4179 matches found
Vulnerability fixed in Microsoft Defender
Microsoft has fixed a vulnerability in Defender Endpoint for macOS. A local, authenticated malicious party can exploit the exploit the vulnerability to grant itself elevated privileges and thus execute code with SYSTEM/root privileges. Microsoft has made updates available that fix the described...
Vulnerabilities fixed in TYPO3
The Typo3 Association has fixed vulnerabilities in the Core software of the TYPO3 Content Management System. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, gain access to system information, or launch Perform Cross-Site-Scripting XSS attacks. The...
Vulnerabilities fixed in Microsoft Office products
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application. To execute code in Office and Visio, the malicious party does not need prior authentication, but needs to trick the vict...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in RUGGEDCOM, SCALANCE and SIMATIC products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication. Remote co...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Aruba has fixed vulnerabilities in ClearPass Policy Manager CPPM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Remote code execution Administrator/Roo...
Vulnerability fixed in IBM Webpshere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a malicious party to perform an HTTP header injection. This allows a malicious perform various attacks such as cache poisoning and cross-site scripting. IBM has released updates to fix the vulnerability. More...
Vulnerability fixed in DokuWiki
A vulnerability has been fixed in DokuWiki. The vulnerability allows a malicious person to perform a Cross-Site Scripting XSS attack. To exploit the vulnerability, a malicious person must entice the victim to open a rogue link or file. Updates have been released to fix the vulnerability. More...
Vulnerability fixed in HP Support Assistant
HP has fixed a vulnerability in the Support Assistant, software installed by default on desktops and notebooks from HP. The vulnerability allows a local malicious party to increase its permissions. HP has released version 9.11 as an update to fix the problem. fix. For more information, see:...
Vulnerabilities fixed in Android
Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Access to system data Increased user privileges To exploit the...
Vulnerabilities fixed in Fortinet products
Forinet has fixed vulnerabilities in FortiOS, FortiAP, and FortiMail. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...
Vulnerability fixed in Google Chrome and Microsoft Edge
Google and Microsoft have fixed a vulnerability in Google Chrome and Microsoft Edge. The vulnerability allows a local malicious party to perform attacks in the context of the browser that lead to the execution of arbitrary code. Microsoft indicates that exploit code is available. -= Google =-...
Vulnerabilities fixed in NetApp Active IQ Unified Manager
NetApp has fixed vulnerabilities in the Spring Security component of Active IQ Unified Manager for Windows, Linux, and VMware vSphere. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data...
Vulnerabilities fixed in GitLab CE and EE
Vulnerabilities have been fixed in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to perform attacks execute attacks in the context of the browser that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User righ...
Vulnerabilities fixed in Aruba AOS-CX switches
Vulnerabilities have been fixed in several Aruba AOS-CX switches. These vulnerabilities do not apply to wireless products. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS...
Vulnerabilities fixed in WatchGuard firewalls
Several vulnerabilities have been fixed in WatchGuard firewall products. An unauthenticated remote malicious agent could vulnerability potentially exploit it to execute arbitrary code under root privileges. To be exploited, however, the management interface, however, must be accessible via the...
Vulnerabilities fixed in Foxit PDF Editor
Vulnerabilities have been fixed in Foxit PDF Editor. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, to obtain sensitive data, or to execute arbitrary code in the scope of the application. This requires the malicious party to trick the victim into opening a rogue...
Vulnerability fixed in GnuTLS
A vulnerability has been fixed in GnuTLS. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code execute with the application's privileges. The vulnerability was found in the PKCS 7 authentication code. In doing...
Vulnerabilities fixed in Nessus Agent
Tenable has fixed two vulnerabilities in Nessus Agent. A authenticated malicious person with the ability and knowledge to create custom audit files could exploit the vulnerabilities to execute code with administrator privileges, or to access gain access to arbitrary system files of the underlying...
Vulnerabilities fixed in SonicWall SMA100
Sonicwall has fixed two vulnerabilities in the firmware of SMA100 systems. An authenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service, or to gain access to system data. The vulnerability that could lead to access to system data has not been assigned...
Vulnerabilities fixed in Cisco NX-OS and FXOS
Cisco has fixed vulnerabilities in NX-OS and FXOS for various Firepower, Nexus and UCS hardware. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or use command-injection to execute commands on the vulnerable system with root privileges. To exploit the...
Vulnerability fixed in Cisco ACI Multi-Site Orchestrator
Cisco has fixed a vulnerability in ACI Multi-Site Orchestrator. An authenticated malicious party can exploit the exploit the vulnerability to grant itself elevated privileges and execute commands under Administrator privileges. Cisco has released updates to fix the vulnerability in ACI Multi-Site...
Vulnerability fixed in Atlassian Bitbucket
Atlassian has fixed a vulnerability in Bitbucket Server and Data Center. A malicious party could exploit the vulnerability to execute arbitrary code via API calls with permissions from the application. To exploit, the malicious party only needs access to a public repository, or if it is a private...
Vulnerability fixed in PowerDNS recursor
PowerDNS has fixed a vulnerability in PowerDNS recursor. A remote malicious party could potentially exploit the vulnerability to cause a denial-of-service. To exploit the vulnerability, the malicious party must use use an IP address allowed by the Access Control List and the vulnerable environmen...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to execute arbitrary execute code under the user's privileges or to access gain access to sensitive data within the scope of the application. The vulnerabilities are all in the contex...
Vulnerability fixed in Xpdf and Xpdfreader
A vulnerability has been fixed in Xpdf and Xpdfreader. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service or to execute arbitrary code in the scope of the application. Google's Project Zero published a comprehensive analysis in December 2021 published about a zero-clic...
Vulnerability fixed in VMWare Tools
VMWare has fixed a vulnerability in VMWare Tools. A malicious person with user privileges in a virtual machine VM can exploit the vulnerability to grant himself elevated privileges and execute code with local administrator privileges in the vulnerable virtual machine. As far as is known, the...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in the underlying software of QRadar SIEM. The vulnerabilities are in supporting software, such as Expat, Eclipse, the Kernel and SASL. For the vulnerabilities, previous security advisories have been issued. These updates to QRadar SIEM are a bundle. A malicious part...
Vulnerabilities fixed in GitLab Enterprise Edition and GitLab Community Edition
GitLab has fixed a vulnerability in GitLab Enterprise Edition and GitLab Community Edition. An authenticated malicious party could exploit the vulnerability to execute arbitrary code via the 'Import from GitHub' API Endpoint to execute arbitrary code with permissions from the application and...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Red Hat has released updates to Red Hat OpenShift Container Platform to address several vulnerabilities in underlying software modules fixes. A malicious party could potentially exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Manipulation of data...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in IBM MQ. Through an XML External Entity Injection XXE, a malicious party can cause a Denial-of-Service by running the MQ environment out of memory run, or gain access to sensitive information. IBM has released updates to fix the vulnerability in MQ 8.0, 9.1 and 9.2...
Vulnerability fixed in Cisco Secure Web Appliance
Cisco has fixed a vulnerability in the management interface of AsyncOS for the Secure Web Appliance. An authenticated malicious party could exploit the vulnerability to inject commands inject and execute commands with root privileges. The vulnerability can only be exploited through the management...
Zero-day vulnerabilities fixed in Apple macOS, iOS and iPadOS
Apple, in an interim update, has fixed two zero-day 0day vulnerabilities fixed in macOS, iOS and iPadOS. A malicious person can exploit the vulnerabilities to execute arbitrary code. The most serious vulnerability, marked CVE-2022-32894, allows execution of code at the kernel level. Abuse of this...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, bypass a security measure or execute arbitrary code in the context of the browser. The malicious party must entice the victim to open a rogue link or fi...
Vulnerability fixed in Palo Alto Pan-OS
A vulnerability has been fixed in Palo Alto PAN-OS. The vulnerability allows an unauthenticated remote malicious person able to exploit the affected Palo Alto system in a reflected denial-of-service attack on systems other than the vulnerable Palo Alto system. The attack appears to the victim the...
Vulnerability fixed in Yokogawa Centum controller FCS products
Yokogawa has fixed a vulnerability in Centum controller FCS products. A malicious party could potentially exploit it to cause a denial-of-service. To exploit the vulnerability, the malicious party needs access to the production infrastructure. It is good practice not to have such infrastructure...
Vulnerabilities fixed in Splunk
Splunk has fixed vulnerabilities in Splunk Enterprise and Universal Forwarder. A malicious party could potentially exploit them to cause a denial-of-service, bypassing security measures or to gain access to system data. The most serious vulnerability involves causing a Denial-of-Service. For this...
Vulnerabilities fixed in ArcGis products
Esri has fixed vulnerabilities in ArcGis Portal and ArcReader. A malicious party could exploit the vulnerabilities to obtain system information, access sensitive data without prior authorization, or to perform a cross-site scripting XSS attack. Such attacks can lead to the execution of JavaScript...
Vulnerabilities fixed in QNAP products
QNAP has fixed several vulnerabilities in QTS, the operating system of QNAP NAS systems. The vulnerabilities are are in the SAMBA and Kerberos software used within QTS. used within. The vulnerabilities allow a remote malicious person to able to bypass security measures and thus gain access gain...
Vulnerabilities fixed in NVIDIA GPU Display Drivers
NVidia has fixed vulnerabilities in the GPU Display Driver, and supporting software. The vulnerabilities allow a local malicious party to carry out attacks resulting in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights...
Vulnerabilities fixed in apache OpenOffice
Apache Software Foundation has fixed vulnerabilities in OpenOffice. The vulnerabilities allow a malicious person with access to the system to retrieve user passwords stored in a user's configuration database. The vulnerabilities involve weak encryption on this configuration database. Apache has...
Vulnerability fixed in Zoom for macOS
Zoom has fixed a vulnerability in the Zoom Client for macOS. A local malicious person with user privileges could exploit to execute arbitrary code under privileges of root. The vulnerability is located in Zoom's installer and makes it possible to substitute the zoom client update for any other...
Vulnerabilities fixed in HP Integrated Lights-out (ILO)
HP has fixed vulnerabilities in the firmware of HP Integrated Lights-out of several HP Apollo, Proliant, Edgeline and StoreEasy server systems. A local malicious person with access to the systems, or the physical management infrastructure, could exploit them to cause a denial-of-service, the...
Vulnerabilities fixed in Android
Google has fixed vulnerabilities in Android 13. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Increased user privileges Access to sensitive data Remote code execution User rights...
Vulnerabilities fixed in Dell Wyse Management Suite
Dell has fixed vulnerabilities in Wyse Management Suite. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system and/or gain access to sensitive data. Dell has released updates to fix the vulnerabilities in Wyse Management Suite 3.8...
Vulnerabilities fixed in Cisco Adaptive Security Appliance
Vulnerabilities have been fixed in Cisco ASA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Cisco has released updates to...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that could potentially lead to access to sensitive data. As usual, SAP is making few technical details about the fixed vulnerabilities publicly available. SAP...
Vulnerabilities fixed in Intel products
Vulnerabilities have been fixed in several Intel products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Accessing sensitive data Increased user privileges The...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Acrobat, Acrobat Reader, Premiere Elements, Illustrator and FrameMaker. The vulnerabilities allow a malicious person to execute arbitrary code execute within the context of the user or gaining elevated privileges. Adobe has released updates to fix the...
Vulnerabilities fixed in VMware vRealize Operations
Vulnerabilities have been fixed in VMware vRealize Operations. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root privileges Access to sensitive data...