4209 matches found
Vulnerabilities fixed in Dell PowerEdge Server
Vulnerabilities have been fixed in Dell PowerEdge Server. The vulnerabilities are located in the Broadcom Emulex HBA Manager/OneCommand Manager used in Dell PowerEdge Servers. The vulnerabilities allow a remote malicious person to able to launch attacks that result in the following categories of...
Vulnerability fixed in WSO2 products
A serious vulnerability has been fixed in several products of WSO2. A malicious person with access to the network can exploit the exploit the vulnerability to execute arbitrary code or gain access to sensitive data. Public exploit code is available. This exploit code allows a remote malicious par...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been fixed in Red Hat OpenShift Container Platform. The vulnerability allows a remote malicious party to able to cause a denial-of-service. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Kibana
A vulnerability has been fixed in Kibana. A malicious party could potentially exploit the vulnerability to obtain sensitive information. The vulnerability is not in the default configuration. Only Kibana installations that explicitly use Elastic Stack monitoring are potentially vulnerable. Elasti...
Vulnerabilities fixed in MISP
Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights For these vulnerabilities, at the time of...
Vulnerability fixed in Jira Seraph
A vulnerability has been fixed in Jira Seraph, the web framework used for authentication within Jira. The vulnerability allows a remote malicious party to circumvent authentication bypass authentication by sending a specially prepared HTTP request to the server. The application is only vulnerable...
Vulnerability found in Mitel MiVoice Connect
A vulnerability has been found in the Service Appliance component of MiVoice Connect. This vulnerability allows a remote malicious remote user to execute arbitrary code with the permissions with which the Service Appliance component is running. Mitel has made mitigating measures available to fix...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation ...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in the following Hyperion products: Hyperion BI+ Hyperion Data Relationship Management Hyperion Financial Management Hyperion Infrastructure Technology Hyperion Planning Hyperion Profitability and Cost Management Hyperion Calculation Manager Hyperion Tax Provision...
Vulnerabilities fixed in AWS patch solutions
Vulnerabilities have been fixed in several AWS patch solutions. These patch solutions were released by AWS to monitor for Java applications vulnerable to Log4Shell and patch these systems immediately. AWS has released three hotpatches released. A hot patch in the form of Debian or RPM packages th...
Vulnerabilities fixed in Liferay
Vulnerabilities have been fixed in Liferay Portal versions 7.3.3 through through 7.4.1. The vulnerabilities allow a malicious party to perform a Cross-Site Scripting attack or unintentionally view the list of groups and sites used within the portal. Liferay has made updates available for Liferay...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in the following products: Oracle Solaris Cluster Oracle ZFS Storage Appliance Kit Oracle StorageTek ACSLS Oracle StorageTek Tape Analytics STA Oracle Solaris Oracle Ethernet Switch ES1-24 Oracle Ethernet Switch TOR-72 The vulnerabilities allow a malicious party t...
Vulnerability fixed in Mattermost
A vulnerability has been fixed in Mattermost with versions lower than 6.5. Email invitations to a Mattermost channel or server are insufficiently invalidated when selected by an administrator. This allows a person to still participate in Mattermost channels even though access has been revoked aft...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in E-Business Suite applications. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data Access to system data The...
Vulnerabilities fixed in Oracle Construction and Engineering
Oracle has fixed vulnerabilities in the following Construction and Engineering products: Primavera Unifier Instantis EnterpriseTrack The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in Java SE JDK/JRE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has remedied vulnerabilities in the following Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager for Peoplesoft Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for Storage Management The vulnerabilities allow a malicious person to...
Vulnerabilities fixed in Oracle Virtualization
Oracle has fixed vulnerabilities in Secure Global Desktop and VirtualBox. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Server-side request forgery Denial-of-Service DoS. Manipulation of data Access to system data...
Vulnerabilities fixed in Oracle Supply Chain
Oracle has fixed vulnerabilities in the following Supply Chain products: Advanced Supply Chain Planning Transportation Management Autovue for Agile Product Lifecycle Management. Agile Engineering Data Management Agile PLM MCAD Connector Agile PLM Framework Product Lifecycle Analytics The...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following MySQL products: MySQL Workbench MySQL Server MySQL Cluster MySQL Connectors MySQL Enterprise Monitor The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service D...
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in the following Financial Services applications: - Oracle Banking Deposits and Lines of Credit Servicing - Oracle Banking Enterprise Default Management - Oracle Banking Loans Servicing - Oracle Banking Party Management - Oracle Banking Payments - Oracle Banking...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...
Vulnerability fixed in Veritas NetBackup OpsCenter and OpsCenter Analytics
A vulnerability has been fixed in Veritas NetBackup OpsCenter and OpsCenter Analytics. The vulnerability allows an authenticated remote malicious person able to perform Cross-Site ScriptingXSS. execution. Veritas has made mitigation measures and updates available to fix the vulnerability. For mor...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Fusion Middleware products: Business Intelligence Enterprise Edition Business Process Management Suite Coherence Data Integrator HTTP Server Helidon Identity Manager Identity Manager Connector Internet Directory JDeveloper Managed File Transfer...
Vulnerabilities fixed Oracle Communications Applications
Oracle has fixed vulnerabilities in the following products: Communications Billing and Revenue Management Communications ASAP Communications IP Service Activator Communications MetaSolv Solution Communications Order and Service Management Communications Design Studio Communications Network...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise FIN Cash Management PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise PRTL Interaction Hub PeopleSoft Enterprise CS Academic Advisement The vulnerabilities potentially enable a malicious person to execute...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in the following JD Edwards products: JD Edwards EnterpriseOne Tools JD Edwards World Security The vulnerabilities allow an unauthenticated malicious person potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed vulnerabilities in the following products: Communications Services Gatekeeper Communications Session Border Controller Communications Unified Session Manager Enterprise Session Border Controller Enterprise Communications Broker Communications Operations Monitor Communications...
Vulnerabilities fixed in OpenJPEG
Vulnerabilities have been fixed in OpenJPEG. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data -= openSUSE =- The developers of openSUSE have made updates...
Vulnerability found in 7zip for Windows
A vulnerability has been found in 7zip for Windows. This vulnerability allows a malicious person to obtain elevated privileges obtain and execute commands with these privileges. This can be accomplished by moving a file with a .7z extension to "Contents" within the "Help" menu. Within the 7z.dll ...
Vulnerability fixed in Moxa MGate
A vulnerability has been fixed in Moxa MGate. The vulnerability allows a malicious party to gain a man-in-the-middle MITM position on the vulnerable system. Moxa has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in the Linux kernel
Several vulnerabilities have been fixed in the Linux kernel. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to system data Increased user privileges -=...
Vulnerabilities fixed in Lenovo notebook BIOS
Vulnerabilities have been found in several Lenovo laptop models by researchers from security firm ESET. These vulnerabilities are Lenovo-specific, a full list of affected Lenovo laptops can be found under "Possible fixes." Two of these vulnerabilities, with attributes CVE-2021-3970 and...
Vulnerability fixed in Zoho ManageEngine ADSelfService Plus
Zoho has fixed a vulnerability in ManageEngine ADSelfService Plus. An authenticated malicious person could potentially potentially exploit it to execute arbitrary code. The vulnerability is located in the password reset functionality. Systems are vulnerable only when custom scripts are enabled fo...
Vulnerabilities fixed in Autodesk products
Autodesk has fixed vulnerabilities in several products including AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code under rights of the application. To do this, the malicious party needs to victim to open a rogue file. Autodesk has released updates to...
Vulnerability fixed in Cacti
A vulnerability has been fixed in Cacti. The vulnerability allows a remote malicious person to bypass authentication when using LDAP to authenticate. The developers of Cacti have fixed the vulnerability in version v.1.20. For more information, see:...
Vulnerability fixed in VMWare Cloud Director
A vulnerability has been fixed in VMWare Cloud Director. This vulnerability allows an authenticated outside attacker with network access to the VMWare Cloud Director tenant to execute execute arbitrary code and thereby gain access to the server. gain. VMWare has made updates available for VMware...
Vulnerabilities fixed in Juniper Junos OS
Vulnerabilities have been fixed in several Juniper products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution...
Vulnerabilities fixed in McAfee Agent
Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially enable a malicious party to gain elevated privileges or access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. McAfee has made updates available to address t...
Vulnerabilities fixed in Asterisk
Vulnerabilities have been fixed in Asterisk and Certified Asterisk. These vulnerabilities potentially allow a malicious party to perform an SQL injection attack, issue arbitrary requests or download send arbitrary requests or download larger than allowed files. Asterisk has made updates available...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code under the browser's permissions. As usual, Google has not made additional information made available about the fixed vulnerability. Google indicates tha...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Increased user privileges...
Vulnerability fixed in Schneider Electric Modicon M340
Schneider Electric has fixed a vulnerability in the Modicon M340 controllers. An unauthenticated remote malicious person could potentially exploit the vulnerability to cause a denial-of-service cause in the controller's Ethernet interface by sending a specific SNMP request. Schneider Electric has...
Vulnerability fixed in PAN-OS
A vulnerability has been fixed in PAN-OS. A malicious person with access to the DNS proxy feature of PAN-OS software could use a Man-in-the-Middle MITM method specifically crafted traffic to the firewall causing the service to be unexpectedly restarted. restart. The vulnerability is in the...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User...
Vulnerabilities fixed in IBM Db, Db2 on OpenShift and Cloud Pak for Data
Several vulnerabilities have been fixed in IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data. These vulnerabilities allow an attacker to execute arbitrary code execute arbitrary code or cause a denial-of-service DoS. For the vulnerabilities with attributes CVE-2021-33196 an...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in Acrobat, After Effects, Photoshop and Reader. The vulnerabilities allow a malicious person to able to execute arbitrary code within the context of the user. The vulnerabilities in Acrobat and Reader additionally allow a malicious party the ability to view...
Vulnerabilities fixed in Citrix products
Citrix has fixed several vulnerabilities in Citrix SD-WAN, Storefront, Endpoint Management and Gateway Plug-in. The vulnerabilities allow a remote malicious party to cause a Denial-of-Service DoS attack. The vulnerabilities with characteristics CVE-2022-27505 and CVE-2022-27506 are located in...
Vulnerabilities fixed in Apache Subversion (SVN)
Apache has fixed vulnerabilities in Subversion SVN. The vulnerabilities allow an unauthenticated remote malicious agent to remotely capable of causing a denial-of-service or obtain system information. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15...
Vulnerability fixed in Apache Struts
A vulnerability has been fixed in Apache Struts. This vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code under privileges of the Struts application. OGNL evaluation must be enabled to exploit the vulnerability to be exploited. This vulnerability is an...