easy UPS Online Monitoring. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with the victim's privileges. Because the online monitoring software is used by administrators, it is likely that cod...
Vulnerability fixed in dmidump
A vulnerability has been fixed in dmidump. A malicious party can exploit the vulnerability to overwrite arbitrary files and overwrite and thus grant himself elevated privileges, or execute arbitrary code with root privileges. A researcher has published a writeup with working Proof-of-Concept code...
Vulnerabilities fixed in VMWare Aria Operations or Logs (vh: vrealize Log Insight)
VMWare has fixed vulnerabilities in Aria Operations for Logs, formerly known as vRealize Log Insight. A malicious person with access to the log server can exploit the vulnerabilities exploit them to execute arbitrary code as root. The malicious party can gain access without prior authentication...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle VM VirtualBox. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service, to gain access to system data, or to execute arbitrary code in the context of the browser of the victim. To do this, the malicious party must trick the victim into openin...
Vulnerabilities fixed in Oracle Solaris
Oracle has fixed vulnerabilities in Oracle Solaris. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Increased user privileges...
Vulnerabilities fixed in Xwiki
The developers of Xwiki have released updates to fix the vulnerabilities fixed in Xwiki 15.0-rc-1, 14.10.1, 14.4.8 & 13.10.11. For more information, see: https://github.com/xwiki/xwiki-platform/security/advisories /GHSA-jgrg-qvpp-9vwr https://github.com/xwiki/xwiki-platform/security/advisories...
Vulnerability fixed in Schneider Electric PowerLogic
Schneider Electric has fixed a vulnerability in PowerLogic HDPM6000. A malicious party could exploit the vulnerability to cause a denial-of-service DoS, or possibly to execute arbitrary execute arbitrary code on the vulnerable system, by sending specially prepared Ethernet packets. To send the...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in Oracle Hyperion products. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under the application's permissions. ------------------.------.------------------------------------- | CVE...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Supply Chain
Vulnerabilities have been fixed in Oracle Supply Chain Products Suite, specifically in the Agile PLM. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data...
Vulnerabilities fixed in Oracle Peoplesoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data...
Vulnerabilities fixed in SolarWinds Platform
Solarwinds has fixed vulnerabilities in Solarwinds Platform and the Database Performance Analyzer DPA. A pre-authenticated malicious person can exploit the vulnerabilities exploit them for attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Remote code executi...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards products. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User Rights Access to...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data...
Vulnerabilities fixed in Oracle Construction and Engineering
Oracle has fixed vulnerabilities in Primavera P6 Enterprise Project Portfolio Management and Primavera Unifier. The vulnerability with reference CVE-2022-27404 allows an unauthenticated malicious party to execute arbitrary code under the rights of the application...
Vulnerabilities fixed in Oracle Essbase
Oracle has fixed vulnerabilities in Oracle Essbase. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to gain access to sensitive data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the following products: - MySQL...
Vulnerabilities fixed in Oracle Communications
Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to a denial-of-service DoS or manipulation of data. Oracle has fixed vulnerabilities in the following products: - Oracle Database Server - Oracle...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in several Oracle Financial Services Applications. The vulnerabilities allow a malicious able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security measure Remote code...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in several Oracle Fusion Middleware products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Google Chrome
Google has fixed two vulnerabilities in Chrome. No CVE ID has been disclosed of one of the vulnerabilities. The vulnerability with attribute CVE-2023-2033 allows a malicious person remotely able to cause a denial-of-service, or to execute arbitrary code in the context of the browser of the victim...
Vulnerabilities fixed in IBM AIX
IBM has fixed vulnerabilities in AIX. The vulnerabilities allow a local, authenticated user to execute arbitrary execute commands on the system. Even those for which the malicious user is not initially authorized to do. IBM has released updates to fix the vulnerabilities in AIX. For more...
Vulnerabilities fixed in Autodesk AutoCad
Autodesk has fixed vulnerabilities in AutoCad. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or possibly execute code with user privileges. This requires the malicious party to trick the victim into opening a rogue XB file to open. Autodesk has released updates...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunOS. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution...
Vulnerabilities fixed in FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious person with access to the management interface can exploit the vulnerability with attribute CVE-2022-41330 to exploit it to perform a cross-site scripting XSS attack. Such an attack can lead to execution of arbitrary code i...
Vulnerabilities fixed in Schneider Electric Modicon components
Schneider Electric has fixed vulnerabilities in several Modicon components. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to manipulate the operation of the vulnerable components. To do this, however, the malicious party must have access to the production...
Vulnerabilities fixed in Schneider Electric EcoStruxture Control Expert
Schneider Electric has fixed vulnerabilities in EcoStruxture Control Expert. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable environment. To do so, the malicious party must have access to the...
Vulnerabilities fixed in Fortinet FortiWeb and FortiADC
Fortinet has fixed vulnerabilities in FortiWeb and FortiADC. A malicious party can exploit the vulnerability with reference CVE-2022-43955 exploit to perform a cross-site scripting attack XSS on the web interface of the vulnerable systems. Such an attack can lead to execution of code within the...
Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious party can exploit the vulnerabilities for attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive data Increased user privileges...
Vulnerabilities fixed in Fortinet FortiClient
Fortinet has fixed vulnerabilities in the FortiClient. A local malicious person can exploit the vulnerabilities to grant themselves elevated privileges, be able to create arbitrary files be able to create arbitrary files on the underlying system and potentially execute arbitrary code execution...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A malicious person could exploit the vulnerabilities to gain access to sensitive data in the victim's context, or to execute arbitrary code execute arbitrary code with the victim's privileges. To do this, the malicious party must trick the victim into...
Vulnerability fixed in Adobe Digital Editions
Adobe has fixed a vulnerability in Digital Editions. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code. To do this, the malicious party must trick the victim into opening a malicious file to open. Adobe has released updates to fix the vulnerability i...
Vulnerabilities fixed in Fortinet FortiSandbox
Fortinet has fixed vulnerabilities in FortiSandbox. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, or to gain access to sensitive data from within the underlying system. Fortinet has released updates to fix the vulnerabilities in FortiSandbox. For mo...
Vulnerability fixed in Adobe InCopy
Adobe has fixed a vulnerability in InCopy. A malicious person could exploit the vulnerability to execute arbitrary code with the victim's privileges. To do so, the malicious party must trick the victim into opening a malicious file to open. Adobe has released updates to fix the vulnerability in...