4179 matches found
Vulnerabilities fixed in Git
Vulnerabilities have been fixed in Git. The vulnerabilities allow a malicious person potentially capable of performing of Remote code execution. Git has released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerability fixed in IBM QRadar SIEM
A vulnerability has been fixed in IBM QRadar SIEM. QRadar SIEM copies certificate files used for SSL/TLS in the QRadar Web interface to hosts in the implementation that do not need the key. Misuse of this can lead to possible access to the admin web server key. IBM has released updates to fix the...
Possible exploit vulnerability in Zoho ManageEngine
A vulnerability has been fixed in several Zoho ManageEngine products. The vulnerability is located in an underlying third-party product: Apache Santuario. The vulnerability allows a malicious party to execute arbitrary code on the vulnerable system with system privileges. Researchers at Horizon3 ...
Vulnerabilities fixed in Dell PowerEdge
Dell has fixed vulnerabilities in PowerEdge Server based on the AMD EPYC platform. The vulnerabilities allow a local malicious party to cause a denial-of-service, access gain access to sensitive data or potentially execute code. Dell has released updates to fix the vulnerabilities. For more...
Vulnerability fixed in OpenBSD
A vulnerability has been fixed in OpenBSD. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service by sending a TCP packet with destination port 0. To do this, however, a "divert-to" rule must be included in the pf configuration included in the p...
Vulnerabilities fixed in Google Chrome and Microsoft Edge
Vulnerabilities have been fixed in Google Chrome and Microsoft Edge. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights Acce...
Vulnerabilities fixed in Juniper Junos OS
Juniper has fixed vulnerabilities in Junos OS for several products. A malicious party could potentially exploit them to cause a denial-of-service. The vulnerabilities CVE-2023-22391, CVE-2023-22396, CVE-2023-22399 and CVE-2023-22403 can be exploited by an unauthenticated malicious person via the...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Exchange Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Accessing sensitive data. Impersonating another user spoofing Obtaining elevated privileges The vulnerability...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to system data Increased user privileges Adobe has...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive data Microsoft Office:...
Vulnerability fixed in Azure Service Fabric
A vulnerability has been fixed in Microsoft Azure Service Fabric Container. The vulnerability potentially allows a malicious party to able to take over the vulnerable Service Fabric cluster. Azure Service Fabric Container: |----------------|------|-------------------------------------| | CVE ID |...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote co...
Vulnerability fixed in Microsoft Malicious Software Removal Tool
Microsoft has fixed a vulnerability in the Windows Malicious Software Removal Tool as used by Microsoft System Center Endpoint Protection and Microsoft Malware Protection Engine. The vulnerability allows a malicious party to obtain of elevated privileges. Windows Malicious Software Removal Tool:...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio Code and .NET Core. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Visual Studio Code:...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in SINEC INS, among others, SIMATIC, SINUMERIK, SIMOCODE, SIRPLUS, SCALANCE, JT Open, JT Utilities, Solid Edge, Automation License Manager, Mendix and RUGGEDCOM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in t...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure. Remote code execution User Rights SQL...
Vulnerability fixed in JFrog Artifactory
A vulnerability has been fixed in JFrog Artifactory. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication to gain elevated user privileges. To do so, the malicious party must send a specially prepared request to the Artifactory instance. JFrog has...
Vulnerabilities fixed in Lenovo ThinkPad X13s
Vulnerabilities have been fixed in the UEFI implementation of Lenovo ThinkPad X13s systems. The vulnerabilities allow an authenticated user with elevated privileges able to execute arbitrary code and view sensitive data. The complexity of such attacks is high. However, the vulnerabilities are...
Vulnerabilities fixed in Discourse
Vulnerabilities have been fixed in Discourse. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Access to system data When the "Mermaid" component is in use, there is also the possibility...
Vulnerabilities fixed in Fortinet products
Vulnerabilities have been fixed in several products from Fortinet. These vulnerabilities allow an authenticated malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS in FortiPortal Bypassing authentication in FortiManager Circumvention of...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc, Imagination Technologies and Mediatek. The vulnerabilities allow a malicious party potentially able to launch attacks that lead ...
Vulnerability fixed in MISP
A vulnerability has been fixed in MISP. The vulnerability allows an authenticated malicious person to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application being visited. CIRCL has released an...
Vulnerability found in SugarCRM
A new vulnerability may have been found in SugarCRM. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Web server. The described vulnerability is said to be located in the AttachFiles action o...
Vulnerabilities fixed in Snipe-IT
Several vulnerabilities have been fixed in Snipe-IT. The vulnerabilities allow a remote malicious person to launch an XSS attack and to retrieve usernames. To exploit the XSS vulnerability, the malicious party must be authenticated and have rights to Accessory and Consumables to modify. The...
Vulnerability fixed in Esri ArcGIS Server
A vulnerability has been fixed in Esri ArcGis Server. This vulnerability allows an unauthenticated malicious person through path traversal to view system information from the server on which the application is running. Esri has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in XStream
A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.20 to fix the vulnerability. For more information, see:...
Vulnerability fixed in HCL BigFix
A vulnerability has been fixed in HCL BigFix. The vulnerability allows an authenticated remote malicious person to obtain to obtain sensitive data. HCL has released updates to fix the vulnerability. More information can be found on the page below: https://support.hcltechsw.com...
Vulnerability fixed in HP OfficeConnect 1820 and 1850 switches
HPO has fixed a vulnerability in the firmware of its OfficeConnect 1820 and 1850 switches. An unauthenticated malicious party could, by exploiting the vulnerability, perform a directory traversal and thereby gain access to system data. This data could potentially be used to setting up further...
Vulnerability fixed in Juniper JunOS
Juniper has fixed a vulnerability in JunOS and JunOS Evolved. The vulnerability allows an unauthenticated malicious person at remote user to cause a denial-of-service by sending a sending a rogue BGP message. To do this, the malicious party must have built a valid BGP session. The vulnerability i...
Vulnerabilities fixed in HCL Lotus Notes
HCL has fixed vulnerabilities in Lotus Notes. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or to potentially execute arbitrary execute arbitrary code with user privileges. HCL has released updates to fix the vulnerabilities in Lotus Notes 9.0....
Vulnerability fixed in NetApp OnCommand Insight
NetApp has fixed a vulnerability in OnCommand Insight. A unauthenticated malicious person with access to the management interface, could exploit the vulnerability to obtain system data and cause a denial-of-service cause. The vulnerability does not allow the malicious party to access the collecte...
Vulnerabilities fixed in Mattermost
Unspecified vulnerabilities have been fixed in MatterMost. Mattermost has not released any substantive information released, but estimates the severity of the vulnerabilities as MEDIUM. The grading of this security advisory is accordingly accordingly. MatterMost indicates in accordance with their...
Vulnerability fixed in Dell Openmanage
A vulnerability has been fixed in Dell Openmanage Server Administrator OMSA. An authenticated malicious party can exploit the exploit the vulnerability to grant themselves elevated privileges on the vulnerable system and thereby execute arbitrary code with privileges of the system. This...
Vulnerability discovered in pfSense pfBlockerNG
Researchers have discovered a vulnerability in the pfBlockerNG package of pfSense. A malicious person could exploit it to execute arbitrary OS commands on the vulnerable system, when the malicious party has access to the web console of pfSense. It is good practice not to have such a console...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL. The vulnerabilities allow a malicious party the ability to bypass a security measure or cause a denial-of-service. The developers of cURL have released updates to fix the vulnerabilities. For more information, see: https://curl.se/docs/CVE-2022-43551.html...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious party to obtain elevated privileges or to obtain sensitive data. The vulnerabilities marked CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023 are vulnerabilities in RC4-HMAC that were previously fixed by Microsoft. Th...
Vulnerabilities fixed in HCL Domino and HCL Notes
Vulnerabilities have been fixed in HCL Domino and HCL Notes. The vulnerabilities allow an unauthenticated remote malicious person to remotely capable of executing arbitrary code. HCL has released updates to fix the vulnerabilities. More information can be found on the pages below: HCL Domino:...
Vulnerability fixed in OTRS
A vulnerability has been fixed in OTRS. The vulnerability allows an authenticated malicious person to perform an SQL injection. execute. OTRS instances are only vulnerable if the TicketSearch Web service is configured. OTRS developers have released updates to fix the vulnerability. More informati...
Vulnerability fixed in Exact Synergy
A vulnerability has been fixed in Exact Synergy Enterprise. The vulnerability allows a malicious party to use Cross-Site Scripting XSS to execute arbitrary code under the rights of the user. A malicious party needs to be authenticated to be able to see within the application a profile picture, in...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities allow an unauthenticated remote malicious person to cause a denial-of-service DoS or execute arbitrary code. execute. To do so, the malicious party must trick the victim into entice the victim to open malicious content. Google has...
Vulnerability fixed in IBM Spectrum Protect Plus
A vulnerability has been fixed in IBM Spectrum Protect Plus. The vulnerability allows a malicious person to access gain access to sensitive data. The malicious party can alter the communication flow via a Man-in-the-Middle attack between Spectrum Protect Plus vSnap and associated agents because i...
Vulnerabilities fixed in X.Org X Server
Vulnerabilities have been fixed in X.Org X Server. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Increased user privileges Misuse of the...
Vulnerabilities fixed in Lansweeper
Vulnerabilities have been fixed in Lansweeper. The vulnerabilities allow a malicious party to access sensitive data and to execute arbitrary code execute arbitrary code under administrator/root privileges. The vulnerabilities marked CVE-2022-32573 and CVE-2022-29517 are exploited by sending a rog...
Vulnerabilities fixed in IBM AIX
Vulnerabilities have been fixed in IBM AIX. The vulnerabilities allow a malicious party to obtain elevated user privileges and cause a denial-of-service DoS cause. The vulnerability with attribute CVE-2022-41290 and a CVSSv3 score of 8.4 enables an unauthenticated malicious person to obtain root...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Access to sensitive data Access to system data Apple states that it is aware of...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of authentication Remote code...
Vulnerabilities fixed in several VMware products
VMWare has fixed several vulnerabilities in its products: VMware Workspace ONE Access and Identity Manager, VMware ESXi, VMware Workstation Pro / Player, VMware Fusion Pro / Fusion, VMware Cloud Foundation and VMware vRealize Impact A malicious party could potentially exploit the vulnerabilities ...
Vulnerabilities fixed in Ubuntu
Vulnerabilities have been fixed in the Linux kernel as used by Ubuntu. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Access to sensitive data -= Ubunt...