4209 matches found
Vulnerability fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed a vulnerability in GitLab 16.0.0. A unauthenticated remote malicious person could exploit to gain access to arbitrary files on the server via a path traversal. The vulnerability is exploitable when the malicious party has knowledge has knowledge of an attachment in a public proje...
Vulnerability fixed in MikroTik RouterOS
MikroTik has fixed a vulnerability in RouterOS. A unauthenticated malicious person could potentially abuse it to execute arbitrary code. To do so, malicious network traffic should be sent to the vulnerable device. sent. MikroTik indicates that systems are only vulnerable when they are use a...
Vulnerability fixed in WordPress Essential Addons For Elementor plugin
A vulnerability has been fixed in Essential Addons for Elementor, a popular WordPress plugin with more than a million active installations. The vulnerability allows unauthenticated malicious parties to be able to reset the passwords of arbitrary users on the affected site to reset them, giving th...
Vulnerability discovered in Keepass
A vulnerability has been discovered in Keepass v2.A local malicious party can exploit the vulnerability to retrieve the master password password. To do this, the malicious party must already have access to the local environment of the victim. The vulnerability is in how the input field of the...
Vulnerabilities fixed in Tracker Software PDF-Xchange
Tracker Software has fixed vulnerabilities in PDF-Xchange. A malicious party could exploit the vulnerabilities to cause a denial-of-service and potentially execute code with privileges of the victim. This requires the malicious party to trick the victim into opening a malicious file to open...
Vulnerabilities fixed in Mitel MiVoice Connect
Mitel has fixed vulnerabilities in several components of MiVoice Connect, such as Mobility router, Edge Gateway, HQ and DVS. A malicious party can exploit the vulnerabilities to execute arbitrary code within the context of the application. To execute code as an administrator, the malicious party...
Vulnerability fixed in CUPS
OpenPrinting has fixed a vulnerability in CUPS. A malicious person with access to the print server, and the ability to create printers, could exploit the vulnerability to execute arbitrary code with print server privileges. OpenPrinting has released updates to fix the vulnerability fix in CUPS. F...
Vulnerabilities fixed in cisco Small Business Switch
Cisco has fixed vulnerabilities in a number of series of Small Business Switches. The vulnerabilities are located in the Web interface and enable an unauthenticated malicious person to able to cause a denial-of-service, or to execute arbitrary execute arbitrary code as root. The malicious party...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Cisco Identity Services Engine (ISE).
Cisco has fixed vulnerabilities in Identity Services Engine ISE. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A malicious party could exploit the vulnerabilities to gain elevated permissions, gain access to sensitive information or execute arbitrary code with privileges from the vulnerable system. Trend Micro has released updates to address the...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. This requires the malicious party to trick the...
Vulnerability fixed in Netapp SnapCenter
Netapp has fixed a vulnerability in SnapCenter. A unauthenticated malicious party could exploit the vulnerability to gain access to the backup environment with administrator privileges. This allows the malicious party to gain access to sensitive information, manipulate data or cause a...
Vulnerabilities fixed in several Autodesk products
Autodesk has fixed vulnerabilities in several products. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code within the vulnerable application by injecting a rogue pskernel.dll. Inserting such a rogue .dll file requires social engineering, or...
Vulnerabilities fixed in VMWare Aria
VMWare has fixed vulnerabilities in Aria formerly: vRealize. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary commands as "root. For successful abuse, it is necessary that the malicious party already has elevated privileges has. The vulnerability with...
Vulnerability fixed in IBM Websphere
IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to launch an XML External Entity attack. By serving a rogue XML file, the malicious party can cause a denial-of-service cause, or potentially gain access to sensitive information. IBM...
Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS
Aruba Networks has fixed vulnerabilities in systems running run on ArubaOS and InstantOS. An unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to system data or execute code on the underlying system with user privileges. To exploit the...
Vulnerability fixed in the Linux Kernel
A vulnerability has been fixed in the linux kernel. The vulnerability is in the netfilter module. This module is used by the kernel to process network traffic, routing and filtering. This module is only in use when the affected system is actually actively manipulating network traffic, because, fo...
Firmware and Intel Boot Guard keys leaked in ransomware attack on MSI
In late March, hardware manufacturer MSI was hit by a ransomware attack. As a result of this ransomware attack, private keys were according to security firm Binarly, private keys were leaked that are used to digitally sign firmware for motherboards. Also compromised were private keys used by Inte...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Microsoft Teams: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impa...
Vulnerabilities fixed in SAP products
SAP has released updates for several products, including SAP, SAP Gui, CRM, Netweaver and Business Objects. A malicious person could vulnerabilities potentially exploit and cause damage in the categories below: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in two Developer Tools. In order to exploit the vulnerabilities, the malicious party must have local access to the development environment. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome and Chromium. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to perform attacks that could lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofi...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in SIMATIC Cloud Connect, Siveillance, SINEC, Solid Edge and Scalance products. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation ...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in FortiOS, FortiProxy and FortiADC. The vulnerability with reference CVE-2023-22640 relates FortiOS and FortiProxy and allows an authenticated remote malicious person to execute arbitrary code via specially prepared requests to execute arbitrary code. The...
Vulnerability fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person with user privileges could exploit the vulnerability to use a GraphQL endpoint to install rogue runners in any project within the environment and thus execute arbitrary code execute. GitL...
Vulnerability fixed in OPC Foundation .NET Reference Server
OPC Foundation has fixed a vulnerability in .NET Reference Server. An unauthenticated malicious person could exploit it to cause a denial-of-service. OPC Foundation has released updates to fix the vulnerability fix in OPC .NET Reference Server 1.4.371.86. For more information, see:...
Vulnerabilities fixed in several F5 products
F5 has fixed several vulnerabilities in BIG-IP and NGINX. A remote malicious party can exploit the vulnerabilities in BIG-IP exploit them to cause a denial-of-service DOS on the Traffic Management Microkernel TMM subprocess. To do this, the vulnerable system must be configured with a specific UDP...
Vulnerabilities fixed in Elastic products
Vulnerabilities have been fixed in the Kibana and Filebeat products from Elastic. These vulnerabilities allow an attacker to perform cross-site scripting attacks, read system data such as read logs or execute arbitrary code under user privileges. The vulnerability with attribute CVE-2023-31415 in...
Vulnerabilities fixed in IBM MQ
IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a Denial-of-Service, or to gain access to sensitive data. To access sensitive data, the malicious party must have access to a client where the Trace feature is enabled. IBM has released...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that...
Vulnerability fixed in Dradis Pro
Dradis has fixed a vulnerability in Dradis Pro. A malicious party could exploit the vulnerability to perform a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the browser of the victim, or access sensitive data within that same context of the...
Vulnerabilities fixed in Grafana
Grafana Labs has fixed vulnerabilities in Grafana. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. Grafana Labs has released updates to address the vulnerabilities fixes in Grafana. For more information, see:...
Vulnerabilities fixed in Git for Windows
The Git community has fixed vulnerabilities in Git for Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root...
Vulnerability fixed in IBM Websphere Application Server
IBM has fixed a vulnerability in the management interface of Websphere Application Server. A malicious person with access to this interface could exploit the vulnerability to launch a Cross-Site Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the context of the...
Vulnerabilities fixed in IBM App Connect Enterprise and Integration Bus
IBM fixed vulnerabilities in Integration Bus and App Connect Enterprise. The vulnerabilities are in the underlying Eclipse Mosquito and allow a malicious party to perform a denial-of-service attack. IBM has released updates to fix the vulnerabilities in Integration Bus and App Connect Enterprise...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service. The vulnerability with reference CVE-2023-29257 allows a malicious person with management privileges on a database to execute arbitrary code execute arbitrary code, ...
Vulnerabilities fixed in Zyxel Firewalls and Access Points
Zyxel has fixed vulnerabilities in the firmware of several USG, APT, VPN and ZyWall systems. A malicious party can exploit the vulnerabilities exploit them for attacks that can result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...
Vulnerability fixed in Rancher
A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...
Vulnerabilities fixed in APC Easy UPS Online. Monitoring
APC has fixed vulnerabilities in Easy UPS Online Monitoring. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with the victim's privileges. Because the online monitoring software is used by administrators, it is likely that cod...
Vulnerabilities fixed in Foxit PDF Editor and PDF Reader
Foxit has fixed vulnerabilities in its PDF Reader and Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with the victim's privileges. This requires the malicious party to trick the victim into opening a malicious file to...
Vulnerability fixed in dmidump
A vulnerability has been fixed in dmidump. A malicious party can exploit the vulnerability to overwrite arbitrary files and overwrite and thus grant himself elevated privileges, or execute arbitrary code with root privileges. A researcher has published a writeup with working Proof-of-Concept code...
Vulnerabilities fixed in VMWare Aria Operations or Logs (vh: vrealize Log Insight)
VMWare has fixed vulnerabilities in Aria Operations for Logs, formerly known as vRealize Log Insight. A malicious person with access to the log server can exploit the vulnerabilities exploit them to execute arbitrary code as root. The malicious party can gain access without prior authentication...
Vulnerabilities fixed in Oracle Peoplesoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle VM VirtualBox. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in Oracle Hyperion products. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under the application's permissions. ------------------.------.------------------------------------- | CVE...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...