Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. The vulnerability is located in the cvrehash script and is caused by the fact that shell meta-characters being insufficiently removed from user input. removed. On some operating systems, the vulnerable script is is executed automatically. On such systems...

Vulnerabilities fixed in Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...

Vulnerabilities fixed in Splunk products

Vulnerabilities have been fixed in Splunk products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication Bypassing security measure Remote code execution Administrator/Root rights Accessing...

Vulnerabilities fixed in Tenable Nessus Agent

Vulnerabilities have been fixed in Tenable Nessus Agent. The vulnerabilities allow a malicious person with elevated privileges to able to execute arbitrary code under administrator privileges and the read arbitrary files on the underlying system. Tenable has released a new version of Nessus Agent...

Vulnerabilities fixed in Cisco Email Security Appliance, Secure Email and Web Manager

Vulnerabilities have been fixed in Cisco Email Security Appliance and Cisco Secure Email and Web Manager. The vulnerability with reference CVE-2022-20798 allows an unauthenticated remote malicious person able to bypass authentication bypass authentication and thereby log into the Web management...

Vulnerabilities fixed in Citrix Application Delivery Manager (ADM).

Citrix has fixed two vulnerabilities in Application Delivery Manager ADM. A malicious person with access to the management environment can exploit the vulnerabilities to cause a denial-of-service by disabling the License service, or to gain access to a root shell, by forcing a reset on the...

Vulnerabilities fixed in Cisco Identity Services Engine

Vulnerabilities have been fixed in Cisco Identity Services Engine. The vulnerabilities allow a malicious party to access system data or to bypass authentication. Cisco has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2022-20733...

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the application. To do this, the malicious party must entice the victim to open a rogue file. Adobe has released updates to fix the vulnerabilities in...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication...

Vulnerability fixed in Adobe RoboHelp Server

Adobe has fixed a vulnerability in RoboHelp Server. A malicious party, with prior authentication and user authorization, could potentially exploit the vulnerability to grant themselves elevated privileges. The malicious party can through manipulation of API requests, perform actions that are...

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed several vulnerabilities in Illustrator 2021 and 2022. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application, or to gain access to sensitive data. The malicious party must trick the victim into opening a rogue file. Adobe ha...

Vulnerabilities fixed in Adobe Bridge

Adobe has fixed several vulnerabilities in Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application, or to access gain access to sensitive data in the context of the application. To do this, the malicious party must trick the victim...

Vulnerabilities fixed in Intel processors

Vulnerabilities have been fixed in several Intel processors. The vulnerabilities allow a malicious person with local access to the processor to obtain sensitive data or cause a denial-of-service. Intel has released updates to fix the vulnerabilities. More information can be found on the pages...

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in several Microsoft Office products. The table below lists the vulnerabilities that have been fixed by Microsoft with the corresponding CVSSv3 scores. Misuse of the vulnerabilities in SharePoint requires prior authentication. Abuse of the vulnerabilities in Excel...

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure components. A malicious party could exploit the vulnerabilities to obtain elevated privileges, or to gain access to sensitive data in the context of the victim. Microsoft states for several of the vulnerabilities listed below to be in possession ...

Vulnerability fixed in Siemens SCALANCE

A vulnerability has been fixed in Siemens SCALANCE. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. Siemens has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerability fixed in Microsoft Edge

A vulnerability has been fixed in Microsoft Edge. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code. Because it is possible to get out of Edge's sandbox environment, execution of code at the SYSTEM level cannot be ruled out. Abuse requires that the...

Vulnerability fixed in Microsoft SQL Server

A vulnerability has been fixed in Microsoft SQL Server. The vulnerability allows an authenticated malicious person to execute arbitrary code, possibly as a Database Administrator, by executing a specially prepared query via the $ partition on a table where a Column Store index is present. Abuse o...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...

Vulnerabilities fixed in TYPO3

Vulnerabilities have been fixed in TYPO3. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data TYPO3 has released updates to address the...

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in the Xen hypervisor. The vulnerabilities allow a malicious person with access to a guest system to obtain elevated privileges on the host and can thereby compromise the system. Xen has released updates to fix the vulnerabilities. More information can be found on...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person can exploit the vulnerabilities potentially exploit them to execute arbitrary code, cause a denial-of-service or gain access to system data. Google has released updates to fix the vulnerabilities in Chrome...

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Apache has released...

Vulnerabilities fixed in IBM Cognos Command Center

Several vulnerabilities have been fixed in IBM Cognos Command Center. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing Access to sensitive data Increased user privileg...

Vulnerability fixed in SonicWall SMA100 series

A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code under root privileges or cause a denial-of-service attack. To exploit the vulnerability the malicious party must have access to the...

Vulnerability fixed in Fortinet products

Vulnerabilities have been fixed in several products from Fortinet. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution...

Vulnerabilities fixed in IBM QRadar SIEM

Vulnerabilities have been fixed in IBM QRadar SIEM. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To do this, the malicious party must trick a trick a user into using a specially preloaded archive file 7z, tar or zip to process from QRadar. I...

Vulnerabilities fixed in Google Android and Samsung Mobile (Android)

Google has fixed several vulnerabilities in Android. In addition to the vulnerabilities fixed by Google, Samsung has also fixed 21 additional vulnerabilities fixed specifically for Samsung Mobile hardware. A malicious party could potentially exploit them to cause the following categories of damag...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Bypassing security measure Accessing system data GitLab has released updates t...

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. Credentials of users are printed in readable text in the IBM Spectrum Protect Plus virgo log file. IBM has released updates to fix the vulnerabilities in Spectrum Protect Plus 10.1.0.0-10.1.9.32. For more information, see:...

Vulnerability in CakePHP fixed

In CakePHP version 3.10.4, an encryption issue of CsrfProtectionMiddleware has been fixed. In 3.10.3, verified tokens were generated using random bytes and would often not match when they were rendered in HTML. No CVE number was issued for this vulnerability. CakePHP's developers have issued...

0Day vulnerability discovered in Atlassian Confluence

A 0Day vulnerability has been discovered in Atlassian Confluence Server and Confluence Datacenter. An unauthenticated malicious party can exploit the vulnerability to execute arbitrary code with application privileges and thus also gain access to sensitive data within the scope of the affected...

Vulnerabilities fixed in HPE ProLiant Intel BIOS

Vulnerabilities have been fixed in the Intel BIOS of HPE ProLiant DX servers. The vulnerabilities in DX Gen 10 servers with features DX170r, DX190r, DX360, DX380, DX560 and DX4200 allow a local malicious person able to obtain sensitive information or increase privileges. HPE has made updates...

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in Red Hat OpenShift Serverless Operator and Operator. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure The vulnerabilities are locate...

Vulnerabilities fixed in IBM QRadar SIEM

Vulnerabilities have been fixed in the IBM QRadar Data Synchronization App for IBM QRadar SIEM. The vulnerabilities are are in underlying software and libraries, such as Node.js and SQLite. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the...

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Multiple vulnerabilities have been fixed in the Red Hat OpenShift Container Platform. These vulnerabilities allow an attacker to able to perform a Cross-Site Scripting XSS attack on the subversion plugin of Jenkins or a denial-of-service DoS in GoLang. Red Hat has made updates available for Red H...

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. These vulnerabilities allow a remote attacker to impersonate impersonate someone else or break outside the sandbox and thereby increase privileges. This requires a user to respond to a link from the attacker. Microsoft has made update version...

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights Spoofing...

Vulnerabilities fixed in IBM Tivoli Monitoring

Multiple vulnerabilities have been fixed in the WebSphere Application Server component of IBM Tivoli Monitoring. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution User Rights Denial-of-Service DoS...

Vulnerabilities fixed in IBM SPSS

Several vulnerabilities have been fixed in Spring Framework version 5.3.20 as part of IBM SPSS Collaboration and Deployment Services. The vulnerabilities can be exploited by a malicious be exploited to execute arbitrary code and/or to cause a denial-of-service DoS exploit. These vulnerabilities...

Vulnerabilities fixed in Ruby on Rails

Vulnerabilities have been fixed in Ruby on Rails. These vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code or potentially cause a denial-of-service when the package rack is in use for parsing and middleware. Updates have been made available for rack to addres...

Zero-day vulnerability discovered in Microsoft Word

A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...

Vulnerabilities fixed in Trend Micro Apex One

Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to increase its permissions and thereby load untrusted files. load. Trend Micro has released updates to fix the vulnerabilities fixes in Apex One. For more information, see:...

Vulnerabilities fixed in Ctrix ADC and Gateway

Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. The vulnerabilities allow a remote malicious party able to effect a denial-of-service DoS. For CVE-2022-27508 does not require authentication, while CVE-2022-27507 does. The CVE-2022-27507 vulnerability is only exploitable when...

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed multiple vulnerabilities in supporting software provided with IBM Spectrum Control, The vulnerabilities are in XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categori...

Vulnerabilities fixed in IBM MQ

IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in gzip, jackson-databind, libssh, gnutls, nettle and zlib and have been previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to gain...

Vulnerabilities fixed in Open Automation Software Platform

Vulnerabilities have been fixed in Open Automation Software Platform. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Accessing...

Vulnerabilities fixed in Zyxel products

Zyxel has fixed several vulnerabilities in a number of products, including USG, NSG and ATP firewalls. A malicious person could potentially exploit the vulnerabilities to execute arbitrary commands, cause a denial-of-service or obtaining sensitive information. To exploit the vulnerabilities, the...

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Google Chrome. A malicious party can exploit the vulnerabilities to cause the following categories of damage: Bypassing security measure. Remote code execution User rights Accessing sensitive data Google gives the vulnerability with attribute...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed two vulnerabilities in Firefox and Thunderbird. A malicious party could potentially exploit them to execute arbitrary javascript code outside the context of the browser, potentially gaining access to sensitive data. Mozilla has released updates to fix the vulnerabilities in...