4179 matches found
Vulnerabilities fixed in SAP products
SAP has released updates for several products, including SAP ERP, Netweaver, HAMA, Business Objects and SAP Solution Manager. A malicious party could potentially exploit the vulnerabilities and cause damage cause damage in the categories listed below: Cross-Site Scripting XSS Denial-of-Service Do...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in SCALANCE, among others, RuggedCom, SIMATIC, SIPROTEC and Mendix. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that lead to the following categories of damage: Denial-of-Service DoS. Accessing sensitive data Bypassing...
Vulnerabilities fixed in Redis
Redis has fixed two vulnerabilities. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. Because Redis is widely used as a message broker to support of information exchange processes, the consequence of a Denial-of-Service on the Redis service cannot be...
Vulnerabilities fixed in Lexmark Printers and Multifunctionals
Lexmark has fixed several vulnerabilities in the firmware of their printers and multifunction devices. A remote malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the printer's vulnerable interface, or to appropriate elevated privileges after previous...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in IOS XR, as used in ASR series 9000 routers. An unauthenticated remote malicious person could remote can exploit the vulnerability with attribute CVE-2023-20049 to cause a denial-of-service DoS by sending rogue BFD packets. BFD is Bidirectional Forwarding...
Vulnerability fixed in Veeam Backup & Replication
A vulnerability has been fixed in Veaam Backup & Replication. A unauthenticated malicious person with access to the network port of the Backup Server, could exploit the vulnerability to retrieve encrypted credentials from the configuration. Using these credentials, the malicious party can then ga...
Vulnerabilities fixed in Foxit PDF Editor
Foxit has fixed vulnerabilities in PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code in the user's context, as it appears possible appears to be able to reuse released objects and pointers in...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. A remote malicious person could exploit the vulnerabilities to perform execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerability fixed in FortiOS
FortiNet has fixed a vulnerability in FortiOS. The vulnerability is located in the management environment and allows an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, or execute arbitrary code on the...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...
Vulnerabilities fixed in xWiki
The developers of Xwiki have fixed several vulnerabilities in Xwiki. An authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, or to gain access to data to which the malicious party is not initially authorized. Xwiki has released updates to fix the...
Vulnerabilities fixed in GitLab Enterprise and Community Editions
GitLab has fixed several vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure...
Vulnerabilities fixed in Aruba Networks OS
Aruba Networks has fixed several vulnerabilities in Aruba OS, as used in WLAN Gateway, SD-WAN Gateway and Aruba Mobility Conductor & Controller. An unauthenticated malicious person can exploit the exploit vulnerabilities to delete arbitrary files and thereby potentially cause a denial-of-service,...
Vulnerabilities fixed in Mattermost
Mattermost has fixed several vulnerabilities in Mattermost. The vulnerabilities were made through Responsible Disclosure and Mattermost is not making any substantive information available until March 30. No CVE IDs have been published. The most serious vulnerability has been rated HIGH by...
Vulnerabilities fixed in Cisco IP Phones
Cisco has fixed two vulnerabilities in the web management interface of several IP phones. A malicious person with access to this web interface could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the vulnerable phones. It is good practice not to have such a...
Vulnerability fixed in IBM Websphere
IBM has fixed a vulnerability in the HTTP server which is used in Websphere Application Server. An unauthenticated remote attacker could exploit the vulnerability to cause a Denial-of-Service by offering a prepared, malformed URL. IBM has released updates to fix the vulnerability in HTTP Server f...
Vulnerabilities fixed in HP Serviceguard
HP has fixed vulnerabilities in Serviceguard. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or possibly to execute arbitrary code with application privileges. HP has released updates to fix the vulnerabilities in Serviceguard linux A.15.00.00 and A.12.80.05. F...
Vulnerability fixed in Cisco Finesse and Unified Contact Center
Cisco has fixed a vulnerability in Finesse and Unified Contact Center. The vulnerability is in the nginx component. When configured as a reverse proxy, an unauthenticated remote malicious person could exploit it to cause a denial-of-service on the system. Cisco has released updates to fix the...
Vulnerabilities fixed in ForgeRock Web Agents and Java Agents
ForgeRock has fixed vulnerabilities in Web Agents and Java Agents. An unauthenticated remote malicious agent could potentially exploit the vulnerabilities potentially exploit them to bypass authentication, gain access to sensitive data or execute arbitrary code execute arbitrary code. ForgeRock h...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in the Network Performance Monitoring tools of Solarwinds Platform. A malicious person with prior authentication can exploit the vulnerabilities to execute arbitrary code at the system level of the vulnerable system. Solarwinds has released updates to address...
Vulnerabilities fixed in Cisco Firepower and UCS Fabric Interconnect systems
Cisco has fixed vulnerabilities in FX-OS, as used in Firepower and UCS Fabric systems. The vulnerability with reference CVE-2023-20016 allows a malicious person with access to backups to gain access to the backup data from the vulnerable devices. This allows the malicious party gain access to the...
Vulnerabilities fixed in Cisco NX-OS
Cisco has fixed vulnerabilities in NX-OS. The vulnerability with attribute CVE-2022-20050 can be exploited by a local, authenticated malicious person to exploit arbitrary code execute arbitrary code at the system level by exploiting command-line injection. Also, a bug has been fixed in the...
Vulnerabilities fixed in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager.
Cisco has fixed vulnerabilities in Email Security Appliance ESA and Secure Email and Web Manager. A malicious party with prior authentication could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute arbitrary code with elevated privileges,...
Vulnerability fixed in FortiWeb
FortiNet has fixed a vulnerability in the proxy daemon of FortiWeb. An unauthenticated remote malicious agent could vulnerability potentially exploit it to execute arbitrary code with permissions from the daemon. To do this, the malicious party must cause a buffer overflow via rogue HTTP traffic...
Vulnerability fixed in VMware vRealize
VMware has fixed a vulnerability in vRealize Orchestrator and vRealize Automation. A malicious person with access to the Orchestrator could exploit the vulnerability for an XML External Entity XXE attack, potentially gaining access to sensitive data or grant themselves elevated privileges in the...
Vulnerability fixed in Arista switches
Arista has fixed a vulnerability in the firmware of several Series 7000 switches. Switches that are redundantly configured and are equipped with the redundant supervisor module, allow an unauthenticated malicious person to log in as root to the standby supervisor. However, the malicious party mus...
Vulnerabilities fixed in Google Chrome and Chromium
Google has fixed several vulnerabilities in Chrome. A remote malicious person can exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...
Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor
Foxit has fixed several vulnerabilities in PDF reader and PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must trick the deceive the victim...
Vulnerabilities fixed in IBM MQ Operator and Queue Manager
IBM has fixed vulnerabilities in MQ Operator and Queue Manager. An unauthenticated malicious person could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system. The vulnerabilities are located in the underlying libksba and sqlite libraries. IBM...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in node.js. A malicious party can exploit the vulnerabilities to bypass security measures and thus gain access to modules and code for which which it is not authorized. Also, the malicious party can cause a Denial-of-Service, or through host header injection...
Vulnerability fixed in Joomla!
Joomla has fixed a vulnerability. An unauthenticated remote malicious person could exploit the vulnerability to gain access to vulnerable servers without prior authentication to gain access to vulnerable web endpoints. The consequential damage depends on the endpoint and could potentially lead to...
Vulnerabilities fixed in Intel BMC and OpenBMC firmware
Intel has fixed vulnerabilities in the BMC and OpenBMC firmware for various processors. A malicious party could exploit them to cause a denial-of-service, or grant themselves elevated privileges, possibly up to administrator level. Intel has released updates to fix the vulnerabilities in BMC and...
Vulnerabilities fixed in FortiNet FortiOS
FortiNet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Access to sensitive data Increased user privileges With the...
Vulnerabilities fixed in ClamAV
ClamAV has fixed two vulnerabilities in ClamAV. A unauthenticated remote malicious person could exploit them to obtain sensitive information, or to execute arbitrary code with privileges from ClamAV. ClamAV has released updates to fix the vulnerabilities in ClamAV 1.0.1, 0.105.2 and 0.103.8. For...
Vulnerability fixed in FortiNet FortiAnalyzer
FortiNet has fixed a vulnerability in FortiAnalyzer. A unauthenticated malicious person could exploit the vulnerability to perform perform a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser of the victim. FortiNet has...
Vulnerabilities fixed in FortiNet FortiWeb
FortiNet has fixed vulnerabilities in FortiWeb. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code up to and including root privileges on the vulnerable system. FortiNet has released updates to fix the vulnerabilities in FortiWeb. For more information, se...
Vulnerability fixed in HAProxy
HAProxy has fixed a vulnerability in all supported versions of HAProxy. Because headers are not always correctly processed, other headers can potentially become hidden from the parser of the proxy. This can cause a so-called "Request Smuggling occur. Request Smuggling attacks can lead to...
Vulnerabilities fixed in various Adobe products
Adobe has fixed vulnerabilities in several products, including Photoshop, Framemaker, InDesign and Premiere Rush. A malicious party could exploit the vulnerabilities to execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure...
Vulnerabilities fixed in Git and GitLab
The Git community has fixed vulnerabilities in Git. A malicious party with a repository under its control could exploit the vulnerabilities to gain access to sensitive data, or overwrite arbitrary files on the system of the victim's system. The vulnerability is in the way Git handles symbolic...
Vulnerabilities fixed in Cisco Nexus Dashboard
Cisco has fixed vulnerabilities in the Nexus Dashboard. A malicious person with access to the management environment can exploit the exploit the vulnerabilities to cause a denial-of-service, or to launch a cross-site scripting attack. execute. Such an attack could result in execution of code in t...
Fixed vulnerabilities in several Atlassian products
Atlassian has fixed vulnerabilities in several products that use git. The vulnerability is located in the included git implementation and allows a malicious person to to execute arbitrary code. For these vulnerabilities in git, security advisory NCSC-2023-0024 released. Atlassian has released...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR th Thunderbird. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to sensitive data Access to...
Vulnerabilities fixed in Citrix products
Several vulnerabilities have been fixed in Citrix products. The vulnerability with reference CVE-2023-24483 is located in Citrix Virtual Apps and Desktops Windows VDAs. An authenticated malicious party could potentially exploit this vulnerability to obtain elevated privileges within a Windows VDA...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office components. For an overview of the vulnerabilities, see list below. The most serious vulnerability is in MS Word and has attribute CVE-2023-21716 assigned. This vulnerability allows a remote malicious person to execute arbitrary code with user...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant himself elevated privileges granted, or to execute arbitrary code with privileges of the victim. To do this, the malicious party must entice t...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server and Power BI. An authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, possibly with permissions from the server process itself. SQL Server: |----------------|------|-------------------------------------| | CV...
Vulnerabilities fixed in Apple macOS, iOS, iPadOS and Safari
Apple has fixed vulnerabilities in macOS Ventura, iOS, iPadOS and Safari for Big Sur and Monterey. A malicious party could exploit vulnerabilities to execute arbitrary code, or to gain access to sensitive data. To execute code with kernel privileges, or to gain access to sensitive data, the...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange Server. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code under permissions from the process of Exchange Server itself. As a rule, Exchange Server runs with restricted privileges. Microsoft Exchange Server:...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several components of Azure. For an overview of the vulnerabilities, see the following list. Azure App Service: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Edge
Microsoft has fixed vulnerabilities in Edge Chromium Based. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute code in the context of the browser. However, the malicious party must entice the victim to open malicious content. Microsoft Edge...