4209 matches found
Vulnerabilities fixed in GitLab Enterprise and Community Editions
GitLab has fixed several vulnerabilities in GitLab Enterprise and Community Editions. A malicious person with access to the development environment could exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in IBM QRadar SIEM and User Behavior Analytics
IBM fixed vulnerabilities in QRadar SIEM and User Behavior Analytics. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security...
Vulnerabilities fixed in QNAP QTS and QuTS hero
QNAP has fixed vulnerabilities in QTS and QuTS hero, the operating system for QNAP NAS devices. An authenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or grant themselves elevated privileges and thus gain access to sensitive data or execute arbitrary cod...
Vulnerabilities fixed in Forcepoint Cloud Security Gateway
Forcepoint has fixed vulnerabilities in the Login Portal of Cloud Security Gateway and underlying tooling such as Web Security Gateway and Email Security Gateway. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack typically...
Vulnerabilities fixed in Jetbrains IntelliJ IDEA
Jetbrains has fixed vulnerabilities in IntelliJ IDEA. A malicious person with access to the development environment can exploit the vulnerabilities to bypass security measures or manipulate source code to gain access to sensitive data or execute or have executed code with privileges of the victim...
Vulnerabilities fixed in Samba
Samba developers have fixed vulnerabilities in Samba. A malicious party could exploit the vulnerabilities to gain access gain access to sensitive data, or to manipulate data in the underlying Active Directory without being authorized to do so. The vulnerability with attribute CVE-2023-0614 is a f...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root righ...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Apache OpenOffice
Apache has fixed vulnerabilities in OpenOffice. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the application, with permissions from the victim. To do this, the malicious party must trick the victim into opening a malicious fi...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. A remote malicious person could exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...
Vulnerabilities fixed in Cisco Access Points
Cisco has fixed vulnerabilities in several access points. A malicious party could exploit the vulnerabilities to cause a denial-of-service on the vulnerable system, or to execute arbitrary code as root. To execute arbitrary code, the malicious party needs need prior authentication on the command...
Vulnerabilities fixed in IBM Aspera Faspex
IBM has fixed vulnerabilities in Aspera Faspex. A malicious party could exploit the vulnerabilities to obtain sensitive data obtain, or potentially execute arbitrary code under the victim's privileges through an XML External Entity injection attack XXE. IBM has released updates to fix the...
Vulnerabilities fixed in Cisco IOS XE
Cisco has fixed vulnerabilities in IOS XE. An authenticated malicious party could exploit the vulnerabilities to gain access to system data, cause a denial-of-service, or to grant themselves elevated privileges and potentially execute arbitrary execute arbitrary code on the vulnerable system. To...
Vulnerabilities discovered in mobile devices with Samsung Exynos Modem
Google Project Zero has discovered fourteen vulnerabilities in Samsung Exynos Modems. These modems are used in at least the following mobile devices: Samsung: S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 Vivo: S16, S15, S6, X70, X60 and X30 Google: Pixel 6 and Pixel 7 It is possible...
Vulnerability fixed in IBM Aspera Faspex
IBM has fixed a vulnerability in Aspera Faspex. A authenticated malicious user can use the vulnerability to change the password of another user. IBM has released a new container image to fix the vulnerability fix in Aspera Faspex 5.0.4. For more information, see:...
Vulnerability fixed in Adobe Creative Cloud Desktop Application
Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A local malicious person could abuse the vulnerability to execute arbitrary code. The malicious party does not need prior authorizations on the application. Adobe has released updates to fix the vulnerability in Creative Cloud...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator 2023. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code with privileges of the victim. To do so, the malicious party must trick the victim into opening a malicious file to open. Adobe h...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data Access to system data The malicious party...
Vulnerabilities fixed in Zoom
Zoom has fixed vulnerabilities in the Zoom client for various platforms. An unauthenticated remote malicious person could exploit the exploit the vulnerabilities to cause a denial-of-service. A local malicious person can grant themselves elevated privileges through vulnerabilities in the installe...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A local malicious party can exploit the vulnerability to execute arbitrary code. The malicious party does not need any prior authorizations on the application. Adobe has released updates to fix the vulnerability in Photoshop 2022 v23.5.4 & 2023 v24.2....
Vulnerability fixed in HP Integrated Lights Out (ILO)
Hewlett Packard has fixed a vulnerability in Integrated Lights Out ILO 4, 5 and 6. A malicious person with access to the ILO infrastructure could exploit the vulnerability to perform of a cross-site scripting XSS attack. Such an attack can lead to execution of code in the context of the browser o...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges to gain access to sensitive data. Of the vulnerability with reference CVE-2023-26360, Adobe indicates information that it has already been...
Vulnerabilities fixed in Adobe Dimension
Adobe has fixed vulnerabilities in Dimension. A local malicious person could exploit the vulnerabilities to execute arbitrary code execute with application privileges, or to access gain access to sensitive data in the context of the application. Adobe has released updates to fix the vulnerabiliti...
Vulnerabilities fixed in Aruba Clearpass Policy Manager
Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. The vulnerabilities are located in the web-based management interface of CPPM and allow a malicious person to access gain access to sensitive data, execute arbitrary code on the underlying system or, through a chain of actions,...
Vulnerabilities fixed in Aveva products
Aveva has fixed vulnerabilities in inTouch, PlantScada and Telemery Server. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to system...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure Service Fabric and Azure HDInsight Apache Ambari. The vulnerabilities allow a malicious person able to impersonate another user. To do so, the malicious party must entice someone with higher privileges entice someone with higher privileges to click on ...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio. The vulnerabilities are located in the git code used by Visual Studio used and allow a malicious party to access gain access to sensitive data, or to execute arbitrary code execute code with the victim's privileges. Because Visual Studio is a...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in the Dynamics 365 platform. An authenticated malicious party can exploit the vulnerabilities exploit them to perform a cross-site scripting attack and thus impersonate another user and gain access to their data. Microsoft Dynamics:...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. The vulnerabilities allow a malicious person to perform execute attacks that can result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing Access to sensitive data Increased user...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges The mos...
Vulnerabilities fixed in SAP products
SAP has released updates for several products, including SAP ERP, Netweaver, HAMA, Business Objects and SAP Solution Manager. A malicious party could potentially exploit the vulnerabilities and cause damage cause damage in the categories listed below: Cross-Site Scripting XSS Denial-of-Service Do...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in SCALANCE, among others, RuggedCom, SIMATIC, SIPROTEC and Mendix. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that lead to the following categories of damage: Denial-of-Service DoS. Accessing sensitive data Bypassing...
Vulnerabilities fixed in Lexmark Printers and Multifunctionals
Lexmark has fixed several vulnerabilities in the firmware of their printers and multifunction devices. A remote malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the printer's vulnerable interface, or to appropriate elevated privileges after previous...
Vulnerabilities fixed in Redis
Redis has fixed two vulnerabilities. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. Because Redis is widely used as a message broker to support of information exchange processes, the consequence of a Denial-of-Service on the Redis service cannot be...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed vulnerabilities in IOS XR, as used in ASR series 9000 routers. An unauthenticated remote malicious person could remote can exploit the vulnerability with attribute CVE-2023-20049 to cause a denial-of-service DoS by sending rogue BFD packets. BFD is Bidirectional Forwarding...
Vulnerabilities fixed in Foxit PDF Editor
Foxit has fixed vulnerabilities in PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code in the user's context, as it appears possible appears to be able to reuse released objects and pointers in...
Vulnerability fixed in Veeam Backup & Replication
A vulnerability has been fixed in Veaam Backup & Replication. A unauthenticated malicious person with access to the network port of the Backup Server, could exploit the vulnerability to retrieve encrypted credentials from the configuration. Using these credentials, the malicious party can then ga...
Vulnerability fixed in FortiOS
FortiNet has fixed a vulnerability in FortiOS. The vulnerability is located in the management environment and allows an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, or execute arbitrary code on the...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. A remote malicious person could exploit the vulnerabilities to perform execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...
Vulnerabilities fixed in xWiki
The developers of Xwiki have fixed several vulnerabilities in Xwiki. An authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, or to gain access to data to which the malicious party is not initially authorized. Xwiki has released updates to fix the...
Vulnerabilities fixed in GitLab Enterprise and Community Editions
GitLab has fixed several vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure...
Vulnerabilities fixed in HP Serviceguard
HP has fixed vulnerabilities in Serviceguard. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or possibly to execute arbitrary code with application privileges. HP has released updates to fix the vulnerabilities in Serviceguard linux A.15.00.00 and A.12.80.05. F...
Vulnerabilities fixed in Aruba Networks OS
Aruba Networks has fixed several vulnerabilities in Aruba OS, as used in WLAN Gateway, SD-WAN Gateway and Aruba Mobility Conductor & Controller. An unauthenticated malicious person can exploit the exploit vulnerabilities to delete arbitrary files and thereby potentially cause a denial-of-service,...
Vulnerability fixed in Cisco Finesse and Unified Contact Center
Cisco has fixed a vulnerability in Finesse and Unified Contact Center. The vulnerability is in the nginx component. When configured as a reverse proxy, an unauthenticated remote malicious person could exploit it to cause a denial-of-service on the system. Cisco has released updates to fix the...
Vulnerability fixed in IBM Websphere
IBM has fixed a vulnerability in the HTTP server which is used in Websphere Application Server. An unauthenticated remote attacker could exploit the vulnerability to cause a Denial-of-Service by offering a prepared, malformed URL. IBM has released updates to fix the vulnerability in HTTP Server f...
Vulnerabilities fixed in Cisco IP Phones
Cisco has fixed two vulnerabilities in the web management interface of several IP phones. A malicious person with access to this web interface could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the vulnerable phones. It is good practice not to have such a...
Vulnerabilities fixed in Mattermost
Mattermost has fixed several vulnerabilities in Mattermost. The vulnerabilities were made through Responsible Disclosure and Mattermost is not making any substantive information available until March 30. No CVE IDs have been published. The most serious vulnerability has been rated HIGH by...
Vulnerabilities fixed in ForgeRock Web Agents and Java Agents
ForgeRock has fixed vulnerabilities in Web Agents and Java Agents. An unauthenticated remote malicious agent could potentially exploit the vulnerabilities potentially exploit them to bypass authentication, gain access to sensitive data or execute arbitrary code execute arbitrary code. ForgeRock h...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in the Network Performance Monitoring tools of Solarwinds Platform. A malicious person with prior authentication can exploit the vulnerabilities to execute arbitrary code at the system level of the vulnerable system. Solarwinds has released updates to address...