4209 matches found
Researcher discovered vulnerabilities in Layer-2 managed switches
A researcher has found vulnerabilities in network security techniques at the Layer-2 level. The vulnerabilities reside in the fact that the QinQ functionality IEEE 802.1ad standard incorrectly allows VLAN 0 priority tag and 802.2 LLC/SNAP headers can be stacked multiple define VLANs within VLANs....
Vulnerability fixed in Redis
A vulnerability has been fixed in Redis. The vulnerability allows a malicious party to use heap overflow to execute arbitrary code with user privileges or a denial-of-service DoS. To exploit the vulnerability, a malicious party must issue an XAUTOCLAIM command with a rogue COUNT argument on a key...
Vulnerabilities fixed in Squid
Vulnerabilities have been fixed in Squid. The vulnerabilities allow a malicious party the ability to access sensitive data obtain or cause a denial-of-service. The developers of Squid have released an update to fix the vulnerability with reference CVE-2022-41317. For more information, see:...
Vulnerability fixed in Grafana
A vulnerability has been fixed in Grafana. The vulnerability allows a remote malicious person to obtain elevated privileges. obtain. Grafana has released updates to fix the vulnerability. More information can be found on the page below: https://github.com/grafana/grafana/security/advisories...
Vulnerabilities fixed in Veritas NetBackup
Vulnerabilities have been fixed in Veritas NetBackup Server and Client. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data The vulnerabilities with CVSS3 scores 9.0 and 8.0...
Vulnerability fixed in Sophos Firewall
A vulnerability has been fixed in Sophos Firewall.The vulnerability is located in the User Portal and Webadmin of the Sophos Firewall. The vulnerability allows a remote malicious person able to execute arbitrary code. Sophos has indicated that this vulnerability is being exploited on a limited...
Vulnerabilities fixed in HPE Integrated Lights-Out (ILO)
Vulnerabilities have been fixed in HPE Integrated Lights-Out ILO. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data For all vulnerabilities...
Vulnerabilities fixed in WhatsApp
Two vulnerabilities have been fixed in WhatsApp. The vulnerability with reference CVE-2022-36934 allows a remote malicious person to able to execute arbitrary code during a video call. The vulnerability with attribute CVE-2022-27492 allows a remote malicious person to remotely able to execute...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Manipulation of data Spoofing Access to sensitive data Node.js developers have released updates to address the vulnerabilities. More...
Vulnerabilities fixed in BIND
ISC has fixed several vulnerabilities in BIND. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND. For more information, see: https://kb.isc.org/docs/cve-2022-2795...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to execute arbitrary execute code under the user's privileges or to access gain access to sensitive data within the scope of the application. Mozilla has released updates to fix the...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to execute arbitrary code or cause a denial-of-service. As usual, few technical details about the vulnerabilities publicly available made available...
Vulnerabilities fixed in Synology DiskStation Manager
Vulnerabilities have been fixed in GLPI for Synology DiskStation Manager. An unauthenticated malicious person could exploit them to perform SQL injections and gain accessing sensitive data. Synology has made updates available to address the vulnerabilities. fixes. For more information, see:...
Vulnerability found in Microsoft Teams
Researchers from security firm Vectra have found a vulnerability found in the Microsoft Teams user application. The vulnerability allows a malicious party to obtain obtain authentication tokens from users and thereby perform actions with the victim's privileges. The vulnerability has not been...
Vulnerabilities fixed in Linux Kernel
Vulnerabilities have been fixed in the Linux Kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Increased user...
Vulnerabilities fixed IBM Integration Bus and App Connect Enterprise
IBM has fixed vulnerabilities in the Node.js and OpenSSL components of the Integration Bus and App Connect Enterprise. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in several products. A malicious party can exploit these vulnerabilities to gain accessing files, executing arbitrary code and cause a denial-of-service. For most vulnerabilities successful exploitation requires that the victim be entice the victim to perform a...
Vulnerabilities fixed in Zoom
Vulnerabilities have been fixed in Zoom. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Accessing sensitive data The vulnerabilities with characteristics CVE-2022-28758 and...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in Apex One. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication Remote code execution Administrator/Root rights Access to...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privileges SAP...
Vulnerabilities fixed in macOS
Apple has fixed vulnerabilities in macOS Big Sur and Monterey. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution Kernel/Root permissions. Access to sensitive data Access to system data Increased...
Vulnerabilities fixed in Safari
Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious party to execute arbitrary code execute within the scope of the browser and to spoof user interfaces. spoofing. To do this, however, the malicious party must entice the victim to open rogue content. -= Apple =- Apple...
Vulnerabilities fixed in iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution Kernel/Root permissions Access to sensitive data Access to system data Increased user privileg...
Vulnerabilities fixed in Sophos Firewall
Sophos has fixed vulnerabilities in Sophos Firewall. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks leading to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Bypassing security measure Remote code execution Administrator/Roo...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in RUGGEDCOM, SCALANCE and SIMATIC products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication. Remote co...
Vulnerabilities fixed in IBM AIX
IBM has fixed vulnerabilities in AIX. The vulnerabilities allow a local malicious person to obtain elevated privileges. obtain. To do so, a rogue command must be executed on the vulnerable system must be executed. IBM has made updates available to address the vulnerabilities. fix. For more...
Vulnerabilities fixed in Microsoft Azure
A vulnerability has been fixed in Microsoft Azure. A authenticated malicious party could potentially abuse it to obtain elevated privileges and execute arbitrary code under root privileges. Microsoft indicates that proof-of-concept code is known for this vulnerability. Microsoft has made updates...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in .NET and Visual Studio. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to obtain elevated privileges obtain and execute code with the victim's privileges. The vulnerabilities are located in the development environments o...
Vulnerabilities fixed in Microsoft Office products
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application. To execute code in Office and Visio, the malicious party does not need prior authentication, but needs to trick the vict...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Microsoft Dynamics. A authenticated malicious person could exploit the vulnerabilities to execute SQL injections, and thus arbitrary code within the context of the database, with dbowner privileges. The tables below list the vulnerabilities fixed by Microsof...
Vulnerability fixed in IBM WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. An authenticated malicious person could exploit the vulnerability potentially exploit it to perform a cross-site scripting attack. Through such an attack, the malicious party could execute code in the browser of the victim and thus be...
Vulnerability fixed in Microsoft Defender
Microsoft has fixed a vulnerability in Defender Endpoint for macOS. A local, authenticated malicious party can exploit the exploit the vulnerability to grant itself elevated privileges and thus execute code with SYSTEM/root privileges. Microsoft has made updates available that fix the described...
Vulnerabilities fixed in TYPO3
The Typo3 Association has fixed vulnerabilities in the Core software of the TYPO3 Content Management System. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, gain access to system information, or launch Perform Cross-Site-Scripting XSS attacks. The...
Vulnerability fixed in HP Support Assistant
HP has fixed a vulnerability in the Support Assistant, software installed by default on desktops and notebooks from HP. The vulnerability allows a local malicious party to increase its permissions. HP has released version 9.11 as an update to fix the problem. fix. For more information, see:...
Vulnerability fixed in IBM Webpshere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a malicious party to perform an HTTP header injection. This allows a malicious perform various attacks such as cache poisoning and cross-site scripting. IBM has released updates to fix the vulnerability. More...
Vulnerability fixed in DokuWiki
A vulnerability has been fixed in DokuWiki. The vulnerability allows a malicious person to perform a Cross-Site Scripting XSS attack. To exploit the vulnerability, a malicious person must entice the victim to open a rogue link or file. Updates have been released to fix the vulnerability. More...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Aruba has fixed vulnerabilities in ClearPass Policy Manager CPPM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Remote code execution Administrator/Roo...
Vulnerabilities fixed in Fortinet products
Forinet has fixed vulnerabilities in FortiOS, FortiAP, and FortiMail. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...
Vulnerabilities fixed in Android
Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Access to system data Increased user privileges To exploit the...
Vulnerability fixed in Google Chrome and Microsoft Edge
Google and Microsoft have fixed a vulnerability in Google Chrome and Microsoft Edge. The vulnerability allows a local malicious party to perform attacks in the context of the browser that lead to the execution of arbitrary code. Microsoft indicates that exploit code is available. -= Google =-...
Vulnerabilities fixed in NetApp Active IQ Unified Manager
NetApp has fixed vulnerabilities in the Spring Security component of Active IQ Unified Manager for Windows, Linux, and VMware vSphere. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data...
Vulnerabilities fixed in Aruba AOS-CX switches
Vulnerabilities have been fixed in several Aruba AOS-CX switches. These vulnerabilities do not apply to wireless products. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS...
Vulnerabilities fixed in GitLab CE and EE
Vulnerabilities have been fixed in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to perform attacks execute attacks in the context of the browser that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User righ...
Vulnerabilities fixed in WatchGuard firewalls
Several vulnerabilities have been fixed in WatchGuard firewall products. An unauthenticated remote malicious agent could vulnerability potentially exploit it to execute arbitrary code under root privileges. To be exploited, however, the management interface, however, must be accessible via the...
Vulnerability fixed in GnuTLS
A vulnerability has been fixed in GnuTLS. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code execute with the application's privileges. The vulnerability was found in the PKCS 7 authentication code. In doing...
Vulnerabilities fixed in Foxit PDF Editor
Vulnerabilities have been fixed in Foxit PDF Editor. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, to obtain sensitive data, or to execute arbitrary code in the scope of the application. This requires the malicious party to trick the victim into opening a rogue...
Vulnerabilities fixed in Nessus Agent
Tenable has fixed two vulnerabilities in Nessus Agent. A authenticated malicious person with the ability and knowledge to create custom audit files could exploit the vulnerabilities to execute code with administrator privileges, or to access gain access to arbitrary system files of the underlying...
Vulnerabilities fixed in Cisco NX-OS and FXOS
Cisco has fixed vulnerabilities in NX-OS and FXOS for various Firepower, Nexus and UCS hardware. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or use command-injection to execute commands on the vulnerable system with root privileges. To exploit the...