4179 matches found
Vulnerability fixed in Moxa MGate
A vulnerability has been fixed in Moxa MGate. The vulnerability allows a malicious party to gain a man-in-the-middle MITM position on the vulnerable system. Moxa has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Cacti
A vulnerability has been fixed in Cacti. The vulnerability allows a remote malicious person to bypass authentication when using LDAP to authenticate. The developers of Cacti have fixed the vulnerability in version v.1.20. For more information, see:...
Vulnerabilities fixed in Lenovo notebook BIOS
Vulnerabilities have been found in several Lenovo laptop models by researchers from security firm ESET. These vulnerabilities are Lenovo-specific, a full list of affected Lenovo laptops can be found under "Possible fixes." Two of these vulnerabilities, with attributes CVE-2021-3970 and...
Vulnerability found in 7zip for Windows
A vulnerability has been found in 7zip for Windows. This vulnerability allows a malicious person to obtain elevated privileges obtain and execute commands with these privileges. This can be accomplished by moving a file with a .7z extension to "Contents" within the "Help" menu. Within the 7z.dll ...
Vulnerabilities fixed in the Linux kernel
Several vulnerabilities have been fixed in the Linux kernel. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to system data Increased user privileges -=...
Vulnerabilities fixed in Autodesk products
Autodesk has fixed vulnerabilities in several products including AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code under rights of the application. To do this, the malicious party needs to victim to open a rogue file. Autodesk has released updates to...
Vulnerabilities fixed in Juniper Junos OS
Vulnerabilities have been fixed in several Juniper products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution...
Vulnerability fixed in VMWare Cloud Director
A vulnerability has been fixed in VMWare Cloud Director. This vulnerability allows an authenticated outside attacker with network access to the VMWare Cloud Director tenant to execute execute arbitrary code and thereby gain access to the server. gain. VMWare has made updates available for VMware...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code under the browser's permissions. As usual, Google has not made additional information made available about the fixed vulnerability. Google indicates tha...
Vulnerabilities fixed in Asterisk
Vulnerabilities have been fixed in Asterisk and Certified Asterisk. These vulnerabilities potentially allow a malicious party to perform an SQL injection attack, issue arbitrary requests or download send arbitrary requests or download larger than allowed files. Asterisk has made updates available...
Vulnerabilities fixed in McAfee Agent
Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially enable a malicious party to gain elevated privileges or access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. McAfee has made updates available to address t...
Vulnerability fixed in Schneider Electric Modicon M340
Schneider Electric has fixed a vulnerability in the Modicon M340 controllers. An unauthenticated remote malicious person could potentially exploit the vulnerability to cause a denial-of-service cause in the controller's Ethernet interface by sending a specific SNMP request. Schneider Electric has...
Vulnerability fixed in PAN-OS
A vulnerability has been fixed in PAN-OS. A malicious person with access to the DNS proxy feature of PAN-OS software could use a Man-in-the-Middle MITM method specifically crafted traffic to the firewall causing the service to be unexpectedly restarted. restart. The vulnerability is in the...
Vulnerabilities fixed in IBM Db, Db2 on OpenShift and Cloud Pak for Data
Several vulnerabilities have been fixed in IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data. These vulnerabilities allow an attacker to execute arbitrary code execute arbitrary code or cause a denial-of-service DoS. For the vulnerabilities with attributes CVE-2021-33196 an...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Increased user privileges...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User...
Vulnerabilities fixed in Ruby
Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Ruby developers have released updates to address the vulnerabilities. More information can be foun...
Vulnerabilities fixed in Citrix products
Citrix has fixed several vulnerabilities in Citrix SD-WAN, Storefront, Endpoint Management and Gateway Plug-in. The vulnerabilities allow a remote malicious party to cause a Denial-of-Service DoS attack. The vulnerabilities with characteristics CVE-2022-27505 and CVE-2022-27506 are located in...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Acrobat, After Effects, Photoshop and Reader. The vulnerabilities allow a malicious person to able to execute arbitrary code within the context of the user. The vulnerabilities in Acrobat and Reader additionally allow a malicious party the ability to view...
Vulnerability fixed in HAProxy
A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...
Vulnerability fixed in Grafana
A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...
Vulnerabilities fixed in Apache Subversion (SVN)
Apache has fixed vulnerabilities in Subversion SVN. The vulnerabilities allow an unauthenticated remote malicious agent to remotely capable of causing a denial-of-service or obtain system information. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15...
Vulnerability fixed in Apache Struts
A vulnerability has been fixed in Apache Struts. This vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code under privileges of the Struts application. OGNL evaluation must be enabled to exploit the vulnerability to be exploited. This vulnerability is an...
Vulnerability found in NGINX-LDAP
A vulnerability has been found in the LDAP reference implementation of NGINX. This allows a malicious party to execute arbitrary code execute arbitrary code when certain conditions are met. The use of command-line parameters to configure the Python daemon configuration, unused configuration...
Vulnerabilities fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. The vulnerability potentially allows a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google did not make additional information available about the fixed vulnerability. Google has released version...
Vulnerability fixed in Microsoft Windows Defender
A vulnerability has been fixed in Microsoft Windows Defender. A malicious party can exploit this vulnerability to cause a denial-of-service. This requires a user to be tricked into handling a rogue file on the system. Windows Defender: |----------------|------|------------------------------------...
Vulnerability fixed in Microsoft Power BI
Microsoft has fixed a vulnerability in the Power BI Gateway. The vulnerability occurs when multiple users simultaneously using the gateway, causing the gateway to mixes sessions. A malicious party could potentially exploit this vulnerability to gain access to sensitive data. Abuse is not easy. Th...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Spoofing Access to sensitive data The tables below provide an...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in supporting products of Azure. A malicious party could potentially exploit them to appropriate elevated privileges and gain access gain access to sensitive data. The vulnerabilities in Azure Site Recovery are located specifically in the VMWare-to-Azure and...
Vulnerability fixed in Microsoft Dynamics
A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote...
Vulnerability fixed in libarchive
The developers of libarchive have fixed a vulnerability. The vulnerability allows a remote malicious party to view sensitive data or cause a denial-of-service DoS cause. To do so, the malicious party must induce a victim to install open a malicious and compressed file with an application that use...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in Xen Hypervisor. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially lead to the following categories of damage: Denial-of-Service DoS. Obtaining elevated privileges Accessing sensitive data Xen has published mitigati...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. Abuse of the vulnerabilities potentially enable a malicious party to be able to obtain elevated privileges or cause a denial-of-service cause. The tables below list the vulnerabilities fixed by Microsoft with the corresponding CVSSv3...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User Rights...
Vulnerabilities fixed in FortiClient
Vulnerabilities have been fixed in FortiClient for Linux and Windows. The vulnerabilities allow a local malicious agent to to gain access to system data and obtain elevated privileges. Fortinet has released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Use...
Vulnerabilities fixed in VMware products
Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Bypassing authentication Circumvention of security measure Remote code...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remot...
Vulnerabilities fixed in MediaWiki
There are vulnerabilities in MediaWiki. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To exploit, the malicious party must be able to modify page titles or only be able to modify a specially prepared URI to visit. A malicious party can exploi...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerabilities. For more information, see: https://www.ibm.com/support/pages/node/6564711...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. The vulnerability potentially allows a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google has not made any additional information made available about the fixed vulnerability. Google has release...
Vulnerability fixed in IBM Tivoli Netcool Impact
A vulnerability has been fixed in IBM Tivoli Netcool Impact. A malicious party can exploit the vulnerability to cause a denial-of-service DoS attack. The vulnerability is in the gson component that is part of IBM Tivoli Netcool Impact. IBM has released updates to fix the vulnerability in Tivoli...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Access to sensitive data Access to system dat...
Vulnerability fixed in ABB 800xA for AC. 800MCompact
ABB has fixed a vulnerability in 800xA, Control Software for AC 800MCompact. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to perform a denial-of-service. ABB has released updates to fix the vulnerability. Mitigating measures have als...
Vulnerabilities fixed in Dell Wyse Device Agent
Vulnerabilities have been fixed in Dell Wyse Device Agent. A local malicious party could exploit the vulnerabilities to gain access to the WMS server and/or gain access to sensitive information from the WMS server. Dell has released updates to fix the vulnerability in Wyse Device Agent. For more...
Vulnerability fixed in Rapid7 Nexpose
A vulnerability has been fixed in Nexpose, the scanning tool from Rapid7. The vulnerability potentially allows a malicious party to to gain access to sensitive information via SQL injection. Rapid7 has made updates available to fix the vulnerability. fix. For more information, see:...
Vulnerabilities fixed in Apple products
Two different vulnerabilities have been fixed by Apple. The vulnerability with CVE attribute CVE-2022-22675 allows a malicious person able to execute arbitrary code with kernel privileges. This vulnerability has been fixed in macOS, iOS and iPadOS. The second vulnerability, CVE-2022-22674, allows...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Accessing sensitive...
Vulnerability fixed in Zyxel Firewall and VPN systems
Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...