4209 matches found
Vulnerabilities fixed in Android
Google has fixed vulnerabilities in Android. Samsung has fixed these vulnerabilities fixed in Samsung Mobile. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights...
Vulnerability fixed in SonicWall Hosted Email Security
SonicWall has fixed a vulnerability in Hosted Email Security. An unauthenticated malicious person could exploit it to bypass the Capture ATP service, thereby bypass the functionality of the product. SonicWall has released updates to fix the vulnerability in Hosted Email Security 10.0.18.7423. For...
Vulnerabilities fixed in Foxit Reader and Foxit PDF Editor
Foxit has fixed vulnerabilities in Foxit Reader and PDF Editor formerly PhantomPDF. A malicious party could exploit them to cause a denial-of-service, to obtain obtain sensitive data, or to execute arbitrary code execute arbitrary code in the scope of the application. Foxit has released updates t...
Vulnerabilities fixed in Zimbra Collaboration
Vulnerabilities have been fixed in Zimbra Collaboration ZCS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication Remote code execution User...
Vulnerabilities fixed in IBM AIX
Vulnerabilities have been fixed in IBM AIX and VIOS. These vulnerabilities, in the Expat and BIND components, allow a malicious party to carry out attacks that result in the following categories of damage: Remote code execution User Rights Denial-of-Service DoS. Manipulation of data For these...
Vulnerabilities fixed in Veritas NetBackup Primary and Media Server
Veritas has fixed vulnerabilities in NetBackup Primary and Media Server. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to sensitive...
Vulnerability fixed in Citrix ADC and Citrix Gateway
A vulnerability has been fixed in Citrix ADC and Citrix Gateway. The vulnerability allows a remote malicious party to redirect a potential victim via the Citrix application to be redirected to a malicious website, allowing the application, for example, to be abused in phishing attacks. By using t...
Vulnerabilities fixed in Emerson DeltaV
Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the vulnerabilities to execute arbitrary code and manipulating...
Vulnerability fixed in Synology DiskStation Manager
Synology has fixed a vulnerability in Diskstation Manager. The vulnerability is located in the webapi component of DiskStation Manager. An authenticated malicious party can perform a path traversal attack that results in the following categories of damage: Denial-of-Service DoS. Manipulation of...
Vulnerabilities fixed in Samba
The developers of Samba have fixed several vulnerabilities in Samba. A malicious party could potentially exploit them to reset passwords outside of established processes, access system data or possibly execute commands within the scope of the Samba server. To be abused, the malicious party must...
Vulnerabilities fixed in LibreOffice
The Document Foundation has fixed three vulnerabilities in LibreOffice. An unauthenticated remote malicious person could potentially exploit the vulnerabilities potentially exploit them to execute arbitrary macro code in the user's context, or to gain access to user passwords in the local passwor...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been found in OpenShift Container Platform. The private key for an external cluster certificate is stored in an insecure manner in the oauth-serving-cert ConfigMaps and therefore available to any OpenShift user or service account. A malicious can obtain this private key and...
Vulnerability fixed in Xen
A vulnerability has been fixed in Xen. The vulnerability allows a malicious party to cause a denial-of-service. Within Shadow Mode, a TLB flush is performed incorrectly potentially causing the host system to run out of memory memory. Only x86 PV guest systems can trigger this vulnerability trigge...
Vulnerabilities fixed in IBM QRadar SIEM
Vulnerabilities have been fixed in IBM QRadar SIEM. A remote malicious party could, by misusing the Apache Commons Email component to obtain sensitive information or manipulate user data in SMTP headers. IBM has released updates to fix the vulnerabilities in QRadar. For more information, see:...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed several vulnerabilities in Firefox and Firefox ESR. A malicious party could potentially exploit the vulnerabilities to collect system data or cause a denial-of-service by using up system resources. The vulnerabilities with reference CVE-2022-2505 and CVE-2022-36320 are rated...
Vulnerabilities fixed in Google Chrome
Several vulnerabilities have been fixed in Google Chrome. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code within the context of the browser, or to gain access to sensitive data within the context of the browser. To do this, the malicious party must entice...
Vulnerabilities fixed in IBM Rational ClearCase
IBM has fixed several vulnerabilities. The vulnerabilities are in the Java components of IBM Rational ClearCase. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or obtain obtain sensitive information. IBM has made...
Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor
Vulnerabilities have been fixed in the PDF Reader and PDF Editor from Foxit. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data This...
Vulnerabilities fixed in Scooter Software Beyond Compare
Vulnerabilities have been fixed in Scooter Software Beyond Compare. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code under the SYSTEM user's privileges and the obtain elevated user privileges. For the vulnerability with attribute CVE-2022-36414, it is only...
Vulnerability fixed in SonicWall GMS and Analytics
A vulnerability has been fixed in SonicWall GMS and Analytics. The vulnerability allows an unauthenticated remote malicious person able to perform an SQL injection attack under the privileges of the application. To exploit the vulnerability, the malicious party must have access to the management...
Vulnerabilities fixed in Cisco Nexus Dashboard
Vulnerabilities have been fixed in Cisco Nexus Dashboard. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root permissions. Cross-Site Scripting XSS. Access to sensitive data...
Vulnerabilities fixed in Drupal
Drupal developers have fixed multiple vulnerabilities in Drupal core. The vulnerabilities can lead to the following categories of damage: Remote code execution Administrator/Root permissions. Access to sensitive data Increased user privileges Cross-Site Scripting XSS The vulnerability with...
Vulnerability fixed in Confluence
A vulnerability has been fixed in Questions for Confluence, a plug-in for Confluence. An unauthenticated outside malicious person could exploit the exploit the vulnerability to see all pages of information that are visible to users within the Confluence Users user group. This is because of the us...
Vulnerabilities fixed in iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Circumvention of security measure. Remote code execution...
Vulnerabilities fixed in Apple macOS
Apple has fixed multiple vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Kernel/Root...
Vulnerabilities fixed in Apple Safari
Apple has fixed several vulnerabilities in Safari. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. However, the malicious party must trick the victim int...
Vulnerability fixed in Oracle Siebel CRM
Oracle has fixed a vulnerability in Siebel CRM. The vulnerability allows an unauthenticated malicious person within a local network to perform a denial-of-service DoS. execute. It is good practice not to have such products publicly to be publicly accessible...
Vulnerabilities fixed in Oracle Virtualbox
Oracle has fixed vulnerabilities in Virtualbox. The vulnerabilities allow an authenticated malicious person to to execute attacks that can result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights An...
Vulnerabilities fixed in Oracle Supply Chain products
Oracle has fixed vulnerabilities in several products belonging to the Oracle Supply Chain Suite: Agile Engineering Data Management Agile PLM Agile Product Lifecycle Management for Process Autovue for Agile Product Lifecycle Management Product Lifecycle Analytics Transportation Management A...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in the following E-Business Suite applications: - Oracle Workflow - Oracle E-Business Suite Information Discovery - Oracle iReceivables - Oracle iRecruitment - Oracle Applications Framework - Oracle User Management The vulnerabilities potentially enable a maliciou...
Vulnerabilities fixed in Oracle Primavera
Oracle has fixed vulnerabilities in the following products: Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera Unifier The vulnerabilities potentially enable a malicious party to execute attacks that lead to denial-of-service DoS. An overview of all fixed...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Fusion Middleware products: BI Publisher Business Intelligence Enterprise Edition Coherence Global Lifecycle Management NextGen OUI Framework HTTP Server Managed File Transfer Middleware Common Libraries and Tools Security Service SOA Suite...
Vulnerability fixed in Oracle Essbase
Oracle has fixed a vulnerability in Essbase Server. The vulnerability potentially allows a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Accessing sensitive data...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in the following Java SE products: GraalVM Enterprise Edition Java SE The vulnerabilities potentially enable a malicious party to execute attacks that lead to data manipulation and access to sensitive data. With the exception of CVE-2022-25647, all vulnerabilities...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in several MySQL products: Enterprise Manager Base Platform Oracle Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for MySQL Database A malicious party can exploit the vulnerabilities to cause the following categories of damage: The...
Vulnerabilities fixed in Oracle Communications Applications
Oracle has fixed vulnerabilities in the following products: Communications ASAP Communications Billing and Revenue Management Communications BRM - Elastic Charging Engine Communications Design Studio Communications Instant Messaging Server Communications Offline Mediation Controller Communication...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in the following Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager Ops Center Oracle Application Testing Suite Enterprise Manager for MySQL Database The vulnerabilities potentially enable a malicious party to execute attacks that...
Vulnerabilities fixed in Oracle JD Edwards products
Oracle has fixed vulnerabilities in the following JD Edwards products: EnterpriseOne Orchestrator EnterpriseOne Tools A malicious party can exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in Solaris and ZFS Storage Appliance. A malicious party can exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Access to sensitive data Remote code execution Administrator/Root privileges An overview of all fixed...
Vulnerabilities fixed in Zyxel products
Zyxel has fixed several vulnerabilities in a number of products, including USG and ATP firewalls. A malicious party could vulnerabilities potentially exploit them to obtain higher permissions or obtain sensitive information through a path traversal. To exploit the vulnerabilities, the malicious...
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in the following Financial Services products: Oracle Banking Branch Oracle Banking Cash Management Oracle Banking Corporate Lending Process Management Oracle Banking Credit Facilities Process Management Oracle Banking Deposits and Lines of Credit Servicing Oracle...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed vulnerabilities in the following products: Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Console Communications Cloud Native Core Network Exposure Function Communications Cloud Native Core Network Function Cloud Native Environment...
Vulnerabilities fixed in Oracle Peoplesoft
Oracle has fixed vulnerabilities in Peoplesoft. A malicious party can exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data The vulnerability with CVE attribute CVE-2022-21543 ha...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following products: Oracle Database Server Oracle Database - Enterprise Edition RDBMS Security. Oracle Spatial and Graph Oracle Universal Installer Oracle Application Express Oracle SQLcl The vulnerabilities potentially enable a malicious party to perform...
Vulnerabilities fixed in Juniper products
Juniper has fixed vulnerabilities in several products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in Juniper Junos Space
Vulnerabilities have been fixed in Junos Space Platform. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Accessing syste...
Vulnerabilities fixed in IBM Db2
IBM has released updates to fix vulnerabilities in DB2. With the exception of CVE-2022-22389, the vulnerabilities are located in the third-party component Expat. The vulnerabilities allow a malicious party to cause a Denial-of-Service or execute arbitrary code with the privileges of the...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Bypassing security measure SQL...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Acrobat, Acrobat Reader, Photoshop and RoboHelp. The vulnerabilities allow a malicious able to execute arbitrary code within the context of the user, or gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. For more information,...
Vulnerabilities fixed in VMWare products
Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Access to system data A malicious person with administrator access to a...