Vulnerabilities fixed in Debian

Vulnerabilities have been fixed in the Linux kernel as used by Debian. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to...

Vulnerabilities fixed in Google Android and Samsung Devices

Google has fixed several vulnerabilities in Google Android. A malicious party can exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Access to system data...

Vulnerabilities fixed in SUSE Linux Enterprise

Vulnerabilities have been fixed in the Linux kernel as used by SUSE Linux Enterprise. A local, authenticated malicious party can exploit the vulnerabilities to execute arbitrary code, causing a denial-of-service or obtaining elevated privileges. SUSE has made updates available to fix the...

Vulnerabilities fixed in Aruba ArubaOS and InstantOS

Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS, which are used in various access points from Aruba Networks. A malicious party can exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. To cause a...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service or possibly to execute arbitrary code. As usual, no substantive details about the vulnerabilities publicly available made available. Google has released...

Vulnerabilities fixed in IBM Tivoli Monitoring

IBM has fixed vulnerabilities in Tivoli Monitoring. The vulnerabilities are in underlying software, such as Java Runtime, zlib and Eclipse and allow a malicious person to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Tivoli...

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal Core. The vulnerability is located in Twig. Drupal Core uses Twig as its template engine. The vulnerability allows a malicious person who has elevated privileges to obtain sensitive data. At the time of writing this security advisory, there is still no kno...

Vulnerabilities found in GE Cimplicity

The Zero Day Initiative has published information about vulnerabilities in GE's Cimplicity have been published. The vulnerabilities occur during the processing of CIM files. Due to lack of proper initialization of the pointer, a malicious party can execute arbitrary code execute arbitrary code...

Vulnerabilities found in Xpdf

Vulnerabilities have been fixed in Xpdf. The vulnerabilities allow a malicious person to cause a denial-of-service. For the vulnerabilities, Proof-of-Concept code is publicly available. The developers of Xpdf give no indication that any actively observed misuse as well. At the time of writing thi...

Vulnerability found in Zimbra Collaboration

A vulnerability has been fixed in Zimbra Collaboration Suite ZCS. The vulnerability allows a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Remote code execution Administrator/Root privileges The...

Vulnerabilities fixed in GitLab Community Edition (CE) and Enterprise Edition (EE).

GitLab has fixed vulnerabilities in Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitiv...

Vulnerabilities found in Microsoft Exchange Sever

GTSC, a Vietnamese security company has found vulnerabilities in Microsoft Exchange Server 1. The vulnerabilities allow a malicious party able to execute a Server-Side Request Forgery and to execute arbitrary code. The vulnerabilities have similarities to the Exchange vulnerability from 2021 call...

Vulnerabilities fixed in IBM MQ

Vulnerabilities have been fixed in IBM MQ. The vulnerabilities allow a malicious party to bypass a command measure bypass and perform a denial-of-service DoS. IBM has released updates to fix the vulnerabilities in MQ. For more information, see: https://www.ibm.com/support/pages/node/6823767...

Vulnerability fixed in Expat

A vulnerability has been fixed in Expat. A malicious person can cause a use-after-free in libexpat via the doContent function in xmlparse.c. Misuse of the vulnerability potentially results in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Use...

Vulnerabilities fixed in Autodesk AutoCAD and Design Review

Vulnerabilities have been fixed in Autodesk AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code by having AutoCAD and Design Review process a rogue file to be processed. Autodesk has released updates to address the vulnerabilities. fix. More informatio...

Vulnerabilities fixed in Matrix SDKs

Matrix has fixed vulnerabilities in the following SDKs; matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2. These SDKs are used in a number of Matrix-based clients including the popular Element. The vulnerabilities allow a malicious able to perform attacks that result in the following categori...

Vulnerabilities fixed in SolarWinds Orion

Vulnerabilities have been fixed in SolarWinds Orion. The vulnerabilities allow an authenticated malicious person with access to the network is able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access t...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

Vulnerabilities fixed in IBM WebSphere Application Server and QRadar

IBM has fixed vulnerabilities in WebSphere Application Server and QRadar User Behavior Analytics. The vulnerabilities allow a malicious party able to gain access to system data or execute a Server-Side Request Forgery. Both vulnerabilities require that a malicious party already has access to the...

Researcher discovered vulnerabilities in Layer-2 managed switches

A researcher has found vulnerabilities in network security techniques at the Layer-2 level. The vulnerabilities reside in the fact that the QinQ functionality IEEE 802.1ad standard incorrectly allows VLAN 0 priority tag and 802.2 LLC/SNAP headers can be stacked multiple define VLANs within VLANs....

Vulnerabilities fixed in Google Chrome

Google vulnerabilities fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google has published few details about...

Vulnerabilities fixed in Squid

Vulnerabilities have been fixed in Squid. The vulnerabilities allow a malicious party the ability to access sensitive data obtain or cause a denial-of-service. The developers of Squid have released an update to fix the vulnerability with reference CVE-2022-41317. For more information, see:...

Vulnerabilities fixed in Veritas NetBackup

Vulnerabilities have been fixed in Veritas NetBackup Server and Client. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data The vulnerabilities with CVSS3 scores 9.0 and 8.0...

Vulnerability fixed in Redis

A vulnerability has been fixed in Redis. The vulnerability allows a malicious party to use heap overflow to execute arbitrary code with user privileges or a denial-of-service DoS. To exploit the vulnerability, a malicious party must issue an XAUTOCLAIM command with a rogue COUNT argument on a key...

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana. The vulnerability allows a remote malicious person to obtain elevated privileges. obtain. Grafana has released updates to fix the vulnerability. More information can be found on the page below: https://github.com/grafana/grafana/security/advisories...

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Manipulation of data Spoofing Access to sensitive data Node.js developers have released updates to address the vulnerabilities. More...

Vulnerabilities fixed in WhatsApp

Two vulnerabilities have been fixed in WhatsApp. The vulnerability with reference CVE-2022-36934 allows a remote malicious person to able to execute arbitrary code during a video call. The vulnerability with attribute CVE-2022-27492 allows a remote malicious person to remotely able to execute...

Vulnerability fixed in Sophos Firewall

A vulnerability has been fixed in Sophos Firewall.The vulnerability is located in the User Portal and Webadmin of the Sophos Firewall. The vulnerability allows a remote malicious person able to execute arbitrary code. Sophos has indicated that this vulnerability is being exploited on a limited...

Vulnerabilities fixed in HPE Integrated Lights-Out (ILO)

Vulnerabilities have been fixed in HPE Integrated Lights-Out ILO. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data For all vulnerabilities...

Vulnerabilities fixed in BIND

ISC has fixed several vulnerabilities in BIND. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND. For more information, see: https://kb.isc.org/docs/cve-2022-2795...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to execute arbitrary execute code under the user's privileges or to access gain access to sensitive data within the scope of the application. Mozilla has released updates to fix the...

Vulnerabilities fixed in Synology DiskStation Manager

Vulnerabilities have been fixed in GLPI for Synology DiskStation Manager. An unauthenticated malicious person could exploit them to perform SQL injections and gain accessing sensitive data. Synology has made updates available to address the vulnerabilities. fixes. For more information, see:...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to execute arbitrary code or cause a denial-of-service. As usual, few technical details about the vulnerabilities publicly available made available...

Vulnerability found in Microsoft Teams

Researchers from security firm Vectra have found a vulnerability found in the Microsoft Teams user application. The vulnerability allows a malicious party to obtain obtain authentication tokens from users and thereby perform actions with the victim's privileges. The vulnerability has not been...

Vulnerabilities fixed in Linux Kernel

Vulnerabilities have been fixed in the Linux Kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Increased user...

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in several products. A malicious party can exploit these vulnerabilities to gain accessing files, executing arbitrary code and cause a denial-of-service. For most vulnerabilities successful exploitation requires that the victim be entice the victim to perform a...

Vulnerabilities fixed in Zoom

Vulnerabilities have been fixed in Zoom. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Accessing sensitive data The vulnerabilities with characteristics CVE-2022-28758 and...

Vulnerabilities fixed IBM Integration Bus and App Connect Enterprise

IBM has fixed vulnerabilities in the Node.js and OpenSSL components of the Integration Bus and App Connect Enterprise. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privileges SAP...

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication Remote code execution Administrator/Root rights Access to...

Vulnerabilities fixed in Safari

Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious party to execute arbitrary code execute within the scope of the browser and to spoof user interfaces. spoofing. To do this, however, the malicious party must entice the victim to open rogue content. -= Apple =- Apple...

Vulnerabilities fixed in iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution Kernel/Root permissions Access to sensitive data Access to system data Increased user privileg...

Vulnerabilities fixed in macOS

Apple has fixed vulnerabilities in macOS Big Sur and Monterey. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution Kernel/Root permissions. Access to sensitive data Access to system data Increased...

Vulnerabilities fixed in Sophos Firewall

Sophos has fixed vulnerabilities in Sophos Firewall. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks leading to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights Remote...

Vulnerabilities fixed in Microsoft Azure

A vulnerability has been fixed in Microsoft Azure. A authenticated malicious party could potentially abuse it to obtain elevated privileges and execute arbitrary code under root privileges. Microsoft indicates that proof-of-concept code is known for this vulnerability. Microsoft has made updates...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Bypassing security measure Remote code execution Administrator/Roo...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in .NET and Visual Studio. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to obtain elevated privileges obtain and execute code with the victim's privileges. The vulnerabilities are located in the development environments o...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Microsoft Dynamics. A authenticated malicious person could exploit the vulnerabilities to execute SQL injections, and thus arbitrary code within the context of the database, with dbowner privileges. The tables below list the vulnerabilities fixed by Microsof...

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in AIX. The vulnerabilities allow a local malicious person to obtain elevated privileges. obtain. To do so, a rogue command must be executed on the vulnerable system must be executed. IBM has made updates available to address the vulnerabilities. fix. For more...

Vulnerability fixed in IBM WebSphere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. An authenticated malicious person could exploit the vulnerability potentially exploit it to perform a cross-site scripting attack. Through such an attack, the malicious party could execute code in the browser of the victim and thus be...