4179 matches found
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. The vulnerabilities potentially enable a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure. Remote code execution Administrator/Root rights Remo...
Vulnerability found in Microsoft Windows
A vulnerability has been found in Microsoft Windows. A malicious party can exploit the vulnerability to execute arbitrary code under privileges of the logged-in user. To do this the malicious party must induce the victim to open a rogue file. The vulnerability is located in Mark-of-the-Web...
Vulnerability found in Cisco Identity Services Engine (ISE)
A vulnerability has been found in Cisco Identity Services Engine ISE. A malicious party could potentially exploit it to access and delete files stored on the vulnerable system. Successful exploitation requires authenticated access to the management interface required. It is good practice to make...
Vulnerability fixed in Bentley Systems MicroStation Connect
Two vulnerabilities have been fixed in Bentley Systems MicroStation Connect. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code with the privileges of the logged in user. To do this, the malicious party needs to trick the victim in...
Vulnerabilities fixed in several F5 products
F5 has fixed several vulnerabilities in BIG-IP and NGINX. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Orac...
Vulnerability fixed in Oracle Hyperion
Oracle has fixed a vulnerability in Oracle Hyperion Infrastructure Technology. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code to execute under the application's permissions. Oracle has fixed vulnerabilities in the following products: - Oracle...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the...
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle Virtualization. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...
Vulnerabilities fixed in Oracle Enterprise Manager
Vulnerabilities have been fixed in Oracle Enterprise Manager. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Systems
Vulnerabilities have been fixed in Oracle Systems. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root privileges Access to sensitive...
Vulnerabilities fixed in Oracle Supply Chain Products Suite
Vulnerabilities have been fixed in Oracle Supply Chain Products Suite. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...
Vulnerabilities fixed in Wordpress
Several vulnerabilities have been fixed in Wordpress. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Accessing sensitive data Wordpress...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root privileges Access to...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Oracle has fix...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User righ...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the following products:...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive data Oracle has fixed vulnerabilities i...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Oracle ha...
Vulnerabilities fixed in Oracle Communications
Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security measure Remote code...
Vulnerability fixed in Apache Commons Text
A vulnerability has been fixed in Apache Commons Text. The vulnerability allows an unauthenticated remote malicious person potentially able to execute arbitrary code with the privileges of the vulnerable application. To do so, a malicious person must have specific text processed by the vulnerable...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed several vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to collect system data or cause a denial-of-service. To the vulnerability with attribute CVE-2022-42928, Mozilla assigns the impact 'High' and could lead to memory...
Vulnerabilities fixed in OTRS
OTRS developers have fixed vulnerabilities in OTRS 7 and 8. A malicious party could exploit them to perform a denial-of-service DoS or to gain access to sensitive data. To perform the denial-of-service, the malicious need not be remotely authenticated. OTRS has released updates to fix the...
Vulnerability fixes in Juniper Junos OS and Junos OS Evolved
Vulnerabilities have been fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...
Vulnerabilities fixed in Mitel MiVoice Connect
Vulnerabilities have been fixed in the Director and Mitel Edge Gateway components Mitel MiVoice Connect. The vulnerability with reference CVE-2022-40765 allows an authenticated malicious person with access to the internal network able to inject rogue commands with administrator privileges within...
Vulnerabilities fixed in Ivanti Connect Secure
Vulnerabilities have been fixed in Ivanti Connect Secure. The vulnerabilities allow an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. At this time, Ivanti has made very little additional information made available. Ivanti has released updates to fix th...
Vulnerabilities fixed in Dell BIOS
Vulnerabilities have been fixed in the BIOS of Dell products. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code under administrator privileges and manipulate data manipulate data. To exploit the vulnerabilities, an authenticated malicious party must have...
Vulnerabilities fixed in Bentley View and MicroStation
Vulnerabilities have been fixed in Bentley View and MicroStation. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. To do this, the malicious party must trick the victim into running open a rogue SKP, XMT, or FBX file. It ...
Vulnerability fixed in LibreOffice
A vulnerability has been fixed in LibreOffice. The vulnerability allows a malicious party to execute arbitrary code on the victim's system. To do this, the malicious party must trick the victim into to open a specially prepared file. Along this path execute macro code without warning. The Documen...
Vulnerability fixed in Palo Alto PAN-OS
Palo Alto has fixed a vulnerability in PAN-OS. The vulnerability allows a malicious person to remotely bypass authentication and impersonate an existing PAN-OS Administrator. This allows the malicious party with administrator privileges to perform actions and execute arbitrary code. Palo Alto...
Vulnerabilities fixed in Trellix ePolicy Orchestrator
Vulnerabilities have been fixed in Trellix ePolicy Orchestrator. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights. Access to system data For the vulnerabili...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to impersonate another user. The vulnerability with attribute CVE-2022-37968 has a CVSS of 10.0. If an unauthenticated malicious person uses the randomly generat...
Vulnerabilities fixed in Citrix Hypervisor
Several vulnerabilities have been fixed in Citrix Hypervisor. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To exploit the vulnerability with reference CVE-2022-33748, two malicious virtual machines need to two rogue virtual machines to work...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in the Microsoft Office. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Remote code execution User Rights Spoofing Access to sensitive data The tables below provide an overview of the vulnerabilitie...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to perform a denial-of-service DoS and execute arbitrary code under the user's privileges to execute. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a local malicious person to perform attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges The tables below provide an...
Vulnerability fixed in Apple iOS
Apple has fixed a vulnerability in iOS 16. A malicious person could potentially exploit the vulnerability to use a rogue email to effect a crash. At this time, very little information has been shared by Apple about the vulnerability. Also, nothing has been disclosed about possible active misuse a...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in RUGGEDCOM, among others, SCALANCE, SIMATIC, and Logo! products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of...
Vulnerabilities fixed in SAP products
SAP has released updates to fix the vulnerabilities. For more information, see: https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10...
Vulnerabilities fixed in Trend Micro Apex One
Vulnerabilities have been fixed in Trend Micro Apex One. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Increased user privileges To exploit the vulnerabilities, a...
Vulnerability fixed in FortiGate and FortiProxy
Fortinet has fixed a vulnerability in FortiGate and FortiProxy. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to bypass authentication on the management interface and thus perform actions perform actions normally reserved for authenticated...
Vulnerabilities fixed in Rockwell FactoryTalk Vantagepoint
Rockwell Automation has fixed two vulnerabilities in FactoryTalk Vantagepoint. A malicious person with limited privileges could exploit the vulnerabilities to use SQL injection to gain access gain access to sensitive data and execute arbitrary code on the underlying SQL Database. Rockwell...
Vulnerability fixed in Cisco Secure Web Appliance
Cisco has fixed a vulnerability in its Secure Web Appliance. It affects both the hardware and virtual versions. An unauthenticated malicious person located in the internal network is in the internal network can exploit the vulnerability to bypass filters and thus route traffic from a rogue server...
Vulnerability fixed in Cisco Jabber
Cisco has fixed a vulnerability in the Jabber clients for Windows, macOS, iOS and Android. A malicious party could potentially exploit the vulnerability to use nested XMPP messages to manipulate the behavior of the vulnerable client and thus potentially gain access to sensitive data or, as Cisco...
Vulnerabilities fixed in Cisco TelePresence
Cisco has fixed vulnerabilities in Telepresence Video Communication Server and Touch10 systems. A malicious party could exploit the vulnerabilities in the Telepresence VCS exploited to gain access to sensitive information through cause a Cross-Site-Request-Forgery or a Denial-of-Service. cause...
Vulnerability fixed in BVMS Operator Client
Bosch has fixed a vulnerability in the Bosch Video Management System BVMS. When using cameras of type CPP13 and/or CPP14.x, a malicious party can access gain access to the video stream through a Man-in-the-middle attack. The vulnerability is in the encryption of the UDP traffic, which fails under...