4209 matches found
Vulnerabilities fixed in Cisco Identity Services Engine (ISE).
Cisco has fixed vulnerabilities in Identity Services Engine ISE. A malicious person with access to the Web-based management environment could exploit the vulnerabilities to gain access to sensitive data via a Same Server Request Forgery to gain access to sensitive data. It is good practice not to...
Vulnerability fixed in Cisco IOS XE
Cisco has fixed a vulnerability in IOS XE. A authenticated malicious person could exploit the vulnerability to execute arbitrary code as root on the underlying operating system and thus effectively take over the vulnerable system take over. However, abuse is not easy and requires prior knowledge ...
Vulnerability fixed in IBM Websphere Application Server
IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to execute arbitrary code on the system. Abuse is not simple and requires specially prepared data. IBM has released updates to fix the vulnerability in Websphere Application Server. Fo...
Vulnerabilities fixed in F5 BIG-IP
F5 has incorporated several vulnerabilities into BIG-IP. A malicious party could exploit the vulnerabilities to bypass security measures to enable traffic that is not permitted. Also, a malicious party could exploit the vulnerabilities to cause a denial-of-service on sub-processes of the BIG-IP...
Vulnerability fixed in VMware vRealize Operations
A vulnerability has been fixed in VMware vRealize Operations. A malicious person with user privileges within the same network is able to able to bypass Cross-Site Request Forgery CSRF protection. As a result, a malicious party may be able to launch a CSRF attack cross-site request forgery attack ...
Vulnerabilities fixed in MISP
The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities marked CVE-2023-24070, CVE-2023-24026 and CVE-2023-24027 allow a malicious person to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser with...
Vulnerabilities fixed in Schneider Electric EcoStruxure and Modicon products
Vulnerabilities have been fixed in Schneider Electric products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User Rights Schneider Electric has issued update...
Vulnerabilities fixed in Tracker software PDF-Xchange
Tracker Software has fixed several vulnerabilities in PDF-Xchange. The vulnerabilities are located in the various filters for graphics files and allow a malicious party to cause a denial-of-service, or potentially execute arbitrary code execute with user privileges. Abuse requires the malicious...
Vulnerability fixed in Microsoft Windows
Microsoft has released an out-of-band security update to fix a vulnerability in the Point-to-point Tunneling Protocol, as used in the Microsoft Remote Access Service. A unauthenticated malicious party could exploit the vulnerability to execute arbitrary code on the RAS environment, after causing ...
Vulnerability remedied in Keycloak
A vulnerability has been fixed in Keycloak. A malicious party can exploit the vulnerability to gain access via path-traversal to sensitive data. The vulnerability is caused by the fact that URL redirects where the client accepts wildcards are not correctly are processed correctly. -= Red Hat =- R...
Vulnerabilities fixed in BIND
ICS has fixed vulnerabilities in BIND. An unauthenticated malicious party could exploit the vulnerabilities to cause of a denial-of-service DoS. The vulnerability with attribute CVE-2022-3736 is present only when a BIND server uses a particular stale configuration. A malicious party in that case...
Vulnerability found in KeePass
A vulnerability has been found in KeePass. A malicious person could potentially exploit the vulnerability to gain access to data stored in a KeePass database. This could include usernames, passwords and email addresses. Successful misuse requires that the malicious party have access to the system...
Vulnerabilities fixed in Juniper Junos OS
Juniper has fixed vulnerabilities in MX and SRX systems. A unauthenticated malicious party could potentially exploit them to cause a denial-of-service DoS. To this end the malicious party can send malicious network traffic to the vulnerable system. Juniper has released updates to fix the...
Vulnerabilities fixed in VMWare vRealize Log Insight
VMWare has fixed vulnerabilities in vRealize Log Insight. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, to access gain access to system data, or to potentially execute arbitrary code execute system privileges via injecting files at the operatin...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or potentially execute arbitrary code in the context of the browser. As usual, Google released little further substantive information released. Google has released...
Vulnerabilities fixed in Lexmark Printers and Multifunctionals
Lexmark has fixed two vulnerabilities in the firmware of several printer and multifunction lines. A malicious party could exploit the vulnerabilities to grant himself elevated privileges granted on the vulnerable device, or to execute arbitrary code execute. The mitigation against brute-force log...
Vulnerabilities fixed in SolarWinds Database Performance Analyzer
SolarWinds has fixed vulnerabilities in Database Performance Analyzer DPA. An authenticated malicious party can exploit the exploit the vulnerabilities to gain access to sensitive data or perform a cross-site scripting attack. SolarWinds has released updates to address the vulnerabilities fixes i...
Vulnerability fixed in Symantec Endpoint Protection
Symantec has fixed a vulnerability in Endpoint Protection. A local malicious person could exploit the vulnerability to grant themselves elevated privileges and thus gain access to files and possibly sensitive information for which he initially has no privileges. Symantec has released updates to f...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in macOS Big Sur, Monterey and Ventura. A malicious party could exploit them to cause a denial-of-service, access gain access to sensitive data or execute code with privileges from the system. To execute code with system privileges, the malicious party tric...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to obtain sensitive data, cause a Denial of Service or for executing arbitrary code, including in specific cases with system privileges. For the most serious damage, being code execution...
Vulnerability fixed in libgit2
A vulnerability has been fixed in libgit2. libgit2 is a library for providing git functionality to Python and Go applications. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a man-in-the-middle attack because libgit2 does not verify SSH certificates by...
Vulnerability fixed in Cisco Unified Communications Manager
Cisco has fixed an SQL injection vulnerability in Unified Communications Manager and Unified Communications Manager Session Management Edition SME. An authenticated malicious person with access to the management interface, could exploit the vulnerability to perform SQL injections and thereby gain...
Vulnerability fixed in Tenable Nessus
A vulnerability has been fixed in Tenable Nessus. A authenticated malicious party could potentially obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host. Tenable has issued updates to fix the vulnerabilities. For more information, see: https://www.tenable.com/security/tns-2023-01...
Vulnerability found in Cisco Email Security Appliance
A vulnerability has been found in Cisco Email Security Appliance ESA. The vulnerability allows an unauthenticated malicious person able to bypass URL filters and thereby bypass security functionality of ESA. Cisco has published a security advisory with more information about the vulnerability:...
Vulnerability fixed in sudo
A vulnerability has been fixed in sudo's -e option also known as sudoedit. A malicious person with sudoedit privileges can exploit the exploit the vulnerability to edit arbitrary files. In this way, the malicious party can obtain elevated privileges on the vulnerable system. The developers of sud...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in Fusion Middleware products, including WebLogic Server and HTTP Server. A unauthenticated malicious person could potentially exploit them to execute arbitrary code. To do so, it would need to malicious network traffic should be sent to the vulnerable system. sen...
Vulnerabilities fixed in Apache web server
Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Apache has released updates to fix the...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed several vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to collect system data and/or execute code under the user's privileges. Mozilla has released Firefox 109 and Firefox ESR 102.7 to address the vulnerabilities. You...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Accessing sensitive data Oracle has made updates available to address the vulnerabilities...
Vulnerabilities fixed in GitLab CE and EE
Vulnerabilities have been fixed in GitLab Enterprise Edition EE and Community Edition CE. The vulnerabilities potentially enable a malicious person to execute Remote code execution. GitLab has released updates to fix the vulnerabilities in GitLab EE and CE 15.7.5, 15.6.6, and 15.5.9. For more...
Vulnerabilities fixed in Git
Vulnerabilities have been fixed in Git. The vulnerabilities allow a malicious person potentially capable of performing of Remote code execution. Git has released updates to fix the vulnerability. More information can be found on the pages below:...
Possible exploit vulnerability in Zoho ManageEngine
A vulnerability has been fixed in several Zoho ManageEngine products. The vulnerability is located in an underlying third-party product: Apache Santuario. The vulnerability allows a malicious party to execute arbitrary code on the vulnerable system with system privileges. Researchers at Horizon3 ...
Vulnerability fixed in IBM QRadar SIEM
A vulnerability has been fixed in IBM QRadar SIEM. QRadar SIEM copies certificate files used for SSL/TLS in the QRadar Web interface to hosts in the implementation that do not need the key. Misuse of this can lead to possible access to the admin web server key. IBM has released updates to fix the...
Vulnerability fixed in OpenBSD
A vulnerability has been fixed in OpenBSD. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service by sending a TCP packet with destination port 0. To do this, however, a "divert-to" rule must be included in the pf configuration included in the p...
Vulnerabilities fixed in Dell PowerEdge
Dell has fixed vulnerabilities in PowerEdge Server based on the AMD EPYC platform. The vulnerabilities allow a local malicious party to cause a denial-of-service, access gain access to sensitive data or potentially execute code. Dell has released updates to fix the vulnerabilities. For more...
Vulnerabilities fixed in Google Chrome and Microsoft Edge
Vulnerabilities have been fixed in Google Chrome and Microsoft Edge. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights Acce...
Vulnerabilities fixed in Juniper Junos OS
Juniper has fixed vulnerabilities in Junos OS for several products. A malicious party could potentially exploit them to cause a denial-of-service. The vulnerabilities CVE-2023-22391, CVE-2023-22396, CVE-2023-22399 and CVE-2023-22403 can be exploited by an unauthenticated malicious person via the...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Exchange Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Accessing sensitive data. Impersonating another user spoofing Obtaining elevated privileges The vulnerability...
Vulnerability fixed in Microsoft Malicious Software Removal Tool
Microsoft has fixed a vulnerability in the Windows Malicious Software Removal Tool as used by Microsoft System Center Endpoint Protection and Microsoft Malware Protection Engine. The vulnerability allows a malicious party to obtain of elevated privileges. Windows Malicious Software Removal Tool:...
Vulnerability fixed in Azure Service Fabric
A vulnerability has been fixed in Microsoft Azure Service Fabric Container. The vulnerability potentially allows a malicious party to able to take over the vulnerable Service Fabric cluster. Azure Service Fabric Container: |----------------|------|-------------------------------------| | CVE ID |...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Visual Studio Code and .NET Core. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Visual Studio Code:...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to system data Increased user privileges Adobe has...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive data Microsoft Office:...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote co...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in SINEC INS, among others, SIMATIC, SINUMERIK, SIMOCODE, SIRPLUS, SCALANCE, JT Open, JT Utilities, Solid Edge, Automation License Manager, Mendix and RUGGEDCOM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in t...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure. Remote code execution User Rights SQL...
Vulnerability fixed in JFrog Artifactory
A vulnerability has been fixed in JFrog Artifactory. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication to gain elevated user privileges. To do so, the malicious party must send a specially prepared request to the Artifactory instance. JFrog has...
Vulnerabilities fixed in Discourse
Vulnerabilities have been fixed in Discourse. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Access to system data When the "Mermaid" component is in use, there is also the possibility...
Vulnerabilities fixed in Lenovo ThinkPad X13s
Vulnerabilities have been fixed in the UEFI implementation of Lenovo ThinkPad X13s systems. The vulnerabilities allow an authenticated user with elevated privileges able to execute arbitrary code and view sensitive data. The complexity of such attacks is high. However, the vulnerabilities are...
Vulnerabilities fixed in Fortinet products
Vulnerabilities have been fixed in several products from Fortinet. These vulnerabilities allow an authenticated malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS in FortiPortal Bypassing authentication in FortiManager Circumvention of...