4209 matches found
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Acrobat, Acrobat Reader, Photoshop and RoboHelp. The vulnerabilities allow a malicious able to execute arbitrary code within the context of the user, or gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. For more information,...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerabilities fixed in Microsoft Office, Skype and Lync
Microsoft has fixed vulnerabilities in Microsoft Office, Skype and Lync. A malicious party could potentially exploit the vulnerabilities to bypass a security measure or execute arbitrary code. Skype for Business and Microsoft Lync: |----------------|------|-------------------------------------| |...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Circumvention of security measure...
Vulnerabilities fixed in Microsoft Azure Site Recovery and Azure Storage Library
Vulnerabilities have been fixed in Azure Storage Library and Azure Site Recovery. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Fixed vulnerabilities in IBM MQ (Operator and Queue manager)
IBM has fixed multiple vulnerabilities in supporting software provided with IBM MQ Operator and Queue manager. The vulnerabilities are in the Golang software provided. A malicious party could potentially exploit the vulnerabilities to obtain increased user privileges, sensitive data and/or...
Vulnerability fixed in rsyslog
The developers of rsyslog have fixed a vulnerability in rsyslog. A malicious party could exploit the vulnerability to cause a denial-of-service, or to potentially manipulate data manipulate and thus potentially inject false information into the central syslog environment. The developers do not ru...
Vulnerabilities fixed in Bently Nevada systems
Bently Nevada has fixed two vulnerabilities in its ADAPT 3701/x series monitoring systems. A malicious person with access to the infrastructure could exploit the vulnerabilities to execute arbitrary code on the systems, cause a denial-of-service, or to gain access to system data and potentially...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution Use...
Vulnerabilities fixed in IBM Tivoli Netcool Impact
Vulnerabilities have been fixed in IBM Tivoli Netcool Impact. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. In addition to the vulnerabilities fixed by Google fixed vulnerabilities, Samsung itself has fixed 41 other vulnerabilities fixed in Samsung Mobile. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the followi...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in several products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Administrator/Root rights Increased us...
Vulnerabilities fixed in Red Hat Satellite
Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User Rights Access to...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, or execute code in the scope of the application. Google indicates that the vulnerability with attribute CVE-2022-2294 has been has had limited active...
Vulnerability found in OpenSSL
A vulnerability has been found in OpenSSL 3.0.4. A malicious party can exploit the vulnerability to cause of a denial-of-service DoS. The extent of this DoS can vary from one application. Although it is reported that the vulnerability also provides the ability to execute arbitrary code execute...
Vulnerabilities fixed in Elastic Kibana and Elastic Endpoint Security
Elastic has fixed vulnerabilities in Kibana and Endpoint Security for Windows. An authenticated malicious party could potentially exploit the vulnerabilities potentially exploit them to perform a cross-site scripting attack or to obtain elevated permissions. Elastic has released updates to fix th...
Vulnerabilities fixed in GitLab CE and EE
Vulnerabilities have been fixed in GitLab Enterprise Edition EE and Community Edition CE. The vulnerabilities can be exploited by a malicious party to gain access to sensitive data, manipulate data without being authorized to do so be authorized, to perform a Cross-Site-Scripting XSS attack or to...
Vulnerability fixed in ManageEngine ADAudit Plus
ManageEngine has fixed a vulnerability in ADAudit Plus. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code on the system on which ADAudit Plus is installed. Horizon researchers have published a write-up and proof-of-concept code published. They indicate...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in Jira. A authenticated malicious person could exploit the vulnerability to execute a server-side request-forgery attack. This enables the malicious party to gain access to sensitive data or information about the system. The vulnerability is located in a plug-...
Vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed vulnerabilities in several components of Spectrum Protect. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox Extended Support Release ESR and Thunderbird. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL. A malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data by performing a man-in-the-middle attack. Project CURL has released updates to address the vulnerabilities fixes in cURL 7.84.0...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2. The vulnerability allows a malicious person to gain access to sensitive data. IBM has released updates to fix the vulnerability in Db2. For more information, see: https://www.ibm.com/support/pages/node/6597993...
Malleability remedied in Salt
Salt Project has fixed a vulnerability in Salt. A malicious person who has a locked user account can still perform actions under privileges of this account. Systems are vulnerable only when PAM authentication is used. Salt Project has released updates to fix the vulnerability fix in Salt 3002.9,...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a remote malicious person to launch a Cross-site Scripting attack. Jenkins has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in TheHive and Cortex
A vulnerability has been fixed in TheHive and Cortex. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication by providing an existing username but not including a password. send. This vulnerability is only exploitable if TheHive and Cortex use an AD to...
Vulnerabilities fixed in IBM Cognos
IBM has fixed vulnerabilities in Cognos. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Circumvention of security measure. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Dell SupportAssistant
Vulnerabilities have been fixed in Dell SupportAssist. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Remote code execution User Rights Access to system data Increased...
Vulnerability fixed in RealVNC VNC Server
RealVNC has fixed a vulnerability in VNC Server for Windows. A local, authenticated malicious party can exploit the exploit the vulnerability to obtain elevated privileges on the system on which VNC Server is installed. The vulnerability is caused by an installation file executing files in %TEMP%...
Vulnerability fixed in OpenSSL
A vulnerability has been fixed in OpenSSL. The vulnerability is located in the cvrehash script and is caused by the fact that shell meta-characters being insufficiently removed from user input. removed. On some operating systems, the vulnerable script is is executed automatically. On such systems...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions and bypass a security measure to bypass. As usual, Google has made few substantive details made available about the...
Vulnerabilities fixed in Linux kernel
Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in Tenable Nessus Agent
Vulnerabilities have been fixed in Tenable Nessus Agent. The vulnerabilities allow a malicious person with elevated privileges to able to execute arbitrary code under administrator privileges and the read arbitrary files on the underlying system. Tenable has released a new version of Nessus Agent...
Vulnerabilities fixed in Splunk products
Vulnerabilities have been fixed in Splunk products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication Bypassing security measure Remote code execution Administrator/Root rights Accessing...
Vulnerabilities fixed in Cisco Identity Services Engine
Vulnerabilities have been fixed in Cisco Identity Services Engine. The vulnerabilities allow a malicious party to access system data or to bypass authentication. Cisco has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2022-20733...
Vulnerabilities fixed in Citrix Application Delivery Manager (ADM).
Citrix has fixed two vulnerabilities in Application Delivery Manager ADM. A malicious person with access to the management environment can exploit the vulnerabilities to cause a denial-of-service by disabling the License service, or to gain access to a root shell, by forcing a reset on the...
Vulnerabilities fixed in Cisco Email Security Appliance, Secure Email and Web Manager
Vulnerabilities have been fixed in Cisco Email Security Appliance and Cisco Secure Email and Web Manager. The vulnerability with reference CVE-2022-20798 allows an unauthenticated remote malicious person able to bypass authentication bypass authentication and thereby log into the Web management...
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed several vulnerabilities in Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application, or to access gain access to sensitive data in the context of the application. To do this, the malicious party must trick the victim...
Vulnerability fixed in Adobe RoboHelp Server
Adobe has fixed a vulnerability in RoboHelp Server. A malicious party, with prior authentication and user authorization, could potentially exploit the vulnerability to grant themselves elevated privileges. The malicious party can through manipulation of API requests, perform actions that are...
Vulnerabilities fixed in Intel processors
Vulnerabilities have been fixed in several Intel processors. The vulnerabilities allow a malicious person with local access to the processor to obtain sensitive data or cause a denial-of-service. Intel has released updates to fix the vulnerabilities. More information can be found on the pages...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed several vulnerabilities in Illustrator 2021 and 2022. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application, or to gain access to sensitive data. The malicious party must trick the victim into opening a rogue file. Adobe ha...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the application. To do this, the malicious party must entice the victim to open a rogue file. Adobe has released updates to fix the vulnerabilities in...
Vulnerability fixed in Microsoft Edge
A vulnerability has been fixed in Microsoft Edge. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code. Because it is possible to get out of Edge's sandbox environment, execution of code at the SYSTEM level cannot be ruled out. Abuse requires that the...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerability fixed in Siemens SCALANCE
A vulnerability has been fixed in Siemens SCALANCE. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. Siemens has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure components. A malicious party could exploit the vulnerabilities to obtain elevated privileges, or to gain access to sensitive data in the context of the victim. Microsoft states for several of the vulnerabilities listed below to be in possession ...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in several Microsoft Office products. The table below lists the vulnerabilities that have been fixed by Microsoft with the corresponding CVSSv3 scores. Misuse of the vulnerabilities in SharePoint requires prior authentication. Abuse of the vulnerabilities in Excel...
Vulnerabilities fixed in TYPO3
Vulnerabilities have been fixed in TYPO3. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data TYPO3 has released updates to address the...
Vulnerability fixed in Microsoft SQL Server
A vulnerability has been fixed in Microsoft SQL Server. The vulnerability allows an authenticated malicious person to execute arbitrary code, possibly as a Database Administrator, by executing a specially prepared query via the $ partition on a table where a Column Store index is present. Abuse o...