4209 matches found
Vulnerabilities fixed in Cisco NX-OS
Cisco has fixed vulnerabilities in NX-OS. The vulnerability with attribute CVE-2022-20050 can be exploited by a local, authenticated malicious person to exploit arbitrary code execute arbitrary code at the system level by exploiting command-line injection. Also, a bug has been fixed in the...
Vulnerabilities fixed in Cisco Firepower and UCS Fabric Interconnect systems
Cisco has fixed vulnerabilities in FX-OS, as used in Firepower and UCS Fabric systems. The vulnerability with reference CVE-2023-20016 allows a malicious person with access to backups to gain access to the backup data from the vulnerable devices. This allows the malicious party gain access to the...
Vulnerabilities fixed in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager.
Cisco has fixed vulnerabilities in Email Security Appliance ESA and Secure Email and Web Manager. A malicious party with prior authentication could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute arbitrary code with elevated privileges,...
Vulnerability fixed in Arista switches
Arista has fixed a vulnerability in the firmware of several Series 7000 switches. Switches that are redundantly configured and are equipped with the redundant supervisor module, allow an unauthenticated malicious person to log in as root to the standby supervisor. However, the malicious party mus...
Vulnerability fixed in VMware vRealize
VMware has fixed a vulnerability in vRealize Orchestrator and vRealize Automation. A malicious person with access to the Orchestrator could exploit the vulnerability for an XML External Entity XXE attack, potentially gaining access to sensitive data or grant themselves elevated privileges in the...
Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor
Foxit has fixed several vulnerabilities in PDF reader and PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must trick the deceive the victim...
Vulnerabilities fixed in Google Chrome and Chromium
Google has fixed several vulnerabilities in Chrome. A remote malicious person can exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...
Vulnerability fixed in FortiWeb
FortiNet has fixed a vulnerability in the proxy daemon of FortiWeb. An unauthenticated remote malicious agent could vulnerability potentially exploit it to execute arbitrary code with permissions from the daemon. To do this, the malicious party must cause a buffer overflow via rogue HTTP traffic...
Vulnerabilities fixed in IBM MQ Operator and Queue Manager
IBM has fixed vulnerabilities in MQ Operator and Queue Manager. An unauthenticated malicious person could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system. The vulnerabilities are located in the underlying libksba and sqlite libraries. IBM...
Vulnerability fixed in Joomla!
Joomla has fixed a vulnerability. An unauthenticated remote malicious person could exploit the vulnerability to gain access to vulnerable servers without prior authentication to gain access to vulnerable web endpoints. The consequential damage depends on the endpoint and could potentially lead to...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in node.js. A malicious party can exploit the vulnerabilities to bypass security measures and thus gain access to modules and code for which which it is not authorized. Also, the malicious party can cause a Denial-of-Service, or through host header injection...
Vulnerabilities fixed in FortiNet FortiWeb
FortiNet has fixed vulnerabilities in FortiWeb. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code up to and including root privileges on the vulnerable system. FortiNet has released updates to fix the vulnerabilities in FortiWeb. For more information, se...
Vulnerabilities fixed in FortiNet FortiOS
FortiNet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Access to sensitive data Increased user privileges With the...
Vulnerabilities fixed in Intel BMC and OpenBMC firmware
Intel has fixed vulnerabilities in the BMC and OpenBMC firmware for various processors. A malicious party could exploit them to cause a denial-of-service, or grant themselves elevated privileges, possibly up to administrator level. Intel has released updates to fix the vulnerabilities in BMC and...
Vulnerability fixed in FortiNet FortiAnalyzer
FortiNet has fixed a vulnerability in FortiAnalyzer. A unauthenticated malicious person could exploit the vulnerability to perform perform a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's browser of the victim. FortiNet has...
Vulnerabilities fixed in ClamAV
ClamAV has fixed two vulnerabilities in ClamAV. A unauthenticated remote malicious person could exploit them to obtain sensitive information, or to execute arbitrary code with privileges from ClamAV. ClamAV has released updates to fix the vulnerabilities in ClamAV 1.0.1, 0.105.2 and 0.103.8. For...
Vulnerabilities fixed in Git and GitLab
The Git community has fixed vulnerabilities in Git. A malicious party with a repository under its control could exploit the vulnerabilities to gain access to sensitive data, or overwrite arbitrary files on the system of the victim's system. The vulnerability is in the way Git handles symbolic...
Vulnerability fixed in HAProxy
HAProxy has fixed a vulnerability in all supported versions of HAProxy. Because headers are not always correctly processed, other headers can potentially become hidden from the parser of the proxy. This can cause a so-called "Request Smuggling occur. Request Smuggling attacks can lead to...
Vulnerabilities fixed in Cisco Nexus Dashboard
Cisco has fixed vulnerabilities in the Nexus Dashboard. A malicious person with access to the management environment can exploit the exploit the vulnerabilities to cause a denial-of-service, or to launch a cross-site scripting attack. execute. Such an attack could result in execution of code in t...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR th Thunderbird. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to sensitive data Access to...
Vulnerabilities fixed in various Adobe products
Adobe has fixed vulnerabilities in several products, including Photoshop, Framemaker, InDesign and Premiere Rush. A malicious party could exploit the vulnerabilities to execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure...
Fixed vulnerabilities in several Atlassian products
Atlassian has fixed vulnerabilities in several products that use git. The vulnerability is located in the included git implementation and allows a malicious person to to execute arbitrary code. For these vulnerabilities in git, security advisory NCSC-2023-0024 released. Atlassian has released...
Vulnerabilities fixed in Citrix products
Several vulnerabilities have been fixed in Citrix products. The vulnerability with reference CVE-2023-24483 is located in Citrix Virtual Apps and Desktops Windows VDAs. An authenticated malicious party could potentially exploit this vulnerability to obtain elevated privileges within a Windows VDA...
Vulnerabilities fixed in ImageMagick
Several vulnerabilities have been fixed in ImageMagick. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to gain access to sensitive data. To do this, the malicious party must have a specially prepared file to be processed by ImageMagick. Canonical h...
Vulnerabilities fixed in SAP products
SAP has released updates for several products, including SAP BASIS, Netweaver, HAMA, Business Planning & Consolidation, SAP CRM and SAP Solution Manager. A malicious party could potentially exploit and cause damage in the following categories: Cross-Site Scripting XSS Bypassing authentication...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange Server. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code under permissions from the process of Exchange Server itself. As a rule, Exchange Server runs with restricted privileges. Microsoft Exchange Server:...
Vulnerabilities fixed in Apple macOS, iOS, iPadOS and Safari
Apple has fixed vulnerabilities in macOS Ventura, iOS, iPadOS and Safari for Big Sur and Monterey. A malicious party could exploit vulnerabilities to execute arbitrary code, or to gain access to sensitive data. To execute code with kernel privileges, or to gain access to sensitive data, the...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office components. For an overview of the vulnerabilities, see list below. The most serious vulnerability is in MS Word and has attribute CVE-2023-21716 assigned. This vulnerability allows a remote malicious person to execute arbitrary code with user...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in Microsoft Edge
Microsoft has fixed vulnerabilities in Edge Chromium Based. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute code in the context of the browser. However, the malicious party must entice the victim to open malicious content. Microsoft Edge...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant himself elevated privileges granted, or to execute arbitrary code with privileges of the victim. To do this, the malicious party must entice t...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server and Power BI. An authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, possibly with permissions from the server process itself. SQL Server: |----------------|------|-------------------------------------| | CV...
Vulnerabilities fixed in IBM Qradar SIEM
IBM has fixed several vulnerabilities in Qradar SIEM. The vulnerabilities are in underlying third-party products and have been previously fixed by the relevant developers and already previously described in previous security advisories. IBM is now bundling these updates now in the latest version ...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several components of Azure. For an overview of the vulnerabilities, see the following list. Azure App Service: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in Scalance, among others, TIA, SiPass, SIMATIC, COMOS, Brownfield, JT Open Toolkit, Mendix, RuggedCom and Solid Edge. The vulnerabilities would allow a malicious potentially able to launch attacks that result in the following categories of damage:...
Vulnerability fixed in Red Hat OpenShift
Red Hat has fixed a vulnerability in the OpenShift Container Platform. The vulnerability is located in the Maven subsystem and allows an unauthenticated malicious person to apply command injections and execute shell commands with permissions from the underlying application. Red Hat has released...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2 10.5, 11.1 and 11.5. For more information and the related FixPacks, see:...
Vulnerabilities fixed in OpenSSL
The developers of OpenSSL have fixed several vulnerabilities fixed. A malicious party could exploit the vulnerabilities to cause a denial-of-service by offering manipulated certificates causing the OpenSSL system to crash. Under specially prepared circumstances, where the malicious party has...
Vulnerability fixed in Red Hat Fuse
Red Hat has fixed a vulnerability in Fuse 7. The vulnerability is located in the Hazelcast integrated in Fuse Connection Cache and allows an unauthenticated malicious agent to able to manipulate data in the cluster without prior authentication or authorization. Red Hat has released updates to fix...
Vulnerability fixed in phpMyAdmin
A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...
Vulnerability fixed in Dell EMC Networker
Dell has fixed a vulnerability in EMC Networker client. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. The vulnerability can be exploited when the Networker Client uses the oldauth authentication method. Dell has released...
Vulnerabilities fixed in IBM Aspera Faspex
IBM has fixed vulnerabilities in Aspera Faspex. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure Accessing system data The...
Vulnerability fixed in Dell Repository Manager
Dell has fixed a vulnerability in Repository Manager. A local malicious person could exploit the vulnerability to execute arbitrary code on the underlying operating system. The vulnerability can be exploited during the installation of systems. Dell has released updates to fix the vulnerability in...
Vulnerabilities fixed in GitLab CE and EE
Vulnerabilities have been fixed in GitLab Enterprise Edition EE and Community Edition CE. The vulnerabilities potentially enable a malicious party to perform a Cross-Site Request Forgery XSRF and/or a possible denial-of-service DoS exploit. GitLab has released updates to fix the vulnerabilities i...
Vulnerability fixed in Trend Micro Apex One
A vulnerability has been fixed in Trend Micro Apex One. A unauthenticated remote malicious person can exploit the vulnerability exploit it to cause a denial-of-service DoS. Trend Micro has released updates to fix the vulnerability. fix. For more information, see:...
Vulnerability fixed in VMWare Workstation
VMWare has fixed a vulnerability in VMWare Workstation. A local malicious party could exploit the vulnerability to remove arbitrary delete files from the system on which Workstation is installed. VMWare has released updates to fix the vulnerability in Workstation 17.0.1. For more information, see...
Vulnerability fixed in Cisco Prime Infrastructure
Cisco has fixed a vulnerability in the Web-based management interface of Prime Infrastructure. An unauthenticated malicious person with access to the management environment can exploit the exploit the vulnerability to perform a cross-site scripting XSS attack. Such an attack can lead to execution...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in Jira Service Management Server and Data Center. The vulnerability allows a malicious party able to obtain a user's signup token and thus obtain a user's signup token and thereby bypass authentication. To obtain a signup token, a malicious party must gain...