4209 matches found
Vulnerabilities fixed in Asterisk
Vulnerabilities have been fixed in the Asterisk VoIP server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The vulnerability with...
Vulnerabilities fixed in Sophos firewall
Sophos has fixed several vulnerabilities in Sophos firewall. A malicious party could exploit the vulnerabilities to obtain system data through API calls and Cross-Site-Scripting XSS attacks. In addition, arbitrary code can be executed if the malicious party has gained management rights or gained...
Vulnerabilities fixed in WordPress
Vulnerabilities have been fixed in WordPress. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Access to sensitive data No CVE features have been made available at...
Vulnerability fixed in Grafana
Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code in the browser on a victim's victim's system. To do this, the malicious party must trick the entice the victim to click on a rogue link. Grafana...
Vulnerabilities fixed in MISP
The MISP project has fixed two vulnerabilities in MISP. A malicious party can exploit the vulnerabilities to manipulate threat information when shared via Galaxy Clusters and/or Tags. No CVE ID has yet been released for these vulnerabilities and little further little substantive information known...
Vulnerabilities fixed in Zimbra Collaboration
Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party could exploit the vulnerabilities to use a Cross-site scripting attack to gain access to sensitive data, or to execute arbitrary code on the system. To execute arbitrary code, the malicious party needs prior authenticatio...
Vulnerabilities fixed in NVIDIA GPU Display Driver
NVIDIA has fixed vulnerabilities in the GPU Display Driver for Linux and Windows. The vulnerabilities allow a malicious person to able to perform exploits that could lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...
Vulnerabilities fixed in Aruba AirWave Management Platform
Aruba has fixed vulnerabilities in the AirWave Management Platform. The vulnerabilities allow an authenticated user, without administrator privileges, may be able to perform to perform administrative tasks within the application. Aruba indicates that at least viewing and modifying network...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google has...
Vulnerability fixed in Erlang OTP
Erlang developers have fixed a vulnerability in Erlang OTP. A malicious party could exploit the vulnerability to gain access to sensitive data, when using Erlang SSL in combination with client authentication. Erlang has released updates to fix the vulnerability in OTP 25.1; for more information,...
Vulnerability fixed in Exim
A vulnerability has been fixed in Exim. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service DoS attack. The way regular expressions are processed in configuration files processed can lead to a crash under certain circumstances. To do so, the...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...
Vulnerability fixed in IBM DB2
A vulnerability has been fixed in IBM DB2. This vulnerability allows a malicious party to perform a denial-of-service DoS cause by using the db2expln tool and entering an incorrect SQL statement into it. IBM has made an update available to fix the vulnerability. fix. For more information, see:...
Vulnerabilities fixed in Mattermost Server
Two vulnerabilities have been fixed in Mattermost Server. The vulnerabilities allow an authenticated remote malicious person able to perform a denial-of-service attack by crashing the server crashing the server. To do this, the malicious party must send multiple prepared requests to the server...
Vulnerabilities fixed in ImageMagick
Several vulnerabilities have been fixed in ImageMagick. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to have a specially prepared file to be processed by the victim. Given the use of ImageMagick, it is possible...
Vulnerabilities fixed in SolarWinds products
Vulnerabilities have been fixed in several SolarWinds products, including Platform and Orion. The vulnerabilities allow an authenticated malicious person able to execute arbitrary code execute under application permissions or to elevate permissions. SolarWinds has released updates to address the...
Vulnerability fixed in Red Hat OpenShift
A vulnerability has been fixed in the go-restful component of Red Hat OpenShift. A remote malicious agent could potentially exploit it to bypass authentication on a specific endpoint bypass. To do this, the malicious party must use the AllowedDomains Cross-Origin Resource Sharing CORS filter. Red...
Vulnerabilities fixed in XWiki
Vulnerabilities have been fixed in XWiki. A malicious person can by importing a prepared XAR file can exploit the exploit the vulnerability to view or edit any page, whereas it should be editing, when it should not be available to the malicious party. Also, potentially sensitive information can b...
Vulnerability in HPE OfficeConnect switches
HP Enterprise has fixed a vulnerability in several OfficeConnect switches. The vulnerability allows a malicious party to able to bypass authentication. The malicious party can use the acquired access to the switch to execute code on the underlying system with the privileges of the root user...
Vulnerability fixed in F-Secure Policy Manager
A vulnerability has been fixed in F-Secure Policy Manager from WithSecure. The vulnerability allows an authenticated malicious person able to write files to the server on which the application is running on. This can have several possible types of impact have, such as denial of service or executi...
Vulnerability fixed in Atlassian Crowd
A vulnerability has been fixed in Atlassian Crowd. This vulnerability allows a malicious person to, through a configuration error to authenticate itself and thereby interact with the user management REST API. In doing so, the IP of the attacker must be on the allow list, which is not the default...
Vulnerabilities fixed in F5 products
Vulnerabilities have been fixed in F5 products. The vulnerability with reference CVE-2022-41622 allows a remote malicious person to remote user to perform a cross-site request forgery attack. execute. A malicious party could use this vulnerability to cause a user with elevated privileges to perfo...
Vulnerability fixed in Bitbucket Server and Data Center
A vulnerability has been fixed in Bitbucket Server and Data Center. The vulnerability allows a malicious person to execute arbitrary code by manipulating environment variables manipulating environment variables within the application. This requires the malicious person to be able to modify his...
Vulnerabilities fixed in Cisco Identity Services Engine (ISE).
Vulnerabilities have been fixed in Cisco Identity Services Engine ISE. The vulnerabilities allow an authenticated malicious person remotely able to execute arbitrary commands, bypass a bypass a security measure or perform Cross Site Scripting XSS attacks. Cisco has released hot patches to address...
Vulnerabilities fixed in Red Hat Satellite
Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Administrator/Root rights SQL Injection Access to sensitiv...
Vulnerability fixed in Sophos UTM
A vulnerability has been fixed in Sophos UTM. The vulnerability allows an authenticated remote malicious person to perform an SQL injection to execute, potentially obtaining sensitive data. obtain. The vulnerability is located in the quarantine manager of the email component of Sophos UTM. Sophos...
Vulnerabilities fixed in Heimdal
Vulnerabilities have been fixed in Heimdal, an implementation of ASN.1/DER, PFIX and Kerberos. The vulnerabilities allow a remote malicious party to potentially execute arbitrary code execute in Heimdal's Key Distribution Center KDC, obtain secret keys obtain secret keys when using 1DES, 3DES, or...
Vulnerabilities fixed in Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...
Vulnerability fixed in Node.js
A vulnerability has been fixed in nodejs. The vulnerability allows a remote malicious person to execute arbitrary code. execute. This is caused by the inspect parameter and the allowing incorrect octal IP addresses, leading to DNS rebinding. Node.js has released updates to fix the vulnerability i...
Vulnerability fixed in RICOH Aficio SP 4210N
A vulnerability has been fixed in RICOH Aficio SP 4210N. The vulnerability allows a remote malicious person to perform a Cross-Site Scripting attack. To exploit this vulnerability exploitation requires access to the Web Image Monitor. RICOH has released updates to fix the vulnerability. More...
Vulnerability fixed in Zoom
A vulnerability has been fixed in Zoom. The vulnerability allows a local malicious party to gain access to sensitive data, such as meeting data and chat messages sent during meetings. This is caused by a combination of insufficient cleaning of the data after the meeting is closed and the use of a...
Vulnerabilities fixed in IBM WebSphere Application Server
Vulnerabilities have been fixed in IBM HTTP Server, part of IBM WebSphere Application Server. The vulnerabilities are specifically in the libexpat component of the product. For more information about the vulnerability in libexpat, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0684 The...
Vulnerabilities fixed in Liferay Portal
Vulnerabilities have been fixed in Liferay Portal. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Remote code execution User Rights SQL Injection Access to sensitiv...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in MQ Internet Pass-Thru. The vulnerability allows a local malicious party to potentially see sensitive information in trace files of the application when this feature is enabled. IBM has released updates to fix the vulnerabilities in MQ. For more information, see:...
Vulnerabilities fixed in IBM Db2
IBM has released updates to fix vulnerabilities in DB2. With the exception of CVE-2022-22390, the vulnerabilities are located in the log4j component of the application. For more information about the log4j vulnerabilities, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2021-1052 The...
Vulnerabilities fixed in PHP
Vulnerabilities have been fixed in PHP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data PHP developers have released updates to...
Vulnerability fixed in Brocade Fabric OS
A vulnerability has been fixed in Brocade Fabric OS. The vulnerability allows an unauthenticated remote malicious person able to execute commands. These commands allow the malicious party change zoning, disable the switch, disable ports disable ports, and change the switch's IP address. Broadcom...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. A malicious party could exploit the vulnerabilities to grant themselves elevated user privileges and/or gain access to sensitive data. To exploit the vulnerabilities, the malicious party needs prior privileges to execute arbitrary code with...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in QRadar SIEM and in the QRadar Assistant App. A malicious party could potentially exploit them for attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Grafana
Grafana Labs has fixed vulnerabilities in Grafana. A malicious party could potentially exploit the vulnerabilities to retrieve discover user accounts, use password resets to appropriate an account, or in specific cases where an environment is heavily loaded, to cause a race condition and thus gai...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in the following Cisco products: Cisco Adaptive Security Appliance ASA. Cisco Firepower Management Center Cisco Firepower Threat Defense Cisco Secure Firewall Snort The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the...
Vulnerabilities fixed in FoxIT PDF Reader and Editor
FoxIT has fixed vulnerabilities in PDF Reader and PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to execute code in the victim's scope. The malicious party must trick the victim into opening a rogue file to open. FoxI...
Vulnerabilities fixed in VMware Workspace ONE Assist
Vulnerabilities have been fixed in VMware Workspace ONE Assist. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Bypassing security measure Remote code execution...
Vulnerabilities fixed in Intel Products
Intel has fixed vulnerabilities in the firmware of chipsets from Active Management Technology AMT, Server Platform Services SPS, and PROSet/Wireless WiFi. The vulnerabilities allow a malicious able to perform a denial-of-service DoS or obtain elevated user privileges. Intel has released updates t...
Vulnerability fixed in IBM Security Access Manager
A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows an authenticated remote malicious party to remote user to perform a Cross-Site Scripting attack on the admin console. IBM has released updates to fix the vulnerabilities. More information can be found on...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious party to cause a denial-of-service DoS cause or execute arbitrary code under the privileges of the user. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual,...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to sensitive data Access to system data Increased user privileges This update also...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. An authenticated malicious party could exploit the vulnerability to gain access to sensitive data. The table below lists the vulnerability fixed by Microsoft with the corresponding CVSSv3 score. Microsoft Dynamics:...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to execute arbitrary code under the privileges of the user. The vulnerabilities marked CVE-2022-3602 and CVE-2022-3786 are located in OpenSSL and were previously...