4209 matches found
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc, Imagination Technologies and Mediatek. The vulnerabilities allow a malicious party potentially able to launch attacks that lead ...
Vulnerability fixed in MISP
A vulnerability has been fixed in MISP. The vulnerability allows an authenticated malicious person to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application being visited. CIRCL has released an...
Vulnerability found in SugarCRM
A new vulnerability may have been found in SugarCRM. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Web server. The described vulnerability is said to be located in the AttachFiles action o...
Vulnerabilities fixed in Snipe-IT
Several vulnerabilities have been fixed in Snipe-IT. The vulnerabilities allow a remote malicious person to launch an XSS attack and to retrieve usernames. To exploit the XSS vulnerability, the malicious party must be authenticated and have rights to Accessory and Consumables to modify. The...
Vulnerability fixed in Esri ArcGIS Server
A vulnerability has been fixed in Esri ArcGis Server. This vulnerability allows an unauthenticated malicious person through path traversal to view system information from the server on which the application is running. Esri has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in XStream
A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.20 to fix the vulnerability. For more information, see:...
Vulnerability fixed in HCL BigFix
A vulnerability has been fixed in HCL BigFix. The vulnerability allows an authenticated remote malicious person to obtain to obtain sensitive data. HCL has released updates to fix the vulnerability. More information can be found on the page below: https://support.hcltechsw.com...
Vulnerability fixed in Juniper JunOS
Juniper has fixed a vulnerability in JunOS and JunOS Evolved. The vulnerability allows an unauthenticated malicious person at remote user to cause a denial-of-service by sending a sending a rogue BGP message. To do this, the malicious party must have built a valid BGP session. The vulnerability i...
Vulnerabilities fixed in HCL Lotus Notes
HCL has fixed vulnerabilities in Lotus Notes. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or to potentially execute arbitrary execute arbitrary code with user privileges. HCL has released updates to fix the vulnerabilities in Lotus Notes 9.0....
Vulnerability fixed in HP OfficeConnect 1820 and 1850 switches
HPO has fixed a vulnerability in the firmware of its OfficeConnect 1820 and 1850 switches. An unauthenticated malicious party could, by exploiting the vulnerability, perform a directory traversal and thereby gain access to system data. This data could potentially be used to setting up further...
Vulnerability fixed in NetApp OnCommand Insight
NetApp has fixed a vulnerability in OnCommand Insight. A unauthenticated malicious person with access to the management interface, could exploit the vulnerability to obtain system data and cause a denial-of-service cause. The vulnerability does not allow the malicious party to access the collecte...
Vulnerabilities fixed in Mattermost
Unspecified vulnerabilities have been fixed in MatterMost. Mattermost has not released any substantive information released, but estimates the severity of the vulnerabilities as MEDIUM. The grading of this security advisory is accordingly accordingly. MatterMost indicates in accordance with their...
Vulnerability discovered in pfSense pfBlockerNG
Researchers have discovered a vulnerability in the pfBlockerNG package of pfSense. A malicious person could exploit it to execute arbitrary OS commands on the vulnerable system, when the malicious party has access to the web console of pfSense. It is good practice not to have such a console...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL. The vulnerabilities allow a malicious party the ability to bypass a security measure or cause a denial-of-service. The developers of cURL have released updates to fix the vulnerabilities. For more information, see: https://curl.se/docs/CVE-2022-43551.html...
Vulnerability fixed in Dell Openmanage
A vulnerability has been fixed in Dell Openmanage Server Administrator OMSA. An authenticated malicious party can exploit the exploit the vulnerability to grant themselves elevated privileges on the vulnerable system and thereby execute arbitrary code with privileges of the system. This...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious party to obtain elevated privileges or to obtain sensitive data. The vulnerabilities marked CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023 are vulnerabilities in RC4-HMAC that were previously fixed by Microsoft. Th...
Vulnerability fixed in OTRS
A vulnerability has been fixed in OTRS. The vulnerability allows an authenticated malicious person to perform an SQL injection. execute. OTRS instances are only vulnerable if the TicketSearch Web service is configured. OTRS developers have released updates to fix the vulnerability. More informati...
Vulnerabilities fixed in HCL Domino and HCL Notes
Vulnerabilities have been fixed in HCL Domino and HCL Notes. The vulnerabilities allow an unauthenticated remote malicious person to remotely capable of executing arbitrary code. HCL has released updates to fix the vulnerabilities. More information can be found on the pages below: HCL Domino:...
Vulnerability fixed in Exact Synergy
A vulnerability has been fixed in Exact Synergy Enterprise. The vulnerability allows a malicious party to use Cross-Site Scripting XSS to execute arbitrary code under the rights of the user. A malicious party needs to be authenticated to be able to see within the application a profile picture, in...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Access to sensitive data Access to system data Apple states that it is aware of...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of authentication Remote code...
Vulnerabilities fixed in X.Org X Server
Vulnerabilities have been fixed in X.Org X Server. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Increased user privileges Misuse of the...
Vulnerability fixed in IBM Spectrum Protect Plus
A vulnerability has been fixed in IBM Spectrum Protect Plus. The vulnerability allows a malicious person to access gain access to sensitive data. The malicious party can alter the communication flow via a Man-in-the-Middle attack between Spectrum Protect Plus vSnap and associated agents because i...
Vulnerabilities fixed in IBM AIX
Vulnerabilities have been fixed in IBM AIX. The vulnerabilities allow a malicious party to obtain elevated user privileges and cause a denial-of-service DoS cause. The vulnerability with attribute CVE-2022-41290 and a CVSSv3 score of 8.4 enables an unauthenticated malicious person to obtain root...
Vulnerabilities fixed in Lansweeper
Vulnerabilities have been fixed in Lansweeper. The vulnerabilities allow a malicious party to access sensitive data and to execute arbitrary code execute arbitrary code under administrator/root privileges. The vulnerabilities marked CVE-2022-32573 and CVE-2022-29517 are exploited by sending a rog...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities allow an unauthenticated remote malicious person to cause a denial-of-service DoS or execute arbitrary code. execute. To do so, the malicious party must trick the victim into entice the victim to open malicious content. Google has...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in several VMware products
VMWare has fixed several vulnerabilities in its products: VMware Workspace ONE Access and Identity Manager, VMware ESXi, VMware Workstation Pro / Player, VMware Fusion Pro / Fusion, VMware Cloud Foundation and VMware vRealize Impact A malicious party could potentially exploit the vulnerabilities ...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in the various Developer Tools. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Increased user privileges The vulnerability in...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Increased user privileges The tables below provide an...
Vulnerability fixed in Microsoft Apps
A vulnerability has been fixed in Windows Terminal. The vulnerability allows a local malicious person to execute arbitrary code to execute arbitrary code. To exploit the vulnerability, the malicious party must trick the victim into downloading and opening a rogue file. download and open it. Windo...
Vulnerability fixed in Citrix Gateway and ADC
Citrix has fixed a vulnerability in Citrix Gateway and Citrix ADC. An unauthenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code. To do so, rogue network traffic must be sent to the vulnerable system be sent. Gateway and ADC systems are only...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote co...
Vulnerabilities fixed in Ubuntu
Vulnerabilities have been fixed in the Linux kernel as used by Ubuntu. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Access to sensitive data -= Ubunt...
Vulnerabilities fixed in Microsoft Edge
Vulnerabilities have been fixed in Microsoft Edge. The vulnerabilities allow a malicious person to impersonate as another user or obtain elevated privileges. Microsoft Edge Chromium-based: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User Rights...
Vulnerability fixed in Microsoft Dynamics
A vulnerability has been fixed in Microsoft Dynamics Business Central. The vulnerability allows an authenticated malicious person remotely able to execute arbitrary code on the host OS of the system on which Microsoft Dynamics Business Central is is installed on. To properly exploit this...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office. The vulnerabilities allow a malicious person to impersonate as another user, to execute arbitrary code under the user's privileges or obtain elevated privileges. To exploit the vulnerabilities marked CVE-2022-44690 and CVE-2022-44693 CVSS 8.8,...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in Mendix, among others, Nucleus NET, RUGGEDCOM, SCALANCE, SICAM, SIMATIC, SIPROTEC and SIMATIC WinCC-OA. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF...
Vulnerability fixed in FortiOS SSL-VPN
Fortinet has fixed a vulnerability in FortiOS SSL-VPN. A unauthenticated remote malicious party can exploit the vulnerability exploit it to execute arbitrary code. This requires malicious network traffic must be sent to the vulnerable interface sent. Fortinet says it is aware of an incident in...
Vulnerabilities fixed in VMware vCenter and ESXi
VMWare has fixed several vulnerabilities in vCenter Server and ESXi. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to gain access to sensitive data, including cleat-text passwords and, under certain circumstances to break out of the sandbox of a guest environme...
Vulnerabilities fixed in NetApp Clustered Data ONTAP
NetApp has fixed several vulnerabilities in Clustered Data ONTAP. The vulnerabilities are in underlying libraries such as libcurl, libexpat and libxml2. The vulnerabilities allow a malicious party to cause a denial-of-service, gain access to sensitive data and/or manipulate it. NetApp has release...
Vulnerability fixed in Cisco IP phones
Cisco has fixed a vulnerability in the firmware for Cisco IP phones series 7800 and 8800. An unauthenticated malicious person with access to the phone network could exploit the vulnerability to cause cause a stack overflow on the vulnerable device. With this causes a denial-of-service and allows...
Vulnerability fixed in Cacti
Vulnerabilities have been fixed in Cacti. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. An unauthenticated malicious party can gain access to the remoteagent.php file. By bypassing the authentication of this file...
Vulnerabilities fixed in MobaXterm
Vulnerabilities have been fixed in Mobatek MobaXterm. The vulnerability allows a malicious party to bypass authentication bypass and connect unauthenticated via the SSH or SFTP protocol. Furthermore, a malicious party can perform a denial-of-service DoS exploit on the SFTP protocol. The...
Vulnerabilities fixed in Aruba ClearPass
Aruba Networks has fixed vulnerabilities in ClearPass. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Fortinet products
Vulnerabilities have been fixed in Fortinet products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication SQL Injection Accessing system data The vulnerability with...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm and Mediatek. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that lead to the following...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...