4179 matches found
Vulnerability fixed in Oracle Siebel CRM
Oracle has fixed a vulnerability in Siebel CRM. The vulnerability allows an unauthenticated malicious person within a local network to perform a denial-of-service DoS. execute. It is good practice not to have such products publicly to be publicly accessible...
Vulnerability fixed in Oracle Essbase
Oracle has fixed a vulnerability in Essbase Server. The vulnerability potentially allows a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Accessing sensitive data...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in the following E-Business Suite applications: - Oracle Workflow - Oracle E-Business Suite Information Discovery - Oracle iReceivables - Oracle iRecruitment - Oracle Applications Framework - Oracle User Management The vulnerabilities potentially enable a maliciou...
Vulnerabilities fixed in Oracle Virtualbox
Oracle has fixed vulnerabilities in Virtualbox. The vulnerabilities allow an authenticated malicious person to to execute attacks that can result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights An...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in the following Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager Ops Center Oracle Application Testing Suite Enterprise Manager for MySQL Database The vulnerabilities potentially enable a malicious party to execute attacks that...
Vulnerabilities fixed in Oracle Supply Chain products
Oracle has fixed vulnerabilities in several products belonging to the Oracle Supply Chain Suite: Agile Engineering Data Management Agile PLM Agile Product Lifecycle Management for Process Autovue for Agile Product Lifecycle Management Product Lifecycle Analytics Transportation Management A...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following products: Oracle Database Server Oracle Database - Enterprise Edition RDBMS Security. Oracle Spatial and Graph Oracle Universal Installer Oracle Application Express Oracle SQLcl The vulnerabilities potentially enable a malicious party to perform...
Vulnerabilities fixed in Oracle Peoplesoft
Oracle has fixed vulnerabilities in Peoplesoft. A malicious party can exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data The vulnerability with CVE attribute CVE-2022-21543 ha...
Vulnerabilities fixed in Zyxel products
Zyxel has fixed several vulnerabilities in a number of products, including USG and ATP firewalls. A malicious party could vulnerabilities potentially exploit them to obtain higher permissions or obtain sensitive information through a path traversal. To exploit the vulnerabilities, the malicious...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed vulnerabilities in the following products: Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Console Communications Cloud Native Core Network Exposure Function Communications Cloud Native Core Network Function Cloud Native Environment...
Vulnerabilities fixed in Oracle Primavera
Oracle has fixed vulnerabilities in the following products: Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera Unifier The vulnerabilities potentially enable a malicious party to execute attacks that lead to denial-of-service DoS. An overview of all fixed...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in several MySQL products: Enterprise Manager Base Platform Oracle Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for MySQL Database A malicious party can exploit the vulnerabilities to cause the following categories of damage: The...
Vulnerabilities fixed in Oracle Communications Applications
Oracle has fixed vulnerabilities in the following products: Communications ASAP Communications Billing and Revenue Management Communications BRM - Elastic Charging Engine Communications Design Studio Communications Instant Messaging Server Communications Offline Mediation Controller Communication...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Fusion Middleware products: BI Publisher Business Intelligence Enterprise Edition Coherence Global Lifecycle Management NextGen OUI Framework HTTP Server Managed File Transfer Middleware Common Libraries and Tools Security Service SOA Suite...
Vulnerabilities fixed in Juniper products
Juniper has fixed vulnerabilities in several products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in Juniper Junos Space
Vulnerabilities have been fixed in Junos Space Platform. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Accessing syste...
Vulnerabilities fixed in IBM Db2
IBM has released updates to fix vulnerabilities in DB2. With the exception of CVE-2022-22389, the vulnerabilities are located in the third-party component Expat. The vulnerabilities allow a malicious party to cause a Denial-of-Service or execute arbitrary code with the privileges of the...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Bypassing security measure SQL...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Acrobat, Acrobat Reader, Photoshop and RoboHelp. The vulnerabilities allow a malicious able to execute arbitrary code within the context of the user, or gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. For more information,...
Vulnerabilities fixed in Citrix Hypervisor
Vulnerabilities have been fixed in Citrix Hypervisor and Citrix XenServer. The vulnerabilities potentially enable a malicious party to able to derive memory content from another virtual machine. These vulnerabilities are only present when the vulnerable products are used on AMD Zen 1 or AMD Zen 2...
Vulnerabilities fixed in VMWare products
Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Access to system data A malicious person with administrator access to a...
Vulnerabilities fixed in Microsoft Office, Skype and Lync
Microsoft has fixed vulnerabilities in Microsoft Office, Skype and Lync. A malicious party could potentially exploit the vulnerabilities to bypass a security measure or execute arbitrary code. Skype for Business and Microsoft Lync: |----------------|------|-------------------------------------| |...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Circumvention of security measure...
Vulnerabilities fixed in Microsoft Azure Site Recovery and Azure Storage Library
Vulnerabilities have been fixed in Azure Storage Library and Azure Site Recovery. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Fixed vulnerabilities in IBM MQ (Operator and Queue manager)
IBM has fixed multiple vulnerabilities in supporting software provided with IBM MQ Operator and Queue manager. The vulnerabilities are in the Golang software provided. A malicious party could potentially exploit the vulnerabilities to obtain increased user privileges, sensitive data and/or...
Vulnerability fixed in rsyslog
The developers of rsyslog have fixed a vulnerability in rsyslog. A malicious party could exploit the vulnerability to cause a denial-of-service, or to potentially manipulate data manipulate and thus potentially inject false information into the central syslog environment. The developers do not ru...
Vulnerabilities fixed in Bently Nevada systems
Bently Nevada has fixed two vulnerabilities in its ADAPT 3701/x series monitoring systems. A malicious person with access to the infrastructure could exploit the vulnerabilities to execute arbitrary code on the systems, cause a denial-of-service, or to gain access to system data and potentially...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. In addition to the vulnerabilities fixed by Google fixed vulnerabilities, Samsung itself has fixed 41 other vulnerabilities fixed in Samsung Mobile. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the followi...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution Use...
Vulnerabilities fixed in IBM Tivoli Netcool Impact
Vulnerabilities have been fixed in IBM Tivoli Netcool Impact. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in several products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Administrator/Root rights Increased us...
Vulnerabilities fixed in Red Hat Satellite
Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User Rights Access to...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, or execute code in the scope of the application. Google indicates that the vulnerability with attribute CVE-2022-2294 has been has had limited active...
Vulnerability found in OpenSSL
A vulnerability has been found in OpenSSL 3.0.4. A malicious party can exploit the vulnerability to cause of a denial-of-service DoS. The extent of this DoS can vary from one application. Although it is reported that the vulnerability also provides the ability to execute arbitrary code execute...
Vulnerabilities fixed in GitLab CE and EE
Vulnerabilities have been fixed in GitLab Enterprise Edition EE and Community Edition CE. The vulnerabilities can be exploited by a malicious party to gain access to sensitive data, manipulate data without being authorized to do so be authorized, to perform a Cross-Site-Scripting XSS attack or to...
Vulnerabilities fixed in Elastic Kibana and Elastic Endpoint Security
Elastic has fixed vulnerabilities in Kibana and Endpoint Security for Windows. An authenticated malicious party could potentially exploit the vulnerabilities potentially exploit them to perform a cross-site scripting attack or to obtain elevated permissions. Elastic has released updates to fix th...
Vulnerability fixed in ManageEngine ADAudit Plus
ManageEngine has fixed a vulnerability in ADAudit Plus. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code on the system on which ADAudit Plus is installed. Horizon researchers have published a write-up and proof-of-concept code published. They indicate...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in Jira. A authenticated malicious person could exploit the vulnerability to execute a server-side request-forgery attack. This enables the malicious party to gain access to sensitive data or information about the system. The vulnerability is located in a plug-...
Vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed vulnerabilities in several components of Spectrum Protect. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox Extended Support Release ESR and Thunderbird. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL. A malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data by performing a man-in-the-middle attack. Project CURL has released updates to address the vulnerabilities fixes in cURL 7.84.0...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2. The vulnerability allows a malicious person to gain access to sensitive data. IBM has released updates to fix the vulnerability in Db2. For more information, see: https://www.ibm.com/support/pages/node/6597993...
Malleability remedied in Salt
Salt Project has fixed a vulnerability in Salt. A malicious person who has a locked user account can still perform actions under privileges of this account. Systems are vulnerable only when PAM authentication is used. Salt Project has released updates to fix the vulnerability fix in Salt 3002.9,...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a remote malicious person to launch a Cross-site Scripting attack. Jenkins has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in TheHive and Cortex
A vulnerability has been fixed in TheHive and Cortex. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication by providing an existing username but not including a password. send. This vulnerability is only exploitable if TheHive and Cortex use an AD to...
Vulnerabilities fixed in IBM Cognos
IBM has fixed vulnerabilities in Cognos. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Circumvention of security measure. Remote code execution Administrator/Root rights...
Vulnerability fixed in RealVNC VNC Server
RealVNC has fixed a vulnerability in VNC Server for Windows. A local, authenticated malicious party can exploit the exploit the vulnerability to obtain elevated privileges on the system on which VNC Server is installed. The vulnerability is caused by an installation file executing files in %TEMP%...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions and bypass a security measure to bypass. As usual, Google has made few substantive details made available about the...
Vulnerabilities fixed in Dell SupportAssistant
Vulnerabilities have been fixed in Dell SupportAssist. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Remote code execution User Rights Access to system data Increased...