4179 matches found
Vulnerabilities fixed in Liferay Portal
Vulnerabilities have been fixed in Liferay Portal. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Remote code execution User Rights SQL Injection Access to sensitiv...
Vulnerability fixed in Zoom
A vulnerability has been fixed in Zoom. The vulnerability allows a local malicious party to gain access to sensitive data, such as meeting data and chat messages sent during meetings. This is caused by a combination of insufficient cleaning of the data after the meeting is closed and the use of a...
Vulnerabilities fixed in IBM WebSphere Application Server
Vulnerabilities have been fixed in IBM HTTP Server, part of IBM WebSphere Application Server. The vulnerabilities are specifically in the libexpat component of the product. For more information about the vulnerability in libexpat, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0684 The...
Vulnerabilities fixed in PHP
Vulnerabilities have been fixed in PHP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data PHP developers have released updates to...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in MQ Internet Pass-Thru. The vulnerability allows a local malicious party to potentially see sensitive information in trace files of the application when this feature is enabled. IBM has released updates to fix the vulnerabilities in MQ. For more information, see:...
Vulnerabilities fixed in IBM Db2
IBM has released updates to fix vulnerabilities in DB2. With the exception of CVE-2022-22390, the vulnerabilities are located in the log4j component of the application. For more information about the log4j vulnerabilities, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2021-1052 The...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A malicious party could exploit the vulnerabilities to grant themselves elevated user privileges and/or gain access to sensitive data. To exploit the vulnerabilities, the malicious party needs prior privileges to execute arbitrary code with...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in QRadar SIEM and in the QRadar Assistant App. A malicious party could potentially exploit them for attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerability fixed in Brocade Fabric OS
A vulnerability has been fixed in Brocade Fabric OS. The vulnerability allows an unauthenticated remote malicious person able to execute commands. These commands allow the malicious party change zoning, disable the switch, disable ports disable ports, and change the switch's IP address. Broadcom...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in the following Cisco products: Cisco Adaptive Security Appliance ASA. Cisco Firepower Management Center Cisco Firepower Threat Defense Cisco Secure Firewall Snort The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the...
Vulnerabilities fixed in Grafana
Grafana Labs has fixed vulnerabilities in Grafana. A malicious party could potentially exploit the vulnerabilities to retrieve discover user accounts, use password resets to appropriate an account, or in specific cases where an environment is heavily loaded, to cause a race condition and thus gai...
Vulnerabilities fixed in FoxIT PDF Reader and Editor
FoxIT has fixed vulnerabilities in PDF Reader and PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to execute code in the victim's scope. The malicious party must trick the victim into opening a rogue file to open. FoxI...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious party to cause a denial-of-service DoS cause or execute arbitrary code under the privileges of the user. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual,...
Vulnerabilities fixed in VMware Workspace ONE Assist
Vulnerabilities have been fixed in VMware Workspace ONE Assist. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Bypassing security measure Remote code execution...
Vulnerability fixed in IBM Security Access Manager
A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows an authenticated remote malicious party to remote user to perform a Cross-Site Scripting attack on the admin console. IBM has released updates to fix the vulnerabilities. More information can be found on...
Vulnerabilities fixed in Intel Products
Intel has fixed vulnerabilities in the firmware of chipsets from Active Management Technology AMT, Server Platform Services SPS, and PROSet/Wireless WiFi. The vulnerabilities allow a malicious able to perform a denial-of-service DoS or obtain elevated user privileges. Intel has released updates t...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in the Microsoft Office. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Bypassing authentication Bypassing security measure Remote code execution User rights Accessing sensitive data The vulnerabili...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges The table below...
Vulnerabilities fixed in Juniper Junos OS
Juniper has fixed several vulnerabilities in Junos OS. A unauthenticated malicious person could exploit the vulnerabilities to cause cause a denial-of-service. The vulnerabilities were discovered by Juniper itself during various investigations into disruptions to users of Juniper hardware. Junipe...
Vulnerabilities fixed in Citrix Gateway and Citrix ADC
Citrix has fixed vulnerabilities in Citrix Gateway and Citrix ADC. A malicious party could exploit the vulnerabilities to circumvent security measures via bypassing authentication, security measures, or through brute-force methods, gain access to user environments. The vulnerability with referenc...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to execute arbitrary code under the privileges of the user. The vulnerabilities marked CVE-2022-3602 and CVE-2022-3786 are located in OpenSSL and were previously...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in Siemens products
Siemens has discovered several vulnerabilities in several products, including Ruggedcom, Simatic, Scalance and Sicam. A malicious person with access to the production network can exploit the exploit vulnerabilities to launch attacks that result in the following categories of damage: Cross-Site...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that could potentially result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increase...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to sensitive data Access to system data Increased user privileges This update also...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow an authenticated malicious person with access to the victim's network is able to impersonate impersonate another user and/or obtain elevated privileges. Very few details have been made available by Microso...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. An authenticated malicious party could exploit the vulnerability to gain access to sensitive data. The table below lists the vulnerability fixed by Microsoft with the corresponding CVSSv3 score. Microsoft Dynamics:...
Vulnerabilities fixed in Juniper Junos Space
Juniper has fixed several vulnerabilities in Third-Party products fixed in Junos Space. For the vulnerabilities, previous security advisories published for the specific product. Juniper has bundled the third-party updates into the new release of Junos Space. A malicious party could exploit the...
Vulnerabilities fixed in libxml2
Vulnerabilities have been fixed in libxml2. The vulnerabilities allow a remote malicious person to cause a denial-of-service cause. -= Debian =- Debian has made updates to libxml2 available for Debian 11.0 Bullseye to address the vulnerabilities. You can install the custom packages installed by...
Vulnerabilities fixed in VMware Spring
VMware has fixed vulnerabilities in Spring Security and spring-security-oauth2-client. A malicious party could vulnerabilities potentially exploit them to obtain elevated privileges or to bypass authentication. Only Spring environments using specific configurations are vulnerable. VMware has...
Vulnerabilities fixed in Cisco Identity Serrvices Engine (ISE).
Cisco has fixed several vulnerabilities in the Identity Services Engine ISE. A malicious person with access to the management interface can exploit the vulnerabilities for attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...
Vulnerabilities fixed in Cisco ESA, SWA and Secure Email and Web Manager
Cisco has fixed several vulnerabilities in Cisco Email Security Appliance ESA, Secure Web Appliance SWA, vh. Web Security Appliance and the Secure Email and Web Manager. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to execute arbitrary commands execute with ro...
Vulnerabilities fixed in Splunk Enterprise
Several vulnerabilities have been fixed in Splunk Enterprise. The vulnerabilities can be exploited by a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote co...
Vulnerabilities fixed in GitLab enterPrise Edition and Community Edition
GitLab has fixed several vulnerabilities in GitLab Enterprise Edition and Community Edition. An authenticated malicious person can exploit the vulnerabilities for attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of...
Vulnerability fixed in FortiManager and FortiAnalyzer
FortiNet has fixed a vulnerability in FortiManager and FortiAnalyzer. A malicious person with low privileges can exploit the exploit the vulnerability to perform a cross-site scripting attack via the reporting module. Such an attack can lead to the execution of arbitrary code in the context of th...
Vulnerability fixed in FortiMail
FortiNet has fixed a vulnerability in FortiMail. A malicious person with admin rights in a private, possibly self-hosted configured domain is able to read and modify system information modify for a domain for which it is not authorized. FortiNet has released updates to fix the vulnerability in...
Vulnerabilities fixed in FortiOS
FortiNet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to gain access to system data, potentially manipulate it, or launch a Man-in-the-Middle attack. To manipulate system data, the malicious party needs need prior authentication. For performing a...
Vulnerabilities fixed in Xen
Xen's developers have fixed vulnerabilities in Xen. The vulnerabilities are located in the xenstored and allow a malicious with rights to deploy and configure guest images through rogue guests to cause a Denial-of-Service, or potentially gain access to memory of other guest systems and thus...
Vulnerabilities fixed in OpenSSL
Vulnerabilities have been fixed in OpenSSL 3. OpenSSL is widely found on web and mail servers but is also used by other types of systems. Think of network devices, embedded systems and containerized images. The vulnerabilities can be exploited by a malicious party to execute arbitrary code or cau...
Vulnerability fixed in Expat
Expat developers have fixed a vulnerability. A malicious party could exploit the vulnerability to cause a denial-of-service, or possibly to execute arbitrary code execute arbitrary code with permissions from the application in which the libexpat library is used. The developers of expat have...
Vulnerability fixed in Rockwell Automation FactoryTalk
A vulnerability has been fixed in Rockwell Automation FactoryTalk Services Platform. The vulnerability allows an unauthenticated remote user to remote capable of performing a denial-of-service DoS. Rockwell Automation has released updates and mitigating measures released to address the...
Vulnerabilities fixed in ArubaOS and SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and Aruba Mobility Conductor formerly Mobility Master which are used in various Aruba Networks access points. A malicious party can exploit the vulnerabilities to execute arbitrary code on the vulnerable system. execute arbitrary code on the...
Vulnerabilities fixed in Microsoft Edge
Vulnerabilities have been fixed in Microsoft Edge. A remote malicious party could potentially exploit the vulnerabilities to execute arbitrary code and/or cause a denial-of-service DoS Microsoft has made updates for Edge available to address the vulnerabilities. For more information, see:...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. The vulnerability allows a malicious party to cause a denial-of-service cause or potentially execute arbitrary code. To do so requires the malicious party to induce the victim to open a rogue web page. Google indicates that exploit code is circulating f...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Tenable Nessus
Vulnerabilities have been fixed in Tenable Nessus. Nessus makes uses opensource products moment.js, expat, datatables, libxml2 and zlib. Tenable chose to upgrade these components to upgrade to address the potential impact of the issues. Tenable has issued updates to address the vulnerabilities. F...
Vulnerabilities fixed in VMware Cloud Foundation
VMware has fixed vulnerabilities in NSX-V as used by VMware Cloud Foundation. An unauthenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with privileges of root. This requires sending malicious network traffic to a...
Vulnerability fixed in Zoom
A vulnerability has been fixed in Zoom. The vulnerability allows a malicious person to bypass a security measure and gain access to sensitive data. To exploit the vulnerability, a malicious person needs to victim to open a rogue link. This enables the malicious party to perform further attacks su...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. The vulnerabilities potentially enable a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure. Remote code execution Administrator/Root rights Remo...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to execute arbitrary code under application privileges, gain access to sensitive data or spoofing Safari's user interface. For successful abuse, the...