Vulnerabilities fixed in Microsoft Exchange Server

Vulnerabilities have been fixed in Microsoft Exchange Server. The vulnerabilities allow a malicious party to gain access to sensitive data or obtain elevated privileges. The vulnerability with reference CVE-2022-24477 allows an authenticated malicious person to gain access to mailboxes of other...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office, Excel, and Outlook. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Microsoft indicates that f...

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Visual Studio and .NET Core, part of Developer Tools. The vulnerabilities allow a malicious party to gain access to sensitive data and to execute arbitrary code under the privileges of the user. For the vulnerability with attribute CVE-2022-34716 in .N...

Vulnerabilities discovered in Siemens products

Vulnerabilities have been discovered in several Siemens industrial products. A malicious party could potentially exploit them to cause a denial-of-service, to execute code execute code in the scope of the application, or possibly open a root/admin shell to open on the vulnerable system. The...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Remote code execution Administrator/Ro...

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code, bypass security measures and/or obtain elevated user privileges. The vulnerabilities marked CVE-2022-33636 and CVE-2022-33649 potentially enable a...

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges For ma...

Vulnerabilities fixed in X.Org Server

Vulnerabilities have been fixed in X.Org Server. A authenticated malicious person can exploit the vulnerabilities to execute arbitrary code. Depending on the permissions under which X.Org Server is running, this allows the malicious party to gain gain root privileges on the vulnerable system. The...

Vulnerability fixed in DrayTek Vigor routers

Researchers from security firm Trellix have found a vulnerability found in DrayTek Vigor routers. A unauthenticated malicious person with network access to the management interface could exploit the vulnerability to execute arbitrary code. This allows the malicious party to gain control of the...

Vulnerabilities fixed in Red Hat JBoss

Vulnerabilities have been fixed in Red Hat JBoss. The vulnerabilities allow a malicious party to launch attacks that potentially lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Red Hat has released updates to address the...

Vulnerabilities fixed in Cisco WebEx Meetings

Vulnerabilities have been fixed in Cisco WebEx Meetings. The vulnerabilities are located in the Cisco WebEx Meetings Web Interface and allow a remote malicious party to launch a cross-site scripting attack or to inject legitimate-looking iframes inject. Cisco has released updates to fix the...

Vulnerabilities fixed in BMC Track-It!

BMC has fixed vulnerabilities in Track-It! A malicious person could exploit the vulnerabilities to execute arbitrary code under service account privileges or for gaining access to sensitive data. For accomplishing the former does not require authentication. BMC has released updates to fix the...

Vulnerabilities fixed in BIG-IP

F5 has fixed vulnerabilities in BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Access to system data Increased user privileges F5 has released...

Vulnerabilities fixed in Fortinet products

Vulnerabilities have been fixed in Fortinet products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to system data Fortinet has release...

Vulnerabilities fixed in VMware products

VMware has fixed several vulnerabilities in VMware Workspace ONE Access, Identity Manager, vRealize Automation and underlying tools. An unauthenticated malicious person could potentially exploit them to cause the following categories of damage: Cross-Site Scripting XSS. Circumvention of...

Vulnerabilities fixed in Synology products

Synology has fixed vulnerabilities in multiple products. The vulnerabilities allow a malicious party to launch attacks the following categories of damage: Manipulation of data Remote code execution Application rights Access to sensitive data Synology rated the vulnerability with attribute...

Vulnerabilities fixed in Linux kernel

Canonical has fixed vulnerabilities in the Ubuntu Linux kernel. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, cause a denial-of-service or execute arbitrary code. Canonical has made updates available for Ubuntu 20.04 LTS and 22.04 LTS to fix the...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system data Google has released...

Vulnerability fixed in rsync

A vulnerability has been fixed in rsync. The vulnerability allows a malicious person to overwrite arbitrary files on the victim's system. To exploit this vulnerability exploitation, the victim must connect to a rogue rsync server. The developers of rsync have created a new version to fix the...

Vulnerabilities fixed in Android

Google has fixed vulnerabilities in Android. Samsung has fixed these vulnerabilities fixed in Samsung Mobile. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights...

Vulnerabilities fixed in Net-SNMP

Vulnerabilities have been fixed in Net-SNMP. The vulnerabilities allow an authenticated malicious party to cause a denial-of-service or potentially execute arbitrary code execute arbitrary code with the privileges under which Net-SNMP is running. This requires malicious network traffic must be se...

Vulnerability fixed in SonicWall Hosted Email Security

SonicWall has fixed a vulnerability in Hosted Email Security. An unauthenticated malicious person could exploit it to bypass the Capture ATP service, thereby bypass the functionality of the product. SonicWall has released updates to fix the vulnerability in Hosted Email Security 10.0.18.7423. For...

Vulnerabilities fixed in Foxit Reader and Foxit PDF Editor

Foxit has fixed vulnerabilities in Foxit Reader and PDF Editor formerly PhantomPDF. A malicious party could exploit them to cause a denial-of-service, to obtain obtain sensitive data, or to execute arbitrary code execute arbitrary code in the scope of the application. Foxit has released updates t...

Vulnerabilities fixed in IBM AIX

Vulnerabilities have been fixed in IBM AIX and VIOS. These vulnerabilities, in the Expat and BIND components, allow a malicious party to carry out attacks that result in the following categories of damage: Remote code execution User Rights Denial-of-Service DoS. Manipulation of data For these...

Vulnerabilities fixed in Zimbra Collaboration

Vulnerabilities have been fixed in Zimbra Collaboration ZCS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication Remote code execution User...

Vulnerabilities fixed in Veritas NetBackup Primary and Media Server

Veritas has fixed vulnerabilities in NetBackup Primary and Media Server. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to sensitive...

Vulnerability fixed in Red Hat OpenShift Container Platform

A vulnerability has been found in OpenShift Container Platform. The private key for an external cluster certificate is stored in an insecure manner in the oauth-serving-cert ConfigMaps and therefore available to any OpenShift user or service account. A malicious can obtain this private key and...

Vulnerabilities fixed in Emerson DeltaV

Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the vulnerabilities to execute arbitrary code and manipulating...

Vulnerability fixed in Citrix ADC and Citrix Gateway

A vulnerability has been fixed in Citrix ADC and Citrix Gateway. The vulnerability allows a remote malicious party to redirect a potential victim via the Citrix application to be redirected to a malicious website, allowing the application, for example, to be abused in phishing attacks. By using t...

Vulnerability fixed in Xen

A vulnerability has been fixed in Xen. The vulnerability allows a malicious party to cause a denial-of-service. Within Shadow Mode, a TLB flush is performed incorrectly potentially causing the host system to run out of memory memory. Only x86 PV guest systems can trigger this vulnerability trigge...

Vulnerabilities fixed in Samba

The developers of Samba have fixed several vulnerabilities in Samba. A malicious party could potentially exploit them to reset passwords outside of established processes, access system data or possibly execute commands within the scope of the Samba server. To be abused, the malicious party must...

Vulnerabilities fixed in LibreOffice

The Document Foundation has fixed three vulnerabilities in LibreOffice. An unauthenticated remote malicious person could potentially exploit the vulnerabilities potentially exploit them to execute arbitrary macro code in the user's context, or to gain access to user passwords in the local passwor...

Vulnerabilities fixed in IBM QRadar SIEM

Vulnerabilities have been fixed in IBM QRadar SIEM. A remote malicious party could, by misusing the Apache Commons Email component to obtain sensitive information or manipulate user data in SMTP headers. IBM has released updates to fix the vulnerabilities in QRadar. For more information, see:...

Vulnerability fixed in Synology DiskStation Manager

Synology has fixed a vulnerability in Diskstation Manager. The vulnerability is located in the webapi component of DiskStation Manager. An authenticated malicious party can perform a path traversal attack that results in the following categories of damage: Denial-of-Service DoS. Manipulation of...

Vulnerabilities fixed in Mozilla Firefox and Firefox ESR

Mozilla has fixed several vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to collect system data or cause a denial-of-service by using up system resources. The vulnerabilities with reference CVE-2022-2505 and CVE-2022-36320 are rated...

Vulnerabilities fixed in IBM Rational ClearCase

IBM has fixed several vulnerabilities. The vulnerabilities are in the Java components of IBM Rational ClearCase. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or obtain obtain sensitive information. IBM has made...

Vulnerabilities fixed in Google Chrome

Several vulnerabilities have been fixed in Google Chrome. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code within the context of the browser, or to gain access to sensitive data within the context of the browser. To do this, the malicious party must entice...

Vulnerabilities fixed in Scooter Software Beyond Compare

Vulnerabilities have been fixed in Scooter Software Beyond Compare. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code under the SYSTEM user's privileges and the obtain elevated user privileges. For the vulnerability with attribute CVE-2022-36414, it is only...

Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor

Vulnerabilities have been fixed in the PDF Reader and PDF Editor from Foxit. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data This...

Vulnerability fixed in SonicWall GMS and Analytics

A vulnerability has been fixed in SonicWall GMS and Analytics. The vulnerability allows an unauthenticated remote malicious person able to perform an SQL injection attack under the privileges of the application. To exploit the vulnerability, the malicious party must have access to the management...

Vulnerabilities fixed in Cisco Nexus Dashboard

Vulnerabilities have been fixed in Cisco Nexus Dashboard. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root permissions. Cross-Site Scripting XSS. Access to sensitive data...

Vulnerability fixed in Confluence

A vulnerability has been fixed in Questions for Confluence, a plug-in for Confluence. An unauthenticated outside malicious person could exploit the exploit the vulnerability to see all pages of information that are visible to users within the Confluence Users user group. This is because of the us...

Vulnerabilities fixed in Apple Safari

Apple has fixed several vulnerabilities in Safari. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. However, the malicious party must trick the victim int...

Vulnerabilities fixed in Drupal

Drupal developers have fixed multiple vulnerabilities in Drupal core. The vulnerabilities can lead to the following categories of damage: Remote code execution Administrator/Root permissions. Access to sensitive data Increased user privileges Cross-Site Scripting XSS The vulnerability with...

Vulnerabilities fixed in Apple macOS

Apple has fixed multiple vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Kernel/Root...

Vulnerabilities fixed in iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Circumvention of security measure. Remote code execution...

Vulnerabilities fixed in Oracle JD Edwards products

Oracle has fixed vulnerabilities in the following JD Edwards products: EnterpriseOne Orchestrator EnterpriseOne Tools A malicious party can exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...

Vulnerabilities fixed in Oracle Systems

Oracle has fixed vulnerabilities in Solaris and ZFS Storage Appliance. A malicious party can exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Access to sensitive data Remote code execution Administrator/Root privileges An overview of all fixed...

Vulnerabilities fixed in Oracle Financial Services Applications

Oracle has fixed vulnerabilities in the following Financial Services products: Oracle Banking Branch Oracle Banking Cash Management Oracle Banking Corporate Lending Process Management Oracle Banking Credit Facilities Process Management Oracle Banking Deposits and Lines of Credit Servicing Oracle...

Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in the following Java SE products: GraalVM Enterprise Edition Java SE The vulnerabilities potentially enable a malicious party to execute attacks that lead to data manipulation and access to sensitive data. With the exception of CVE-2022-25647, all vulnerabilities...