Vulnerability fixed in Adobe InCopy

Adobe has fixed a vulnerability in InCopy. A malicious person could exploit the vulnerability to execute arbitrary code with the victim's privileges. To do so, the malicious party must trick the victim into opening a malicious file to open. Adobe has released updates to fix the vulnerability in...

Fixed vulnerabilities in HP Laserjet printers and multifunctionals

Hewlett Packard has fixed vulnerabilities in the firmware of several HP Laserjet, Color Laserjet and Laserjet Pro printers and multifunction devices. An unauthenticated malicious person with access to the local network could exploit the vulnerabilities to cause a denial-of-service cause, or to...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerability fixed in Node.js vm2

A vulnerability has been fixed in vm2. vm2 is a package for Node.js and provides a sandbox environment for running untrusted code. The vulnerability allows a malicious party to to break out of the sandbox and thus execute code on the system on which vm2 is running. The way the vulnerability can b...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics 365. A remote malicious person could exploit the vulnerabilities for a cross-site scripting attack. Such an attack can result in execution of code in the context of the victim's browser and thereby potentially accessing sensitive data. Microsoft...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in MS SQL Server. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code with SYSTEM privileges. To exploit the vulnerabilities exploit, the malicious party must trick a user of SQL Server entice a rogue query to open and...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in the Azure components Service Connector and Machine Learning. A malicious party could exploit the vulnerabilities to bypass internal firewall rules, or to gain access to logging data. The malicious party must be authenticated with the appropriate...

Vulnerability fixed in Microsoft Defender

Microsoft has fixed a vulnerability in Defender. The vulnerability allows a malicious party to cause a denial-of-service exploit. Microsoft Defender for Endpoint: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges. The malicious party must trick the victim into opening a malicious file to open. The vulnerability in Sharepoint allows an...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in, among others: TIA Portal, SIPROTEC, SICAM , SCALANCE, SIMANTIC and Mendix. The vulnerabilities potentially enable a malicious party to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Remote code execution User...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Microsoft Developer Tools. A malicious party could exploit the vulnerabilities to gain access to sensitive data, obtain elevated privileges or execute arbitrary code. To do so the malicious party must have access to a system on which the vulnerable...

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP, SAP Gui, CRM, Netweaver and Business Objects. A malicious person could vulnerabilities potentially exploit and cause damage in the categories below: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing...

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS, iPadOS and Safari. The vulnerabilities allow an unauthenticated remote malicious party to execute arbitrary code. execute. Apple says it has received signals of active misuse of the vulnerabilities. Organizations are advised to implement the made...

Vulnerabilities fixed in Google Chrome and Chromium

Google has fixed several vulnerabilities in Chrome. A remote malicious can exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Cisco Prime Infrastructure and Evolved Programmable Network Manager (EPNM)

Cisco has fixed vulnerabilities in the web management interface of Prime Infrastructure and Evolved Programmable Network Manager EPNM. A malicious person with access to the management interface can exploit the exploit vulnerabilities to obtain system information, or to execute commands in the...

Vulnerabilities fixed in IBM QRadar SIEM

IBM fixed vulnerabilities in subcomponents of QRadar SIEM: Data Synchronization App, Use Case Manager app, QRadar Assistant app, Data Synchronization app and Wincollect agent. A malicious party can exploit the vulnerabilities to cause a denial-of-service, to gain access to sensitive data, or to...

Vulnerabilities fixed in Dell EMC Networker

Dell has fixed vulnerabilities in EMC Networker. A authenticated malicious person could exploit the vulnerabilities to bypass security measures or execute arbitrary code execute application privileges on the underlying system. Under normal circumstances, the application runs with limited...

Vulnerability fixed in HP LaserJet printers

HP has fixed a vulnerability in the firmware of several LaserJet systems. An unauthenticated malicious person could exploit the exploit the vulnerability to gain access to sensitive data when IPSEC is enabled. HP has released updates to fix the vulnerability in the vulnerable LaserJet systems. Fo...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that...

Vulnerabilities fixed in IBM Aspera Cargo and Connect

IBM has fixed vulnerabilities in Aspera Connect and Aspera Cargo. A local malicious party could exploit the vulnerabilities to cause a Buffer overflow. This usually leads to a Denial-of-Service, but can also lead to execution of arbitrary code on the system. The malicious party does not need prio...

Vulnerabilities fixed in IBM QRadar SIEM and User Behavior Analytics

IBM fixed vulnerabilities in QRadar SIEM and User Behavior Analytics. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security...

Vulnerabilities fixed in GitLab Enterprise and Community Editions

GitLab has fixed several vulnerabilities in GitLab Enterprise and Community Editions. A malicious person with access to the development environment could exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS...

Vulnerabilities fixed in Forcepoint Cloud Security Gateway

Forcepoint has fixed vulnerabilities in the Login Portal of Cloud Security Gateway and underlying tooling such as Web Security Gateway and Email Security Gateway. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack typically...

Vulnerabilities fixed in Jetbrains IntelliJ IDEA

Jetbrains has fixed vulnerabilities in IntelliJ IDEA. A malicious person with access to the development environment can exploit the vulnerabilities to bypass security measures or manipulate source code to gain access to sensitive data or execute or have executed code with privileges of the victim...

Vulnerabilities fixed in Samba

Samba developers have fixed vulnerabilities in Samba. A malicious party could exploit the vulnerabilities to gain access gain access to sensitive data, or to manipulate data in the underlying Active Directory without being authorized to do so. The vulnerability with attribute CVE-2023-0614 is a f...

Vulnerabilities fixed in QNAP QTS and QuTS hero

QNAP has fixed vulnerabilities in QTS and QuTS hero, the operating system for QNAP NAS devices. An authenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or grant themselves elevated privileges and thus gain access to sensitive data or execute arbitrary cod...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root righ...

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerabilities fixed in Apache OpenOffice

Apache has fixed vulnerabilities in OpenOffice. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the application, with permissions from the victim. To do this, the malicious party must trick the victim into opening a malicious fi...

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. A remote malicious person could exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...

Vulnerabilities fixed in Cisco Access Points

Cisco has fixed vulnerabilities in several access points. A malicious party could exploit the vulnerabilities to cause a denial-of-service on the vulnerable system, or to execute arbitrary code as root. To execute arbitrary code, the malicious party needs need prior authentication on the command...

Vulnerabilities fixed in IBM Aspera Faspex

IBM has fixed vulnerabilities in Aspera Faspex. A malicious party could exploit the vulnerabilities to obtain sensitive data obtain, or potentially execute arbitrary code under the victim's privileges through an XML External Entity injection attack XXE. IBM has released updates to fix the...

Vulnerabilities fixed in Cisco IOS XE

Cisco has fixed vulnerabilities in IOS XE. An authenticated malicious party could exploit the vulnerabilities to gain access to system data, cause a denial-of-service, or to grant themselves elevated privileges and potentially execute arbitrary execute arbitrary code on the vulnerable system. To...

Vulnerabilities discovered in mobile devices with Samsung Exynos Modem

Google Project Zero has discovered fourteen vulnerabilities in Samsung Exynos Modems. These modems are used in at least the following mobile devices: Samsung: S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 Vivo: S16, S15, S6, X70, X60 and X30 Google: Pixel 6 and Pixel 7 It is possible...

Vulnerability fixed in IBM Aspera Faspex

IBM has fixed a vulnerability in Aspera Faspex. A authenticated malicious user can use the vulnerability to change the password of another user. IBM has released a new container image to fix the vulnerability fix in Aspera Faspex 5.0.4. For more information, see:...

Vulnerabilities fixed in Adobe Dimension

Adobe has fixed vulnerabilities in Dimension. A local malicious person could exploit the vulnerabilities to execute arbitrary code execute with application privileges, or to access gain access to sensitive data in the context of the application. Adobe has released updates to fix the vulnerabiliti...

Vulnerability fixed in Adobe Creative Cloud Desktop Application

Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A local malicious person could abuse the vulnerability to execute arbitrary code. The malicious party does not need prior authorizations on the application. Adobe has released updates to fix the vulnerability in Creative Cloud...

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Illustrator 2023. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code with privileges of the victim. To do so, the malicious party must trick the victim into opening a malicious file to open. Adobe h...

Vulnerability fixed in HP Integrated Lights Out (ILO)

Hewlett Packard has fixed a vulnerability in Integrated Lights Out ILO 4, 5 and 6. A malicious person with access to the ILO infrastructure could exploit the vulnerability to perform of a cross-site scripting XSS attack. Such an attack can lead to execution of code in the context of the browser o...

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A local malicious party can exploit the vulnerability to execute arbitrary code. The malicious party does not need any prior authorizations on the application. Adobe has released updates to fix the vulnerability in Photoshop 2022 v23.5.4 & 2023 v24.2....

Vulnerabilities fixed in Zoom

Zoom has fixed vulnerabilities in the Zoom client for various platforms. An unauthenticated remote malicious person could exploit the exploit the vulnerabilities to cause a denial-of-service. A local malicious person can grant themselves elevated privileges through vulnerabilities in the installe...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges to gain access to sensitive data. Of the vulnerability with reference CVE-2023-26360, Adobe indicates information that it has already been...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data Access to system data The malicious party...

Vulnerabilities fixed in Aveva products

Aveva has fixed vulnerabilities in inTouch, PlantScada and Telemery Server. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to system...

Vulnerabilities fixed in Aruba Clearpass Policy Manager

Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. The vulnerabilities are located in the web-based management interface of CPPM and allow a malicious person to access gain access to sensitive data, execute arbitrary code on the underlying system or, through a chain of actions,...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in the Dynamics 365 platform. An authenticated malicious party can exploit the vulnerabilities exploit them to perform a cross-site scripting attack and thus impersonate another user and gain access to their data. Microsoft Dynamics:...

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. The vulnerabilities are located in the git code used by Visual Studio used and allow a malicious party to access gain access to sensitive data, or to execute arbitrary code execute code with the victim's privileges. Because Visual Studio is a...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. The vulnerabilities allow a malicious person to perform execute attacks that can result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing Access to sensitive data Increased user...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure Service Fabric and Azure HDInsight Apache Ambari. The vulnerabilities allow a malicious person able to impersonate another user. To do so, the malicious party must entice someone with higher privileges entice someone with higher privileges to click on ...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges The mos...