Vulnerabilities fixed in ImageMagick

Several vulnerabilities have been fixed in ImageMagick. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to gain access to sensitive data. To do this, the malicious party must have a specially prepared file to be processed by ImageMagick. Canonical h...

Vulnerabilities fixed in IBM Qradar SIEM

IBM has fixed several vulnerabilities in Qradar SIEM. The vulnerabilities are in underlying third-party products and have been previously fixed by the relevant developers and already previously described in previous security advisories. IBM is now bundling these updates now in the latest version ...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Scalance, among others, TIA, SiPass, SIMATIC, COMOS, Brownfield, JT Open Toolkit, Mendix, RuggedCom and Solid Edge. The vulnerabilities would allow a malicious potentially able to launch attacks that result in the following categories of damage:...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP BASIS, Netweaver, HAMA, Business Planning & Consolidation, SAP CRM and SAP Solution Manager. A malicious party could potentially exploit and cause damage in the following categories: Cross-Site Scripting XSS Bypassing authentication...

Vulnerability fixed in Red Hat OpenShift

Red Hat has fixed a vulnerability in the OpenShift Container Platform. The vulnerability is located in the Maven subsystem and allows an unauthenticated malicious person to apply command injections and execute shell commands with permissions from the underlying application. Red Hat has released...

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2 10.5, 11.1 and 11.5. For more information and the related FixPacks, see:...

Vulnerability fixed in phpMyAdmin

A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...

Vulnerability fixed in Red Hat Fuse

Red Hat has fixed a vulnerability in Fuse 7. The vulnerability is located in the Hazelcast integrated in Fuse Connection Cache and allows an unauthenticated malicious agent to able to manipulate data in the cluster without prior authentication or authorization. Red Hat has released updates to fix...

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system...

Vulnerabilities fixed in OpenSSL

The developers of OpenSSL have fixed several vulnerabilities fixed. A malicious party could exploit the vulnerabilities to cause a denial-of-service by offering manipulated certificates causing the OpenSSL system to crash. Under specially prepared circumstances, where the malicious party has...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...

Vulnerability fixed in Dell Repository Manager

Dell has fixed a vulnerability in Repository Manager. A local malicious person could exploit the vulnerability to execute arbitrary code on the underlying operating system. The vulnerability can be exploited during the installation of systems. Dell has released updates to fix the vulnerability in...

Vulnerability fixed in Dell EMC Networker

Dell has fixed a vulnerability in EMC Networker client. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. The vulnerability can be exploited when the Networker Client uses the oldauth authentication method. Dell has released...

Vulnerabilities fixed in IBM Aspera Faspex

IBM has fixed vulnerabilities in Aspera Faspex. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure Accessing system data The...

Vulnerability fixed in Trend Micro Apex One

A vulnerability has been fixed in Trend Micro Apex One. A unauthenticated remote malicious person can exploit the vulnerability exploit it to cause a denial-of-service DoS. Trend Micro has released updates to fix the vulnerability. fix. For more information, see:...

Vulnerabilities fixed in GitLab CE and EE

Vulnerabilities have been fixed in GitLab Enterprise Edition EE and Community Edition CE. The vulnerabilities potentially enable a malicious party to perform a Cross-Site Request Forgery XSRF and/or a possible denial-of-service DoS exploit. GitLab has released updates to fix the vulnerabilities i...

Vulnerability fixed in VMWare Workstation

VMWare has fixed a vulnerability in VMWare Workstation. A local malicious party could exploit the vulnerability to remove arbitrary delete files from the system on which Workstation is installed. VMWare has released updates to fix the vulnerability in Workstation 17.0.1. For more information, see...

Vulnerability fixed in Cisco IOS XE

Cisco has fixed a vulnerability in IOS XE. A authenticated malicious person could exploit the vulnerability to execute arbitrary code as root on the underlying operating system and thus effectively take over the vulnerable system take over. However, abuse is not easy and requires prior knowledge ...

Vulnerability fixed in IBM Websphere Application Server

IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to execute arbitrary code on the system. Abuse is not simple and requires specially prepared data. IBM has released updates to fix the vulnerability in Websphere Application Server. Fo...

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira Service Management Server and Data Center. The vulnerability allows a malicious party able to obtain a user's signup token and thus obtain a user's signup token and thereby bypass authentication. To obtain a signup token, a malicious party must gain...

Vulnerabilities fixed in Cisco Identity Services Engine (ISE).

Cisco has fixed vulnerabilities in Identity Services Engine ISE. A malicious person with access to the Web-based management environment could exploit the vulnerabilities to gain access to sensitive data via a Same Server Request Forgery to gain access to sensitive data. It is good practice not to...

Vulnerabilities fixed in F5 BIG-IP

F5 has incorporated several vulnerabilities into BIG-IP. A malicious party could exploit the vulnerabilities to bypass security measures to enable traffic that is not permitted. Also, a malicious party could exploit the vulnerabilities to cause a denial-of-service on sub-processes of the BIG-IP...

Vulnerability fixed in Cisco Prime Infrastructure

Cisco has fixed a vulnerability in the Web-based management interface of Prime Infrastructure. An unauthenticated malicious person with access to the management environment can exploit the exploit the vulnerability to perform a cross-site scripting XSS attack. Such an attack can lead to execution...

Vulnerability fixed in VMware vRealize Operations

A vulnerability has been fixed in VMware vRealize Operations. A malicious person with user privileges within the same network is able to able to bypass Cross-Site Request Forgery CSRF protection. As a result, a malicious party may be able to launch a CSRF attack cross-site request forgery attack ...

Vulnerabilities fixed in Schneider Electric EcoStruxure and Modicon products

Vulnerabilities have been fixed in Schneider Electric products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User Rights Schneider Electric has issued update...

Vulnerabilities fixed in MISP

The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities marked CVE-2023-24070, CVE-2023-24026 and CVE-2023-24027 allow a malicious person to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser with...

Vulnerability fixed in Microsoft Windows

Microsoft has released an out-of-band security update to fix a vulnerability in the Point-to-point Tunneling Protocol, as used in the Microsoft Remote Access Service. A unauthenticated malicious party could exploit the vulnerability to execute arbitrary code on the RAS environment, after causing ...

Vulnerabilities fixed in Tracker software PDF-Xchange

Tracker Software has fixed several vulnerabilities in PDF-Xchange. The vulnerabilities are located in the various filters for graphics files and allow a malicious party to cause a denial-of-service, or potentially execute arbitrary code execute with user privileges. Abuse requires the malicious...

Vulnerability remedied in Keycloak

A vulnerability has been fixed in Keycloak. A malicious party can exploit the vulnerability to gain access via path-traversal to sensitive data. The vulnerability is caused by the fact that URL redirects where the client accepts wildcards are not correctly are processed correctly. -= Red Hat =- R...

Vulnerabilities fixed in Juniper Junos OS

Juniper has fixed vulnerabilities in MX and SRX systems. A unauthenticated malicious party could potentially exploit them to cause a denial-of-service DoS. To this end the malicious party can send malicious network traffic to the vulnerable system. Juniper has released updates to fix the...

Vulnerability found in KeePass

A vulnerability has been found in KeePass. A malicious person could potentially exploit the vulnerability to gain access to data stored in a KeePass database. This could include usernames, passwords and email addresses. Successful misuse requires that the malicious party have access to the system...

Vulnerabilities fixed in BIND

ICS has fixed vulnerabilities in BIND. An unauthenticated malicious party could exploit the vulnerabilities to cause of a denial-of-service DoS. The vulnerability with attribute CVE-2022-3736 is present only when a BIND server uses a particular stale configuration. A malicious party in that case...

Vulnerabilities fixed in VMWare vRealize Log Insight

VMWare has fixed vulnerabilities in vRealize Log Insight. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, to access gain access to system data, or to potentially execute arbitrary code execute system privileges via injecting files at the operatin...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or potentially execute arbitrary code in the context of the browser. As usual, Google released little further substantive information released. Google has released...

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS Big Sur, Monterey and Ventura. A malicious party could exploit them to cause a denial-of-service, access gain access to sensitive data or execute code with privileges from the system. To execute code with system privileges, the malicious party tric...

Vulnerability fixed in Symantec Endpoint Protection

Symantec has fixed a vulnerability in Endpoint Protection. A local malicious person could exploit the vulnerability to grant themselves elevated privileges and thus gain access to files and possibly sensitive information for which he initially has no privileges. Symantec has released updates to f...

Vulnerabilities fixed in SolarWinds Database Performance Analyzer

SolarWinds has fixed vulnerabilities in Database Performance Analyzer DPA. An authenticated malicious party can exploit the exploit the vulnerabilities to gain access to sensitive data or perform a cross-site scripting attack. SolarWinds has released updates to address the vulnerabilities fixes i...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to obtain sensitive data, cause a Denial of Service or for executing arbitrary code, including in specific cases with system privileges. For the most serious damage, being code execution...

Vulnerabilities fixed in Lexmark Printers and Multifunctionals

Lexmark has fixed two vulnerabilities in the firmware of several printer and multifunction lines. A malicious party could exploit the vulnerabilities to grant himself elevated privileges granted on the vulnerable device, or to execute arbitrary code execute. The mitigation against brute-force log...

Vulnerability fixed in libgit2

A vulnerability has been fixed in libgit2. libgit2 is a library for providing git functionality to Python and Go applications. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a man-in-the-middle attack because libgit2 does not verify SSH certificates by...

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed an SQL injection vulnerability in Unified Communications Manager and Unified Communications Manager Session Management Edition SME. An authenticated malicious person with access to the management interface, could exploit the vulnerability to perform SQL injections and thereby gain...

Vulnerability found in Cisco Email Security Appliance

A vulnerability has been found in Cisco Email Security Appliance ESA. The vulnerability allows an unauthenticated malicious person able to bypass URL filters and thereby bypass security functionality of ESA. Cisco has published a security advisory with more information about the vulnerability:...

Vulnerability fixed in Tenable Nessus

A vulnerability has been fixed in Tenable Nessus. A authenticated malicious party could potentially obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host. Tenable has issued updates to fix the vulnerabilities. For more information, see: https://www.tenable.com/security/tns-2023-01...

Vulnerability fixed in sudo

A vulnerability has been fixed in sudo's -e option also known as sudoedit. A malicious person with sudoedit privileges can exploit the exploit the vulnerability to edit arbitrary files. In this way, the malicious party can obtain elevated privileges on the vulnerable system. The developers of sud...

Vulnerabilities fixed in Apache web server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Apache has released updates to fix the...

Vulnerabilities fixed in Mozilla Firefox and Firefox ESR

Mozilla has fixed several vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to collect system data and/or execute code under the user's privileges. Mozilla has released Firefox 109 and Firefox ESR 102.7 to address the vulnerabilities. You...

Vulnerabilities fixed in Oracle MySQL

Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Accessing sensitive data Oracle has made updates available to address the vulnerabilities...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Fusion Middleware products, including WebLogic Server and HTTP Server. A unauthenticated malicious person could potentially exploit them to execute arbitrary code. To do so, it would need to malicious network traffic should be sent to the vulnerable system. sen...

Vulnerabilities fixed in GitLab CE and EE

Vulnerabilities have been fixed in GitLab Enterprise Edition EE and Community Edition CE. The vulnerabilities potentially enable a malicious person to execute Remote code execution. GitLab has released updates to fix the vulnerabilities in GitLab EE and CE 15.7.5, 15.6.6, and 15.5.9. For more...