4209 matches found
Vulnerability fixed in Cisco ACI Multi-Site Orchestrator
Cisco has fixed a vulnerability in ACI Multi-Site Orchestrator. An authenticated malicious party can exploit the exploit the vulnerability to grant itself elevated privileges and execute commands under Administrator privileges. Cisco has released updates to fix the vulnerability in ACI Multi-Site...
Vulnerabilities fixed in SonicWall SMA100
Sonicwall has fixed two vulnerabilities in the firmware of SMA100 systems. An authenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service, or to gain access to system data. The vulnerability that could lead to access to system data has not been assigned...
Vulnerability fixed in Atlassian Bitbucket
Atlassian has fixed a vulnerability in Bitbucket Server and Data Center. A malicious party could exploit the vulnerability to execute arbitrary code via API calls with permissions from the application. To exploit, the malicious party only needs access to a public repository, or if it is a private...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to execute arbitrary execute code under the user's privileges or to access gain access to sensitive data within the scope of the application. The vulnerabilities are all in the contex...
Vulnerability fixed in PowerDNS recursor
PowerDNS has fixed a vulnerability in PowerDNS recursor. A remote malicious party could potentially exploit the vulnerability to cause a denial-of-service. To exploit the vulnerability, the malicious party must use use an IP address allowed by the Access Control List and the vulnerable environmen...
Vulnerability fixed in Xpdf and Xpdfreader
A vulnerability has been fixed in Xpdf and Xpdfreader. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service or to execute arbitrary code in the scope of the application. Google's Project Zero published a comprehensive analysis in December 2021 published about a zero-clic...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in the underlying software of QRadar SIEM. The vulnerabilities are in supporting software, such as Expat, Eclipse, the Kernel and SASL. For the vulnerabilities, previous security advisories have been issued. These updates to QRadar SIEM are a bundle. A malicious part...
Vulnerability fixed in VMWare Tools
VMWare has fixed a vulnerability in VMWare Tools. A malicious person with user privileges in a virtual machine VM can exploit the vulnerability to grant himself elevated privileges and execute code with local administrator privileges in the vulnerable virtual machine. As far as is known, the...
Vulnerabilities fixed in GitLab Enterprise Edition and GitLab Community Edition
GitLab has fixed a vulnerability in GitLab Enterprise Edition and GitLab Community Edition. An authenticated malicious party could exploit the vulnerability to execute arbitrary code via the 'Import from GitHub' API Endpoint to execute arbitrary code with permissions from the application and...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Red Hat has released updates to Red Hat OpenShift Container Platform to address several vulnerabilities in underlying software modules fixes. A malicious party could potentially exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Manipulation of data...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in IBM MQ. Through an XML External Entity Injection XXE, a malicious party can cause a Denial-of-Service by running the MQ environment out of memory run, or gain access to sensitive information. IBM has released updates to fix the vulnerability in MQ 8.0, 9.1 and 9.2...
Zero-day vulnerabilities fixed in Apple macOS, iOS and iPadOS
Apple, in an interim update, has fixed two zero-day 0day vulnerabilities fixed in macOS, iOS and iPadOS. A malicious person can exploit the vulnerabilities to execute arbitrary code. The most serious vulnerability, marked CVE-2022-32894, allows execution of code at the kernel level. Abuse of this...
Vulnerability fixed in Cisco Secure Web Appliance
Cisco has fixed a vulnerability in the management interface of AsyncOS for the Secure Web Appliance. An authenticated malicious party could exploit the vulnerability to inject commands inject and execute commands with root privileges. The vulnerability can only be exploited through the management...
Vulnerability fixed in Palo Alto Pan-OS
A vulnerability has been fixed in Palo Alto PAN-OS. The vulnerability allows an unauthenticated remote malicious person able to exploit the affected Palo Alto system in a reflected denial-of-service attack on systems other than the vulnerable Palo Alto system. The attack appears to the victim the...
Vulnerabilities fixed in Splunk
Splunk has fixed vulnerabilities in Splunk Enterprise and Universal Forwarder. A malicious party could potentially exploit them to cause a denial-of-service, bypassing security measures or to gain access to system data. The most serious vulnerability involves causing a Denial-of-Service. For this...
Vulnerability fixed in Yokogawa Centum controller FCS products
Yokogawa has fixed a vulnerability in Centum controller FCS products. A malicious party could potentially exploit it to cause a denial-of-service. To exploit the vulnerability, the malicious party needs access to the production infrastructure. It is good practice not to have such infrastructure...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, bypass a security measure or execute arbitrary code in the context of the browser. The malicious party must entice the victim to open a rogue link or fi...
Vulnerabilities fixed in ArcGis products
Esri has fixed vulnerabilities in ArcGis Portal and ArcReader. A malicious party could exploit the vulnerabilities to obtain system information, access sensitive data without prior authorization, or to perform a cross-site scripting XSS attack. Such attacks can lead to the execution of JavaScript...
Vulnerabilities fixed in QNAP products
QNAP has fixed several vulnerabilities in QTS, the operating system of QNAP NAS systems. The vulnerabilities are are in the SAMBA and Kerberos software used within QTS. used within. The vulnerabilities allow a remote malicious person to able to bypass security measures and thus gain access gain...
Vulnerabilities fixed in apache OpenOffice
Apache Software Foundation has fixed vulnerabilities in OpenOffice. The vulnerabilities allow a malicious person with access to the system to retrieve user passwords stored in a user's configuration database. The vulnerabilities involve weak encryption on this configuration database. Apache has...
Vulnerability fixed in Zoom for macOS
Zoom has fixed a vulnerability in the Zoom Client for macOS. A local malicious person with user privileges could exploit to execute arbitrary code under privileges of root. The vulnerability is located in Zoom's installer and makes it possible to substitute the zoom client update for any other...
Vulnerabilities fixed in HP Integrated Lights-out (ILO)
HP has fixed vulnerabilities in the firmware of HP Integrated Lights-out of several HP Apollo, Proliant, Edgeline and StoreEasy server systems. A local malicious person with access to the systems, or the physical management infrastructure, could exploit them to cause a denial-of-service, the...
Vulnerabilities fixed in NVIDIA GPU Display Drivers
NVidia has fixed vulnerabilities in the GPU Display Driver, and supporting software. The vulnerabilities allow a local malicious party to carry out attacks resulting in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Android
Google has fixed vulnerabilities in Android 13. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Increased user privileges Access to sensitive data Remote code execution User rights...
Vulnerabilities fixed in Cisco Adaptive Security Appliance
Vulnerabilities have been fixed in Cisco ASA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Cisco has released updates to...
Vulnerabilities fixed in Dell Wyse Management Suite
Dell has fixed vulnerabilities in Wyse Management Suite. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system and/or gain access to sensitive data. Dell has released updates to fix the vulnerabilities in Wyse Management Suite 3.8...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that could potentially lead to access to sensitive data. As usual, SAP is making few technical details about the fixed vulnerabilities publicly available. SAP...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Acrobat, Acrobat Reader, Premiere Elements, Illustrator and FrameMaker. The vulnerabilities allow a malicious person to execute arbitrary code execute within the context of the user or gaining elevated privileges. Adobe has released updates to fix the...
Vulnerabilities fixed in VMware vRealize Operations
Vulnerabilities have been fixed in VMware vRealize Operations. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root privileges Access to sensitive data...
Vulnerabilities fixed in Intel products
Vulnerabilities have been fixed in several Intel products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Accessing sensitive data Increased user privileges The...
Vulnerabilities discovered in Siemens products
Vulnerabilities have been discovered in several Siemens industrial products. A malicious party could potentially exploit them to cause a denial-of-service, to execute code execute code in the scope of the application, or possibly open a root/admin shell to open on the vulnerable system. The...
Vulnerabilities fixed in Microsoft Exchange Server
Vulnerabilities have been fixed in Microsoft Exchange Server. The vulnerabilities allow a malicious party to gain access to sensitive data or obtain elevated privileges. The vulnerability with reference CVE-2022-24477 allows an authenticated malicious person to gain access to mailboxes of other...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Remote code execution Administrator/Ro...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Visual Studio and .NET Core, part of Developer Tools. The vulnerabilities allow a malicious party to gain access to sensitive data and to execute arbitrary code under the privileges of the user. For the vulnerability with attribute CVE-2022-34716 in .N...
Vulnerabilities fixed in Microsoft Edge
Vulnerabilities have been fixed in Microsoft Edge. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code, bypass security measures and/or obtain elevated user privileges. The vulnerabilities marked CVE-2022-33636 and CVE-2022-33649 potentially enable a...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges For ma...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office, Excel, and Outlook. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Microsoft indicates that f...
Vulnerabilities fixed in X.Org Server
Vulnerabilities have been fixed in X.Org Server. A authenticated malicious person can exploit the vulnerabilities to execute arbitrary code. Depending on the permissions under which X.Org Server is running, this allows the malicious party to gain gain root privileges on the vulnerable system. The...
Vulnerabilities fixed in BIG-IP
F5 has fixed vulnerabilities in BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Access to system data Increased user privileges F5 has released...
Vulnerabilities fixed in Cisco WebEx Meetings
Vulnerabilities have been fixed in Cisco WebEx Meetings. The vulnerabilities are located in the Cisco WebEx Meetings Web Interface and allow a remote malicious party to launch a cross-site scripting attack or to inject legitimate-looking iframes inject. Cisco has released updates to fix the...
Vulnerabilities fixed in Red Hat JBoss
Vulnerabilities have been fixed in Red Hat JBoss. The vulnerabilities allow a malicious party to launch attacks that potentially lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Red Hat has released updates to address the...
Vulnerabilities fixed in BMC Track-It!
BMC has fixed vulnerabilities in Track-It! A malicious person could exploit the vulnerabilities to execute arbitrary code under service account privileges or for gaining access to sensitive data. For accomplishing the former does not require authentication. BMC has released updates to fix the...
Vulnerability fixed in DrayTek Vigor routers
Researchers from security firm Trellix have found a vulnerability found in DrayTek Vigor routers. A unauthenticated malicious person with network access to the management interface could exploit the vulnerability to execute arbitrary code. This allows the malicious party to gain control of the...
Vulnerabilities fixed in Fortinet products
Vulnerabilities have been fixed in Fortinet products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to system data Fortinet has release...
Vulnerabilities fixed in Linux kernel
Canonical has fixed vulnerabilities in the Ubuntu Linux kernel. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, cause a denial-of-service or execute arbitrary code. Canonical has made updates available for Ubuntu 20.04 LTS and 22.04 LTS to fix the...
Vulnerability fixed in rsync
A vulnerability has been fixed in rsync. The vulnerability allows a malicious person to overwrite arbitrary files on the victim's system. To exploit this vulnerability exploitation, the victim must connect to a rogue rsync server. The developers of rsync have created a new version to fix the...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system data Google has released...
Vulnerabilities fixed in Synology products
Synology has fixed vulnerabilities in multiple products. The vulnerabilities allow a malicious party to launch attacks the following categories of damage: Manipulation of data Remote code execution Application rights Access to sensitive data Synology rated the vulnerability with attribute...
Vulnerabilities fixed in VMware products
VMware has fixed several vulnerabilities in VMware Workspace ONE Access, Identity Manager, vRealize Automation and underlying tools. An unauthenticated malicious person could potentially exploit them to cause the following categories of damage: Cross-Site Scripting XSS. Circumvention of...
Vulnerabilities fixed in Android
Google has fixed vulnerabilities in Android. Samsung has fixed these vulnerabilities fixed in Samsung Mobile. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights...