4209 matches found
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that could potentially result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increase...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow an authenticated malicious person with access to the victim's network is able to impersonate impersonate another user and/or obtain elevated privileges. Very few details have been made available by Microso...
Vulnerabilities fixed in Citrix Gateway and Citrix ADC
Citrix has fixed vulnerabilities in Citrix Gateway and Citrix ADC. A malicious party could exploit the vulnerabilities to circumvent security measures via bypassing authentication, security measures, or through brute-force methods, gain access to user environments. The vulnerability with referenc...
Vulnerabilities fixed in Juniper Junos OS
Juniper has fixed several vulnerabilities in Junos OS. A unauthenticated malicious person could exploit the vulnerabilities to cause cause a denial-of-service. The vulnerabilities were discovered by Juniper itself during various investigations into disruptions to users of Juniper hardware. Junipe...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in the Microsoft Office. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Bypassing authentication Bypassing security measure Remote code execution User rights Accessing sensitive data The vulnerabili...
Vulnerabilities fixed in Siemens products
Siemens has discovered several vulnerabilities in several products, including Ruggedcom, Simatic, Scalance and Sicam. A malicious person with access to the production network can exploit the exploit vulnerabilities to launch attacks that result in the following categories of damage: Cross-Site...
Vulnerabilities fixed in Juniper Junos Space
Juniper has fixed several vulnerabilities in Third-Party products fixed in Junos Space. For the vulnerabilities, previous security advisories published for the specific product. Juniper has bundled the third-party updates into the new release of Junos Space. A malicious party could exploit the...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges The table below...
Vulnerabilities fixed in libxml2
Vulnerabilities have been fixed in libxml2. The vulnerabilities allow a remote malicious person to cause a denial-of-service cause. -= Debian =- Debian has made updates to libxml2 available for Debian 11.0 Bullseye to address the vulnerabilities. You can install the custom packages installed by...
Vulnerabilities fixed in VMware Spring
VMware has fixed vulnerabilities in Spring Security and spring-security-oauth2-client. A malicious party could vulnerabilities potentially exploit them to obtain elevated privileges or to bypass authentication. Only Spring environments using specific configurations are vulnerable. VMware has...
Vulnerabilities fixed in Splunk Enterprise
Several vulnerabilities have been fixed in Splunk Enterprise. The vulnerabilities can be exploited by a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote co...
Vulnerabilities fixed in Cisco ESA, SWA and Secure Email and Web Manager
Cisco has fixed several vulnerabilities in Cisco Email Security Appliance ESA, Secure Web Appliance SWA, vh. Web Security Appliance and the Secure Email and Web Manager. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to execute arbitrary commands execute with ro...
Vulnerabilities fixed in GitLab enterPrise Edition and Community Edition
GitLab has fixed several vulnerabilities in GitLab Enterprise Edition and Community Edition. An authenticated malicious person can exploit the vulnerabilities for attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of...
Vulnerabilities fixed in Cisco Identity Serrvices Engine (ISE).
Cisco has fixed several vulnerabilities in the Identity Services Engine ISE. A malicious person with access to the management interface can exploit the vulnerabilities for attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...
Vulnerabilities fixed in FortiOS
FortiNet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to gain access to system data, potentially manipulate it, or launch a Man-in-the-Middle attack. To manipulate system data, the malicious party needs need prior authentication. For performing a...
Vulnerabilities fixed in Xen
Xen's developers have fixed vulnerabilities in Xen. The vulnerabilities are located in the xenstored and allow a malicious with rights to deploy and configure guest images through rogue guests to cause a Denial-of-Service, or potentially gain access to memory of other guest systems and thus...
Vulnerability fixed in FortiManager and FortiAnalyzer
FortiNet has fixed a vulnerability in FortiManager and FortiAnalyzer. A malicious person with low privileges can exploit the exploit the vulnerability to perform a cross-site scripting attack via the reporting module. Such an attack can lead to the execution of arbitrary code in the context of th...
Vulnerability fixed in FortiMail
FortiNet has fixed a vulnerability in FortiMail. A malicious person with admin rights in a private, possibly self-hosted configured domain is able to read and modify system information modify for a domain for which it is not authorized. FortiNet has released updates to fix the vulnerability in...
Vulnerabilities fixed in OpenSSL
Vulnerabilities have been fixed in OpenSSL 3. OpenSSL is widely found on web and mail servers but is also used by other types of systems. Think of network devices, embedded systems and containerized images. The vulnerabilities can be exploited by a malicious party to execute arbitrary code or cau...
Vulnerability fixed in Expat
Expat developers have fixed a vulnerability. A malicious party could exploit the vulnerability to cause a denial-of-service, or possibly to execute arbitrary code execute arbitrary code with permissions from the application in which the libexpat library is used. The developers of expat have...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. The vulnerability allows a malicious party to cause a denial-of-service cause or potentially execute arbitrary code. To do so requires the malicious party to induce the victim to open a rogue web page. Google indicates that exploit code is circulating f...
Vulnerabilities fixed in Tenable Nessus
Vulnerabilities have been fixed in Tenable Nessus. Nessus makes uses opensource products moment.js, expat, datatables, libxml2 and zlib. Tenable chose to upgrade these components to upgrade to address the potential impact of the issues. Tenable has issued updates to address the vulnerabilities. F...
Vulnerability fixed in Rockwell Automation FactoryTalk
A vulnerability has been fixed in Rockwell Automation FactoryTalk Services Platform. The vulnerability allows an unauthenticated remote user to remote capable of performing a denial-of-service DoS. Rockwell Automation has released updates and mitigating measures released to address the...
Vulnerabilities fixed in ArubaOS and SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and Aruba Mobility Conductor formerly Mobility Master which are used in various Aruba Networks access points. A malicious party can exploit the vulnerabilities to execute arbitrary code on the vulnerable system. execute arbitrary code on the...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Microsoft Edge
Vulnerabilities have been fixed in Microsoft Edge. A remote malicious party could potentially exploit the vulnerabilities to execute arbitrary code and/or cause a denial-of-service DoS Microsoft has made updates for Edge available to address the vulnerabilities. For more information, see:...
Vulnerabilities fixed in VMware Cloud Foundation
VMware has fixed vulnerabilities in NSX-V as used by VMware Cloud Foundation. An unauthenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with privileges of root. This requires sending malicious network traffic to a...
Vulnerability fixed in Zoom
A vulnerability has been fixed in Zoom. The vulnerability allows a malicious person to bypass a security measure and gain access to sensitive data. To exploit the vulnerability, a malicious person needs to victim to open a rogue link. This enables the malicious party to perform further attacks su...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to execute arbitrary code under application privileges, gain access to sensitive data or spoofing Safari's user interface. For successful abuse, the...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. The vulnerabilities potentially enable a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure. Remote code execution Administrator/Root rights Remo...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerability found in Cisco Identity Services Engine (ISE)
A vulnerability has been found in Cisco Identity Services Engine ISE. A malicious party could potentially exploit it to access and delete files stored on the vulnerable system. Successful exploitation requires authenticated access to the management interface required. It is good practice to make...
Vulnerability found in Microsoft Windows
A vulnerability has been found in Microsoft Windows. A malicious party can exploit the vulnerability to execute arbitrary code under privileges of the logged-in user. To do this the malicious party must induce the victim to open a rogue file. The vulnerability is located in Mark-of-the-Web...
Vulnerability fixed in Bentley Systems MicroStation Connect
Two vulnerabilities have been fixed in Bentley Systems MicroStation Connect. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code with the privileges of the logged in user. To do this, the malicious party needs to trick the victim in...
Vulnerabilities fixed in several F5 products
F5 has fixed several vulnerabilities in BIG-IP and NGINX. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root privileges Access to...
Vulnerabilities fixed in Oracle Enterprise Manager
Vulnerabilities have been fixed in Oracle Enterprise Manager. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root privileges Access to sensitive...
Vulnerability fixed in Oracle Hyperion
Oracle has fixed a vulnerability in Oracle Hyperion Infrastructure Technology. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code to execute under the application's permissions. Oracle has fixed vulnerabilities in the following products: - Oracle...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Oracle has fix...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle Virtualization. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User righ...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Oracle ha...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Orac...
Vulnerabilities fixed in Wordpress
Several vulnerabilities have been fixed in Wordpress. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Accessing sensitive data Wordpress...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the following products:...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Supply Chain Products Suite
Vulnerabilities have been fixed in Oracle Supply Chain Products Suite. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the...