4209 matches found
Vulnerabilities fixed in Apache HTTP Server
Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Apache has released...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person can exploit the vulnerabilities potentially exploit them to execute arbitrary code, cause a denial-of-service or gain access to system data. Google has released updates to fix the vulnerabilities in Chrome...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in the Xen hypervisor. The vulnerabilities allow a malicious person with access to a guest system to obtain elevated privileges on the host and can thereby compromise the system. Xen has released updates to fix the vulnerabilities. More information can be found on...
Vulnerability fixed in SonicWall SMA100 series
A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code under root privileges or cause a denial-of-service attack. To exploit the vulnerability the malicious party must have access to the...
Vulnerability fixed in Fortinet products
Vulnerabilities have been fixed in several products from Fortinet. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution...
Vulnerabilities fixed in IBM Cognos Command Center
Several vulnerabilities have been fixed in IBM Cognos Command Center. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing Access to sensitive data Increased user privileg...
Vulnerabilities fixed in IBM QRadar SIEM
Vulnerabilities have been fixed in IBM QRadar SIEM. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To do this, the malicious party must trick a trick a user into using a specially preloaded archive file 7z, tar or zip to process from QRadar. I...
Vulnerabilities fixed in Google Android and Samsung Mobile (Android)
Google has fixed several vulnerabilities in Android. In addition to the vulnerabilities fixed by Google, Samsung has also fixed 21 additional vulnerabilities fixed specifically for Samsung Mobile hardware. A malicious party could potentially exploit them to cause the following categories of damag...
Vulnerability fixed in IBM Spectrum Protect Plus
IBM has fixed a vulnerability in Spectrum Protect Plus. Credentials of users are printed in readable text in the IBM Spectrum Protect Plus virgo log file. IBM has released updates to fix the vulnerabilities in Spectrum Protect Plus 10.1.0.0-10.1.9.32. For more information, see:...
Vulnerability in CakePHP fixed
In CakePHP version 3.10.4, an encryption issue of CsrfProtectionMiddleware has been fixed. In 3.10.3, verified tokens were generated using random bytes and would often not match when they were rendered in HTML. No CVE number was issued for this vulnerability. CakePHP's developers have issued...
0Day vulnerability discovered in Atlassian Confluence
A 0Day vulnerability has been discovered in Atlassian Confluence Server and Confluence Datacenter. An unauthenticated malicious party can exploit the vulnerability to execute arbitrary code with application privileges and thus also gain access to sensitive data within the scope of the affected...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Bypassing security measure Accessing system data GitLab has released updates t...
Vulnerabilities fixed in HPE ProLiant Intel BIOS
Vulnerabilities have been fixed in the Intel BIOS of HPE ProLiant DX servers. The vulnerabilities in DX Gen 10 servers with features DX170r, DX190r, DX360, DX380, DX560 and DX4200 allow a local malicious person able to obtain sensitive information or increase privileges. HPE has made updates...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Vulnerabilities have been fixed in Red Hat OpenShift Serverless Operator and Operator. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure The vulnerabilities are locate...
Vulnerabilities fixed in IBM QRadar SIEM
Vulnerabilities have been fixed in the IBM QRadar Data Synchronization App for IBM QRadar SIEM. The vulnerabilities are are in underlying software and libraries, such as Node.js and SQLite. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the...
Vulnerabilities fixed in IBM Tivoli Monitoring
Multiple vulnerabilities have been fixed in the WebSphere Application Server component of IBM Tivoli Monitoring. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution User Rights Denial-of-Service DoS...
Vulnerabilities fixed in Microsoft Edge
Vulnerabilities have been fixed in Microsoft Edge. These vulnerabilities allow a remote attacker to impersonate impersonate someone else or break outside the sandbox and thereby increase privileges. This requires a user to respond to a link from the attacker. Microsoft has made update version...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Multiple vulnerabilities have been fixed in the Red Hat OpenShift Container Platform. These vulnerabilities allow an attacker to able to perform a Cross-Site Scripting XSS attack on the subversion plugin of Jenkins or a denial-of-service DoS in GoLang. Red Hat has made updates available for Red H...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights Spoofing...
Vulnerabilities fixed in Ruby on Rails
Vulnerabilities have been fixed in Ruby on Rails. These vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code or potentially cause a denial-of-service when the package rack is in use for parsing and middleware. Updates have been made available for rack to addres...
Vulnerabilities fixed in IBM SPSS
Several vulnerabilities have been fixed in Spring Framework version 5.3.20 as part of IBM SPSS Collaboration and Deployment Services. The vulnerabilities can be exploited by a malicious be exploited to execute arbitrary code and/or to cause a denial-of-service DoS exploit. These vulnerabilities...
Vulnerabilities fixed in Trend Micro Apex One
Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to increase its permissions and thereby load untrusted files. load. Trend Micro has released updates to fix the vulnerabilities fixes in Apex One. For more information, see:...
Zero-day vulnerability discovered in Microsoft Word
A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...
Vulnerabilities fixed in Ctrix ADC and Gateway
Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. The vulnerabilities allow a remote malicious party able to effect a denial-of-service DoS. For CVE-2022-27508 does not require authentication, while CVE-2022-27507 does. The CVE-2022-27507 vulnerability is only exploitable when...
Vulnerabilities fixed in IBM Spectrum Control
IBM has fixed multiple vulnerabilities in supporting software provided with IBM Spectrum Control, The vulnerabilities are in XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categori...
Vulnerabilities fixed in IBM MQ
IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in gzip, jackson-databind, libssh, gnutls, nettle and zlib and have been previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to gain...
Vulnerabilities fixed in Open Automation Software Platform
Vulnerabilities have been fixed in Open Automation Software Platform. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Accessing...
Vulnerabilities fixed in Zyxel products
Zyxel has fixed several vulnerabilities in a number of products, including USG, NSG and ATP firewalls. A malicious person could potentially exploit the vulnerabilities to execute arbitrary commands, cause a denial-of-service or obtaining sensitive information. To exploit the vulnerabilities, the...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Google Chrome. A malicious party can exploit the vulnerabilities to cause the following categories of damage: Bypassing security measure. Remote code execution User rights Accessing sensitive data Google gives the vulnerability with attribute...
Vulnerability fixed in Cisco IOS XR
A vulnerability has been fixed in Cisco IOS XR. The vulnerability in the health check RPM of Cisco IOS XR software could allow an unauthenticated, remote malicious party to gain access gain access to the Redis environment. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For...
Vulnerabilities fixed in IBM Tivoli Monitoring
Vulnerabilities have been fixed in IBM Tivoli Monitoring. A malicious party can exploit the vulnerabilities to cause a denial-of-service DoS and/or execute arbitrary code. The vulnerabilities are in the libexpart parser that is used by IBM Tivoli Monitoring. Local access is required to exploit th...
Vulnerability fixed in Grafana Enterprise
Grafana Labs has fixed a vulnerability in Grafana Enterprise. A malicious person with the rights to create their own data source could exploit the vulnerability for a Same Site Request Forgery attack SSRF and thus gain access to sensitive data. Grafana Labs has released updates to fix the...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed two vulnerabilities in Firefox and Thunderbird. A malicious party could potentially exploit them to execute arbitrary javascript code outside the context of the browser, potentially gaining access to sensitive data. Mozilla has released updates to fix the vulnerabilities in...
Vulnerability fixed in Oracle E-Business suite
Oracle has fixed a vulnerability in Oracle E-Business Suite. A malicious party could use the vulnerability to access gain access to sensitive information. The malicious party does not need prior authentication to do so. Oracle indicates that the vulnerability is not present in the Oracle SaaS clo...
Vulnerability fixed in BIND
ISC has fixed a vulnerability in BIND. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party must prematurely break a TLS connection to the vulnerable server. TLS is used for both DNS over TLS DoT and DNS over HTT...
Vulnerabilities fixed in VMWare products
VMware has fixed two vulnerabilities in Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager. An unauthenticated malicious person with access to the management environment could potentially exploit the vulnerabilities to gain gain...
Vulnerability fixed in SonicWall SMA100
SonicWall has fixed a vulnerability in the SMA100. The vulnerability allows an authenticated remote malicious person potentially be able to use the management interface to execute arbitrary commands execute as "root" on the underlying system, or to cause a denial-of-service. SonicWall has release...
Vulnerabilities fixed in NVIDIA drivers
NVIDIA has fixed vulnerabilities in its GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution Administrator/Root privileges Increased user privileges The...
Vulnerabilities fixed in Google Chrome and Chromium
Google has fixed several vulnerabilities in Chrome and Chromium. A malicious party could potentially exploit them to cause a denial-of-service, or execute arbitrary execute arbitrary code in the scope of the browser. Possibly, the malicious party could also gain access to sensitive data within th...
Vulnerability fixed in Apache Tomcat
Apache has fixed a vulnerability in Tomcat. A unauthenticated remote malicious person could exploit the vulnerability potentially exploit it to gain access to sensitive data. The malicious party would need insight into the workings of the web application to be manipulated and exploitation is not...
Vulnerability fixed in JFrog Artifactory
A vulnerability has been fixed in JFrog Artifactory. The vulnerability allows a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges JFrog's developers have released...
Vulnerabilities fixed in Apple Safari
Apple has fixed several vulnerabilities in Safari. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. However, the malicious party must trick the victim int...
Vulnerabilities fixed in Apple macOS
Apple has fixed multiple vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Kernel/Root permissions Remote code execution...
Vulnerability fixed in OpenBSD
A vulnerability has been fixed in OpenBSD. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service by running rogue PPPoE packets through the system. Only when an OpenBSD system is configured to use PPP through the pppoe4 interface is potentially...
Vulnerability fixed in PostgreSQL
The developers of PostgreSQL have fixed a vulnerability in PostgreSQL. It was found that certain commands such as Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER and pgamcheck do not handle permissions correctly, allowing a user to can execute these commands outside the scop...
Vulnerability fixed in Check Point Endpoint Security Client
Check Point has fixed a vulnerability in Check Point Endpoint Security Client for Windows. A local malicious agent could exploit the vulnerability to obtain elevated privileges and then execute arbitrary code under those privileges. To do so, the malicious party must place rogue files in a...
Vulnerability fixed in Zyxel ATP, USG and VPN products
Zyxel has fixed a vulnerability in products from its ATP, USG and VPN product line. An unauthenticated malicious person with access to the management interface could exploit the vulnerability to execute arbitrary code under privileges of the nobody-user. Exploit code for the vulnerability is...
Vulnerability fixed in Dell iDRAC9
Dell has fixed a vulnerability in iDRAC9.The vulnerability allows an unauthenticated malicious party to bypass authentication bypass authentication and gain access to the VNC console. Dell has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in IBM MQ
IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in Java, Eclipse Jetty and Websphere Liberty and were previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to cause a...
Vulnerabilities fixed in Dell PowerEdge
Dell has fixed vulnerabilities in PowerEdge Server based on the AMD EPYC platform. The vulnerabilities allow a local malicious party to cause a denial-of-service, access gain access to sensitive data or potentially execute code. Dell has released updates to fix the vulnerabilities. For more...