Vulnerability fixed in Citrix Gateway and ADC

Citrix has fixed a vulnerability in Citrix Gateway and Citrix ADC. An unauthenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code. To do so, rogue network traffic must be sent to the vulnerable system be sent. Gateway and ADC systems are only...

Vulnerability fixed in Microsoft Dynamics

A vulnerability has been fixed in Microsoft Dynamics Business Central. The vulnerability allows an authenticated malicious person remotely able to execute arbitrary code on the host OS of the system on which Microsoft Dynamics Business Central is is installed on. To properly exploit this...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in the various Developer Tools. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Increased user privileges The vulnerability in...

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. The vulnerabilities allow a malicious person to impersonate as another user or obtain elevated privileges. Microsoft Edge Chromium-based: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in Microsoft Office. The vulnerabilities allow a malicious person to impersonate as another user, to execute arbitrary code under the user's privileges or obtain elevated privileges. To exploit the vulnerabilities marked CVE-2022-44690 and CVE-2022-44693 CVSS 8.8,...

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Increased user privileges The tables below provide an...

Vulnerability fixed in Microsoft Apps

A vulnerability has been fixed in Windows Terminal. The vulnerability allows a local malicious person to execute arbitrary code to execute arbitrary code. To exploit the vulnerability, the malicious party must trick the victim into downloading and opening a rogue file. download and open it. Windo...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User Rights...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Mendix, among others, Nucleus NET, RUGGEDCOM, SCALANCE, SICAM, SIMATIC, SIPROTEC and SIMATIC WinCC-OA. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF...

Vulnerabilities fixed in Ubuntu

Vulnerabilities have been fixed in the Linux kernel as used by Ubuntu. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Access to sensitive data -= Ubunt...

Vulnerability fixed in FortiOS SSL-VPN

Fortinet has fixed a vulnerability in FortiOS SSL-VPN. A unauthenticated remote malicious party can exploit the vulnerability exploit it to execute arbitrary code. This requires malicious network traffic must be sent to the vulnerable interface sent. Fortinet says it is aware of an incident in...

Vulnerabilities fixed in NetApp Clustered Data ONTAP

NetApp has fixed several vulnerabilities in Clustered Data ONTAP. The vulnerabilities are in underlying libraries such as libcurl, libexpat and libxml2. The vulnerabilities allow a malicious party to cause a denial-of-service, gain access to sensitive data and/or manipulate it. NetApp has release...

Vulnerability fixed in Cisco IP phones

Cisco has fixed a vulnerability in the firmware for Cisco IP phones series 7800 and 8800. An unauthenticated malicious person with access to the phone network could exploit the vulnerability to cause cause a stack overflow on the vulnerable device. With this causes a denial-of-service and allows...

Vulnerabilities fixed in VMware vCenter and ESXi

VMWare has fixed several vulnerabilities in vCenter Server and ESXi. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to gain access to sensitive data, including cleat-text passwords and, under certain circumstances to break out of the sandbox of a guest environme...

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. An unauthenticated malicious party can gain access to the remoteagent.php file. By bypassing the authentication of this file...

Vulnerabilities fixed in Fortinet products

Vulnerabilities have been fixed in Fortinet products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication SQL Injection Accessing system data The vulnerability with...

Vulnerabilities fixed in Aruba ClearPass

Aruba Networks has fixed vulnerabilities in ClearPass. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights...

Vulnerabilities fixed in MobaXterm

Vulnerabilities have been fixed in Mobatek MobaXterm. The vulnerability allows a malicious party to bypass authentication bypass and connect unauthenticated via the SSH or SFTP protocol. Furthermore, a malicious party can perform a denial-of-service DoS exploit on the SFTP protocol. The...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm and Mediatek. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that lead to the following...

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...

Vulnerabilities fixed in WordPress

Vulnerabilities have been fixed in WordPress. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Access to sensitive data No CVE features have been made available at...

Vulnerabilities fixed in MISP

The MISP project has fixed two vulnerabilities in MISP. A malicious party can exploit the vulnerabilities to manipulate threat information when shared via Galaxy Clusters and/or Tags. No CVE ID has yet been released for these vulnerabilities and little further little substantive information known...

Vulnerabilities fixed in Sophos firewall

Sophos has fixed several vulnerabilities in Sophos firewall. A malicious party could exploit the vulnerabilities to obtain system data through API calls and Cross-Site-Scripting XSS attacks. In addition, arbitrary code can be executed if the malicious party has gained management rights or gained...

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in the Asterisk VoIP server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The vulnerability with...

Vulnerability fixed in Grafana

Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code in the browser on a victim's victim's system. To do this, the malicious party must trick the entice the victim to click on a rogue link. Grafana...

Vulnerabilities fixed in Zimbra Collaboration

Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party could exploit the vulnerabilities to use a Cross-site scripting attack to gain access to sensitive data, or to execute arbitrary code on the system. To execute arbitrary code, the malicious party needs prior authenticatio...

Vulnerabilities fixed in NVIDIA GPU Display Driver

NVIDIA has fixed vulnerabilities in the GPU Display Driver for Linux and Windows. The vulnerabilities allow a malicious person to able to perform exploits that could lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google has...

Vulnerabilities fixed in Aruba AirWave Management Platform

Aruba has fixed vulnerabilities in the AirWave Management Platform. The vulnerabilities allow an authenticated user, without administrator privileges, may be able to perform to perform administrative tasks within the application. Aruba indicates that at least viewing and modifying network...

Vulnerability fixed in Erlang OTP

Erlang developers have fixed a vulnerability in Erlang OTP. A malicious party could exploit the vulnerability to gain access to sensitive data, when using Erlang SSL in combination with client authentication. Erlang has released updates to fix the vulnerability in OTP 25.1; for more information,...

Vulnerability fixed in Exim

A vulnerability has been fixed in Exim. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service DoS attack. The way regular expressions are processed in configuration files processed can lead to a crash under certain circumstances. To do so, the...

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...

Vulnerability fixed in IBM DB2

A vulnerability has been fixed in IBM DB2. This vulnerability allows a malicious party to perform a denial-of-service DoS cause by using the db2expln tool and entering an incorrect SQL statement into it. IBM has made an update available to fix the vulnerability. fix. For more information, see:...

Vulnerabilities fixed in Mattermost Server

Two vulnerabilities have been fixed in Mattermost Server. The vulnerabilities allow an authenticated remote malicious person able to perform a denial-of-service attack by crashing the server crashing the server. To do this, the malicious party must send multiple prepared requests to the server...

Vulnerabilities fixed in SolarWinds products

Vulnerabilities have been fixed in several SolarWinds products, including Platform and Orion. The vulnerabilities allow an authenticated malicious person able to execute arbitrary code execute under application permissions or to elevate permissions. SolarWinds has released updates to address the...

Vulnerabilities fixed in ImageMagick

Several vulnerabilities have been fixed in ImageMagick. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to have a specially prepared file to be processed by the victim. Given the use of ImageMagick, it is possible...

Vulnerability fixed in Red Hat OpenShift

A vulnerability has been fixed in the go-restful component of Red Hat OpenShift. A remote malicious agent could potentially exploit it to bypass authentication on a specific endpoint bypass. To do this, the malicious party must use the AllowedDomains Cross-Origin Resource Sharing CORS filter. Red...

Vulnerability in HPE OfficeConnect switches

HP Enterprise has fixed a vulnerability in several OfficeConnect switches. The vulnerability allows a malicious party to able to bypass authentication. The malicious party can use the acquired access to the switch to execute code on the underlying system with the privileges of the root user...

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. A malicious person can by importing a prepared XAR file can exploit the exploit the vulnerability to view or edit any page, whereas it should be editing, when it should not be available to the malicious party. Also, potentially sensitive information can b...

Vulnerability fixed in F-Secure Policy Manager

A vulnerability has been fixed in F-Secure Policy Manager from WithSecure. The vulnerability allows an authenticated malicious person able to write files to the server on which the application is running on. This can have several possible types of impact have, such as denial of service or executi...

Vulnerability fixed in Bitbucket Server and Data Center

A vulnerability has been fixed in Bitbucket Server and Data Center. The vulnerability allows a malicious person to execute arbitrary code by manipulating environment variables manipulating environment variables within the application. This requires the malicious person to be able to modify his...

Vulnerability fixed in Atlassian Crowd

A vulnerability has been fixed in Atlassian Crowd. This vulnerability allows a malicious person to, through a configuration error to authenticate itself and thereby interact with the user management REST API. In doing so, the IP of the attacker must be on the allow list, which is not the default...

Vulnerabilities fixed in F5 products

Vulnerabilities have been fixed in F5 products. The vulnerability with reference CVE-2022-41622 allows a remote malicious person to remote user to perform a cross-site request forgery attack. execute. A malicious party could use this vulnerability to cause a user with elevated privileges to perfo...

Vulnerabilities fixed in Red Hat Satellite

Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Administrator/Root rights SQL Injection Access to sensitiv...

Vulnerabilities fixed in Cisco Identity Services Engine (ISE).

Vulnerabilities have been fixed in Cisco Identity Services Engine ISE. The vulnerabilities allow an authenticated malicious person remotely able to execute arbitrary commands, bypass a bypass a security measure or perform Cross Site Scripting XSS attacks. Cisco has released hot patches to address...

Vulnerabilities fixed in Heimdal

Vulnerabilities have been fixed in Heimdal, an implementation of ASN.1/DER, PFIX and Kerberos. The vulnerabilities allow a remote malicious party to potentially execute arbitrary code execute in Heimdal's Key Distribution Center KDC, obtain secret keys obtain secret keys when using 1DES, 3DES, or...

Vulnerabilities fixed in Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...

Vulnerability fixed in RICOH Aficio SP 4210N

A vulnerability has been fixed in RICOH Aficio SP 4210N. The vulnerability allows a remote malicious person to perform a Cross-Site Scripting attack. To exploit this vulnerability exploitation requires access to the Web Image Monitor. RICOH has released updates to fix the vulnerability. More...

Vulnerability fixed in Node.js

A vulnerability has been fixed in nodejs. The vulnerability allows a remote malicious person to execute arbitrary code. execute. This is caused by the inspect parameter and the allowing incorrect octal IP addresses, leading to DNS rebinding. Node.js has released updates to fix the vulnerability i...

Vulnerability fixed in Sophos UTM

A vulnerability has been fixed in Sophos UTM. The vulnerability allows an authenticated remote malicious person to perform an SQL injection to execute, potentially obtaining sensitive data. obtain. The vulnerability is located in the quarantine manager of the email component of Sophos UTM. Sophos...