4209 matches found
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the...
Vulnerability fixed in Apache Commons Text
A vulnerability has been fixed in Apache Commons Text. The vulnerability allows an unauthenticated remote malicious person potentially able to execute arbitrary code with the privileges of the vulnerable application. To do so, a malicious person must have specific text processed by the vulnerable...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed several vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to collect system data or cause a denial-of-service. To the vulnerability with attribute CVE-2022-42928, Mozilla assigns the impact 'High' and could lead to memory...
Vulnerabilities fixed in OTRS
OTRS developers have fixed vulnerabilities in OTRS 7 and 8. A malicious party could exploit them to perform a denial-of-service DoS or to gain access to sensitive data. To perform the denial-of-service, the malicious need not be remotely authenticated. OTRS has released updates to fix the...
Vulnerabilities fixed in Ivanti Connect Secure
Vulnerabilities have been fixed in Ivanti Connect Secure. The vulnerabilities allow an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. At this time, Ivanti has made very little additional information made available. Ivanti has released updates to fix th...
Vulnerabilities fixed in Mitel MiVoice Connect
Vulnerabilities have been fixed in the Director and Mitel Edge Gateway components Mitel MiVoice Connect. The vulnerability with reference CVE-2022-40765 allows an authenticated malicious person with access to the internal network able to inject rogue commands with administrator privileges within...
Vulnerability fixes in Juniper Junos OS and Junos OS Evolved
Vulnerabilities have been fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...
Vulnerability fixed in LibreOffice
A vulnerability has been fixed in LibreOffice. The vulnerability allows a malicious party to execute arbitrary code on the victim's system. To do this, the malicious party must trick the victim into to open a specially prepared file. Along this path execute macro code without warning. The Documen...
Vulnerabilities fixed in Trellix ePolicy Orchestrator
Vulnerabilities have been fixed in Trellix ePolicy Orchestrator. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights. Access to system data For the vulnerabili...
Vulnerability fixed in Palo Alto PAN-OS
Palo Alto has fixed a vulnerability in PAN-OS. The vulnerability allows a malicious person to remotely bypass authentication and impersonate an existing PAN-OS Administrator. This allows the malicious party with administrator privileges to perform actions and execute arbitrary code. Palo Alto...
Vulnerabilities fixed in Bentley View and MicroStation
Vulnerabilities have been fixed in Bentley View and MicroStation. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. To do this, the malicious party must trick the victim into running open a rogue SKP, XMT, or FBX file. It ...
Vulnerabilities fixed in Dell BIOS
Vulnerabilities have been fixed in the BIOS of Dell products. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code under administrator privileges and manipulate data manipulate data. To exploit the vulnerabilities, an authenticated malicious party must have...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to impersonate another user. The vulnerability with attribute CVE-2022-37968 has a CVSS of 10.0. If an unauthenticated malicious person uses the randomly generat...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a local malicious person to perform attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges The tables below provide an...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in the Microsoft Office. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Remote code execution User Rights Spoofing Access to sensitive data The tables below provide an overview of the vulnerabilitie...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to perform a denial-of-service DoS and execute arbitrary code under the user's privileges to execute. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As...
Vulnerabilities fixed in Citrix Hypervisor
Several vulnerabilities have been fixed in Citrix Hypervisor. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To exploit the vulnerability with reference CVE-2022-33748, two malicious virtual machines need to two rogue virtual machines to work...
Vulnerability fixed in Apple iOS
Apple has fixed a vulnerability in iOS 16. A malicious person could potentially exploit the vulnerability to use a rogue email to effect a crash. At this time, very little information has been shared by Apple about the vulnerability. Also, nothing has been disclosed about possible active misuse a...
Vulnerabilities fixed in SAP products
SAP has released updates to fix the vulnerabilities. For more information, see: https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in RUGGEDCOM, among others, SCALANCE, SIMATIC, and Logo! products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of...
Vulnerability fixed in FortiGate and FortiProxy
Fortinet has fixed a vulnerability in FortiGate and FortiProxy. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to bypass authentication on the management interface and thus perform actions perform actions normally reserved for authenticated...
Vulnerabilities fixed in Trend Micro Apex One
Vulnerabilities have been fixed in Trend Micro Apex One. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Increased user privileges To exploit the vulnerabilities, a...
Vulnerabilities fixed in Rockwell FactoryTalk Vantagepoint
Rockwell Automation has fixed two vulnerabilities in FactoryTalk Vantagepoint. A malicious person with limited privileges could exploit the vulnerabilities to use SQL injection to gain access gain access to sensitive data and execute arbitrary code on the underlying SQL Database. Rockwell...
Vulnerability fixed in Cisco Jabber
Cisco has fixed a vulnerability in the Jabber clients for Windows, macOS, iOS and Android. A malicious party could potentially exploit the vulnerability to use nested XMPP messages to manipulate the behavior of the vulnerable client and thus potentially gain access to sensitive data or, as Cisco...
Vulnerabilities fixed in Cisco TelePresence
Cisco has fixed vulnerabilities in Telepresence Video Communication Server and Touch10 systems. A malicious party could exploit the vulnerabilities in the Telepresence VCS exploited to gain access to sensitive information through cause a Cross-Site-Request-Forgery or a Denial-of-Service. cause...
Vulnerability fixed in Cisco Secure Web Appliance
Cisco has fixed a vulnerability in its Secure Web Appliance. It affects both the hardware and virtual versions. An unauthenticated malicious person located in the internal network is in the internal network can exploit the vulnerability to bypass filters and thus route traffic from a rogue server...
Vulnerability fixed in BVMS Operator Client
Bosch has fixed a vulnerability in the Bosch Video Management System BVMS. When using cameras of type CPP13 and/or CPP14.x, a malicious party can access gain access to the video stream through a Man-in-the-middle attack. The vulnerability is in the encryption of the UDP traffic, which fails under...
Vulnerabilities fixed in Aruba ArubaOS and InstantOS
Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS, which are used in various access points from Aruba Networks. A malicious party can exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. To cause a...
Vulnerabilities fixed in SUSE Linux Enterprise
Vulnerabilities have been fixed in the Linux kernel as used by SUSE Linux Enterprise. A local, authenticated malicious party can exploit the vulnerabilities to execute arbitrary code, causing a denial-of-service or obtaining elevated privileges. SUSE has made updates available to fix the...
Vulnerabilities fixed in Debian
Vulnerabilities have been fixed in the Linux kernel as used by Debian. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to...
Vulnerabilities fixed in Google Android and Samsung Devices
Google has fixed several vulnerabilities in Google Android. A malicious party can exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Access to system data...
Vulnerabilities fixed in IBM Tivoli Monitoring
IBM has fixed vulnerabilities in Tivoli Monitoring. The vulnerabilities are in underlying software, such as Java Runtime, zlib and Eclipse and allow a malicious person to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Tivoli...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service or possibly to execute arbitrary code. As usual, no substantive details about the vulnerabilities publicly available made available. Google has released...
Vulnerabilities found in GE Cimplicity
The Zero Day Initiative has published information about vulnerabilities in GE's Cimplicity have been published. The vulnerabilities occur during the processing of CIM files. Due to lack of proper initialization of the pointer, a malicious party can execute arbitrary code execute arbitrary code...
Vulnerabilities fixed in GitLab Community Edition (CE) and Enterprise Edition (EE).
GitLab has fixed vulnerabilities in Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitiv...
Vulnerability fixed in Expat
A vulnerability has been fixed in Expat. A malicious person can cause a use-after-free in libexpat via the doContent function in xmlparse.c. Misuse of the vulnerability potentially results in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Use...
Vulnerabilities found in Xpdf
Vulnerabilities have been fixed in Xpdf. The vulnerabilities allow a malicious person to cause a denial-of-service. For the vulnerabilities, Proof-of-Concept code is publicly available. The developers of Xpdf give no indication that any actively observed misuse as well. At the time of writing thi...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal Core. The vulnerability is located in Twig. Drupal Core uses Twig as its template engine. The vulnerability allows a malicious person who has elevated privileges to obtain sensitive data. At the time of writing this security advisory, there is still no kno...
Vulnerabilities fixed in IBM MQ
Vulnerabilities have been fixed in IBM MQ. The vulnerabilities allow a malicious party to bypass a command measure bypass and perform a denial-of-service DoS. IBM has released updates to fix the vulnerabilities in MQ. For more information, see: https://www.ibm.com/support/pages/node/6823767...
Vulnerability found in Zimbra Collaboration
A vulnerability has been fixed in Zimbra Collaboration Suite ZCS. The vulnerability allows a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Remote code execution Administrator/Root privileges The...
Vulnerabilities found in Microsoft Exchange Sever
GTSC, a Vietnamese security company has found vulnerabilities in Microsoft Exchange Server 1. The vulnerabilities allow a malicious party able to execute a Server-Side Request Forgery and to execute arbitrary code. The vulnerabilities have similarities to the Exchange vulnerability from 2021 call...
Vulnerabilities fixed in SolarWinds Orion
Vulnerabilities have been fixed in SolarWinds Orion. The vulnerabilities allow an authenticated malicious person with access to the network is able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access t...
Vulnerabilities fixed in Matrix SDKs
Matrix has fixed vulnerabilities in the following SDKs; matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2. These SDKs are used in a number of Matrix-based clients including the popular Element. The vulnerabilities allow a malicious able to perform attacks that result in the following categori...
Vulnerabilities fixed in Autodesk AutoCAD and Design Review
Vulnerabilities have been fixed in Autodesk AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code by having AutoCAD and Design Review process a rogue file to be processed. Autodesk has released updates to address the vulnerabilities. fix. More informatio...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...
Vulnerabilities fixed in IBM WebSphere Application Server and QRadar
IBM has fixed vulnerabilities in WebSphere Application Server and QRadar User Behavior Analytics. The vulnerabilities allow a malicious party able to gain access to system data or execute a Server-Side Request Forgery. Both vulnerabilities require that a malicious party already has access to the...
Vulnerabilities fixed in Google Chrome
Google vulnerabilities fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google has published few details about...