4179 matches found
Vulnerability fixed in Cisco IOS XR
A vulnerability has been fixed in Cisco IOS XR. The vulnerability in the health check RPM of Cisco IOS XR software could allow an unauthenticated, remote malicious party to gain access gain access to the Redis environment. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For...
Vulnerability fixed in Grafana Enterprise
Grafana Labs has fixed a vulnerability in Grafana Enterprise. A malicious person with the rights to create their own data source could exploit the vulnerability for a Same Site Request Forgery attack SSRF and thus gain access to sensitive data. Grafana Labs has released updates to fix the...
Vulnerabilities fixed in IBM Tivoli Monitoring
Vulnerabilities have been fixed in IBM Tivoli Monitoring. A malicious party can exploit the vulnerabilities to cause a denial-of-service DoS and/or execute arbitrary code. The vulnerabilities are in the libexpart parser that is used by IBM Tivoli Monitoring. Local access is required to exploit th...
Vulnerability fixed in Oracle E-Business suite
Oracle has fixed a vulnerability in Oracle E-Business Suite. A malicious party could use the vulnerability to access gain access to sensitive information. The malicious party does not need prior authentication to do so. Oracle indicates that the vulnerability is not present in the Oracle SaaS clo...
Vulnerabilities fixed in VMWare products
VMware has fixed two vulnerabilities in Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager. An unauthenticated malicious person with access to the management environment could potentially exploit the vulnerabilities to gain gain...
Vulnerability fixed in BIND
ISC has fixed a vulnerability in BIND. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party must prematurely break a TLS connection to the vulnerable server. TLS is used for both DNS over TLS DoT and DNS over HTT...
Vulnerability fixed in SonicWall SMA100
SonicWall has fixed a vulnerability in the SMA100. The vulnerability allows an authenticated remote malicious person potentially be able to use the management interface to execute arbitrary commands execute as "root" on the underlying system, or to cause a denial-of-service. SonicWall has release...
Vulnerabilities fixed in NVIDIA drivers
NVIDIA has fixed vulnerabilities in its GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution Administrator/Root privileges Increased user privileges The...
Vulnerability fixed in Apache Tomcat
Apache has fixed a vulnerability in Tomcat. A unauthenticated remote malicious person could exploit the vulnerability potentially exploit it to gain access to sensitive data. The malicious party would need insight into the workings of the web application to be manipulated and exploitation is not...
Vulnerability fixed in JFrog Artifactory
A vulnerability has been fixed in JFrog Artifactory. The vulnerability allows a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges JFrog's developers have released...
Vulnerabilities fixed in Apple Safari
Apple has fixed several vulnerabilities in Safari. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. However, the malicious party must trick the victim int...
Vulnerabilities fixed in Apple macOS
Apple has fixed multiple vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Kernel/Root permissions Remote code execution...
Vulnerabilities fixed in Google Chrome and Chromium
Google has fixed several vulnerabilities in Chrome and Chromium. A malicious party could potentially exploit them to cause a denial-of-service, or execute arbitrary execute arbitrary code in the scope of the browser. Possibly, the malicious party could also gain access to sensitive data within th...
Vulnerability fixed in OpenBSD
A vulnerability has been fixed in OpenBSD. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service by running rogue PPPoE packets through the system. Only when an OpenBSD system is configured to use PPP through the pppoe4 interface is potentially...
Vulnerability fixed in PostgreSQL
The developers of PostgreSQL have fixed a vulnerability in PostgreSQL. It was found that certain commands such as Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER and pgamcheck do not handle permissions correctly, allowing a user to can execute these commands outside the scop...
Vulnerability fixed in Check Point Endpoint Security Client
Check Point has fixed a vulnerability in Check Point Endpoint Security Client for Windows. A local malicious agent could exploit the vulnerability to obtain elevated privileges and then execute arbitrary code under those privileges. To do so, the malicious party must place rogue files in a...
Vulnerability fixed in Zyxel ATP, USG and VPN products
Zyxel has fixed a vulnerability in products from its ATP, USG and VPN product line. An unauthenticated malicious person with access to the management interface could exploit the vulnerability to execute arbitrary code under privileges of the nobody-user. Exploit code for the vulnerability is...
Vulnerability fixed in Dell iDRAC9
Dell has fixed a vulnerability in iDRAC9.The vulnerability allows an unauthenticated malicious party to bypass authentication bypass authentication and gain access to the VNC console. Dell has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in Intel processors and -chipsets
Intel has fixed vulnerabilities in several processors and chipsets. A local malicious party could potentially exploit them to cause a denial-of-service, gain gain access to system data or obtain elevated privileges. For the vulnerability with reference CVE-2021-33149 no security updates have been...
Vulnerability fixed in Zimbra Collaboration
Zimbra has fixed a vulnerability in Zimbra Collaboration. The vulnerability allows a remote malicious person to inject memcached commands and thereby manipulate cached data manipulate. This makes it possible to manipulate content that is served to users of Zimbra Collaboration. Thus functionaliti...
Vulnerabilities fixed in Dell PowerEdge
Dell has fixed vulnerabilities in PowerEdge Server based on the AMD EPYC platform. The vulnerabilities allow a local malicious party to cause a denial-of-service, access gain access to sensitive data or potentially execute code. Dell has released updates to fix the vulnerabilities. For more...
Vulnerabilities fixed in SUSE Linux Enterprise kernel
SUSE has fixed vulnerabilities in the Linux kernel. A authenticated malicious person could potentially exploit them to cause a denial-of-service or to obtain elevated privileges. -= SUSE =- SUSE has made updates available to fix the vulnerability fixes in SUSE 12 and 15. You can install these...
Vulnerabilities fixed in IBM MQ
IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in Java, Eclipse Jetty and Websphere Liberty and were previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to cause a...
Vulnerabilities fixed in Red Hat OpenShift Logging
Red Hat has fixed vulnerabilities in OpenShift Logging. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypassing a security measure or perform an HTTP request smuggling attack. Red Hat has released updates to fix the vulnerabilities. For more information, see:...
Vulnerability fixed in Microsoft Exchange Server
A vulnerability has been fixed in Microsoft Exchange Server. The vulnerability allows an authenticated malicious party to obtain obtain elevated privileges. To exploit the vulnerability the malicious party must have access to the Exchange Server and be authenticated with elevated privileges. If t...
Vulnerabilities fixed in Adove InDesign
Adobe has fixed vulnerabilities in InDesign. The vulnerabilities allow a malicious person to execute arbitrary code execute with application privileges. To do this, the malicious party induces the victim to open a rogue file open. Adobe has released updates to fix the vulnerabilities. For more...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Framemaker. The vulnerabilities allow a malicious party to cause a denial-of-service or execute arbitrary code under privileges of the application. To do this, the malicious party must persuade the victim to open a rogue file. Adobe has released updates to fix t...
Vulnerabilities fixed in Oracle Enterprise Linux kernel
Oracle has fixed vulnerabilities in the Oracle Linux kernel. The vulnerabilities allow a local malicious person to cause a denial-of-service, obtain elevated privileges or gain access to system information. Successful exploit requires authentication. -= Oracle =- Oracle has made updates available...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office. The vulnerabilities allow a remote malicious person to execute arbitrary code under the user's privileges or to bypass a security measure. Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE ID | CVSS |...
Vulnerability fixed in Microsoft Azure
A vulnerability has been fixed in Microsoft Azure. The vulnerability allows an authenticated malicious person to execute arbitrary code. The vulnerability is in a driver used to run in Azure Synapse pipelines and Azure Data Factory Integration Runtime IR to connect to Amazon Redshift. The malicio...
Vulnerabilities fixed in HPE Integrated Lights-Out
HPE has fixed a vulnerability in Integrated Lights-Out. The vulnerability allows an authenticated remote malicious party to able to cause a denial-of-service. Few substantive details about the vulnerability publicly available made available. HPE has released updates to fix the vulnerability. For...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a malicious party to cause a denial-of-service or to execute arbitrary code execute arbitrary code under the user's privileges. The vulnerability with reference CVE-2022-30129 allows a malicious person to...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of authentication Remote code execution Administrator/SYSTEM...
Vulnerability fixed in ecdsautils
Debian has fixed a vulnerability in ecdsautils. This is a library used for cryptographic applications based based on ECDSA. The vulnerability is in functionality for validating of ECDSA signatures. The flaw causes an application considers specially crafted signatures to be valid when they are not...
Vulnerabilities fixed in F5 products
Vulnerabilities have been fixed in products from F5, including BIG-IP and Traffix SDC. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of...
Vulnerability fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere
A vulnerability has been fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA. The vulnerability allows an authenticated remote malicious party to execute system commands. No CVE attribute is currently available for this vulnerability. available. Aveva has released updates to fix the...
Vulnerabilities fixed in Red Hat Satellite
Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a remote malicious party to obtain obtain sensitive data or to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in QNAP QTS, QuTS hero and QuTScloud
QNAP has fixed vulnerabilities in QTS, QuTS hero and QuTScloud. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to sensitive data Access to system data...
Vulnerabilities fixed in Splunk
Vulnerabilities have been fixed in Splunk. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Access to system data Increased user privileges Updates have been...
Vulnerability fixed in OpenLDAP
A vulnerability has been fixed in OpenLDAP. The vulnerability allows a malicious person to perform an SQL injection. The is a vulnerability in the back-sql backend. This backend is no longer actively supported but is still available in OpenLDAP. The developers of OpenLDAP have released updates to...
Vulnerabilities fixed in Cisco TelePresence
Vulnerabilities have been fixed in Cisco TelePresence. The vulnerabilities allow an authenticated malicious party to gain gain access to sensitive data and to cause a denial-of-service. Cisco has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Oracle Enterprise Linux
Vulnerabilities have been fixed in the kernel of Oracle Enterprise Linux. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges Oracle has released updates to fix th...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Aruba has fixed vulnerabilities in ClearPass Policy Manager CPPM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of...
Vulnerability fixed in FortiClient
A vulnerability has been fixed in FortiClient. The vulnerability allows a malicious person with access to the system to execute or delete files with admin rights. The vulnerability is located in the FortiClient MSI installer. Fortinet has released updates to fix the vulnerability. More informatio...
Vulnerabilities fixed in FortiOS
Vulnerabilities have been fixed in FortiOS. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to sensitive data Access to system data Fortinet has released updates to...
Vulnerabilities fixed in Firefox and Firefox ESR
Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Spoofing Accessing sensitive data Access to...
Vulnerabilities fixed in Yokogawa Centum VP, ProSafe-RS and B/M9000 VP
Yokogawa has fixed vulnerabilities in Centum VP, ProSafe-RS and B/M9000 VP. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access t...
Vulnerabilities fixed in OpenSSL
Vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerabilities to circumvent security measures bypass security measures, cause a denial-of-service, or execute code execute code under privileges of another process. The vulnerability with reference...
Vulnerabilities fixed in the Linux kernel
Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= Debian =- Debian has made updates to...