4209 matches found
Vulnerability fixed in HAProxy
A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...
Vulnerability fixed in Grafana
A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...
Vulnerabilities fixed in Ruby
Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Ruby developers have released updates to address the vulnerabilities. More information can be foun...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in supporting products of Azure. A malicious party could potentially exploit them to appropriate elevated privileges and gain access gain access to sensitive data. The vulnerabilities in Azure Site Recovery are located specifically in the VMWare-to-Azure and...
Vulnerability found in NGINX-LDAP
A vulnerability has been found in the LDAP reference implementation of NGINX. This allows a malicious party to execute arbitrary code execute arbitrary code when certain conditions are met. The use of command-line parameters to configure the Python daemon configuration, unused configuration...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in Xen Hypervisor. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially lead to the following categories of damage: Denial-of-Service DoS. Obtaining elevated privileges Accessing sensitive data Xen has published mitigati...
Vulnerability fixed in Microsoft Power BI
Microsoft has fixed a vulnerability in the Power BI Gateway. The vulnerability occurs when multiple users simultaneously using the gateway, causing the gateway to mixes sessions. A malicious party could potentially exploit this vulnerability to gain access to sensitive data. Abuse is not easy. Th...
Vulnerability fixed in Microsoft Windows Defender
A vulnerability has been fixed in Microsoft Windows Defender. A malicious party can exploit this vulnerability to cause a denial-of-service. This requires a user to be tricked into handling a rogue file on the system. Windows Defender: |----------------|------|------------------------------------...
Vulnerability fixed in Microsoft Dynamics
A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Spoofing Access to sensitive data The tables below provide an...
Vulnerabilities fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. The vulnerability potentially allows a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google did not make additional information available about the fixed vulnerability. Google has released version...
Vulnerability fixed in libarchive
The developers of libarchive have fixed a vulnerability. The vulnerability allows a remote malicious party to view sensitive data or cause a denial-of-service DoS cause. To do so, the malicious party must induce a victim to install open a malicious and compressed file with an application that use...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User Rights...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Microsoft Developer Tools. Abuse of the vulnerabilities potentially enable a malicious party to be able to obtain elevated privileges or cause a denial-of-service cause. The tables below list the vulnerabilities fixed by Microsoft with the corresponding CVSSv3...
Vulnerabilities fixed in FortiClient
Vulnerabilities have been fixed in FortiClient for Linux and Windows. The vulnerabilities allow a local malicious agent to to gain access to system data and obtain elevated privileges. Fortinet has released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerabilities fixed in VMware products
Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Bypassing authentication Circumvention of security measure Remote code...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Use...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remot...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerabilities. For more information, see: https://www.ibm.com/support/pages/node/6564711...
Vulnerabilities fixed in MediaWiki
There are vulnerabilities in MediaWiki. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To exploit, the malicious party must be able to modify page titles or only be able to modify a specially prepared URI to visit. A malicious party can exploi...
Vulnerability fixed in IBM Tivoli Netcool Impact
A vulnerability has been fixed in IBM Tivoli Netcool Impact. A malicious party can exploit the vulnerability to cause a denial-of-service DoS attack. The vulnerability is in the gson component that is part of IBM Tivoli Netcool Impact. IBM has released updates to fix the vulnerability in Tivoli...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. The vulnerability potentially allows a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google has not made any additional information made available about the fixed vulnerability. Google has release...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Access to sensitive data Access to system dat...
Vulnerability fixed in ABB 800xA for AC. 800MCompact
ABB has fixed a vulnerability in 800xA, Control Software for AC 800MCompact. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to perform a denial-of-service. ABB has released updates to fix the vulnerability. Mitigating measures have als...
Vulnerabilities fixed in Dell Wyse Device Agent
Vulnerabilities have been fixed in Dell Wyse Device Agent. A local malicious party could exploit the vulnerabilities to gain access to the WMS server and/or gain access to sensitive information from the WMS server. Dell has released updates to fix the vulnerability in Wyse Device Agent. For more...
Vulnerabilities fixed in Apple products
Two different vulnerabilities have been fixed by Apple. The vulnerability with CVE attribute CVE-2022-22675 allows a malicious person able to execute arbitrary code with kernel privileges. This vulnerability has been fixed in macOS, iOS and iPadOS. The second vulnerability, CVE-2022-22674, allows...
Vulnerabilities fixed in Tomcat for Ubuntu
Vulnerabilities have been fixed in Tomcat. The vulnerabilities potentially allow a malicious party to cause a denial-of-service cause, access sensitive data or execute code execute code with privileges from the vulnerable application. These vulnerabilities have already been described in several...
Vulnerability fixed in Zyxel Firewall and VPN systems
Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Accessing sensitive...
Vulnerabilities fixed in IBM QRadar
IBM has fixed vulnerabilities in QRadar. The vulnerabilities are in underlying software and libraries, such as the Linux kernel used, OpenSSL, Bash, OpenSSH, Kerberos and Mozilla software. A malicious party could exploit the vulnerabilities to causing a denial-of-service, executing arbitrary code...
Vulnerability fixed in Rapid7 Nexpose
A vulnerability has been fixed in Nexpose, the scanning tool from Rapid7. The vulnerability potentially allows a malicious party to to gain access to sensitive information via SQL injection. Rapid7 has made updates available to fix the vulnerability. fix. For more information, see:...
0day vulnerability discovered in Spring Core Framework
A vulnerability has been discovered in Spring Core Framework. Spring Core Framework is a set of Java libraries that can be used to develop applications in a structured way to develop applications that can can then run either standalone or in Web application environments such as Tomcat. A maliciou...
Vulnerability fixed in Arista EOS switches
Arista has fixed a vulnerability in switches running on the EOS platform. The vulnerability is in the way VXLAN access rules are processed on the IP4 stack. Because this does not the access rule can be dropped in certain circumstances, allowing network traffic to pass unauthorized. Not all switch...
Vulnerabilities fixed in Salt
Several vulnerabilities have been fixed in Salt. The vulnerabilities allow a malicious person to perform the following attacks execute: - altering piller data sent by the master to the minion - denial-of-service on a minion process by impersonating a rogue master - resending file server...
Vulnerability fixed in Spring Cloud Function
A vulnerability has been fixed in Spring Cloud Function. A malicious party could potentially exploit the vulnerability to execute arbitrary code under application privileges. Spring Cloud Function is a complementary library for Spring Cloud, but is made available separately from the Spring...
Vulnerabilities fixed in Google Chrome
Google has published a new version of Chrome 100.0.4896.60, which fixes vulnerabilities. A malicious party can exploit the vulnerabilities to bypass security measures, execute code under the user's privileges, or potentially gain access to sensitive data in the context of the browser. The malicio...
Vulnerability fixed in OpenBSD slaacd
A vulnerability has been fixed in OpenBSD slaacd. This is a service for IPv6 stateless address autoconfiguration SLAAC. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party needs to send a specially prepared router advertisement...
Vulnerability fixed in zlib
A vulnerability has been fixed in Zlib. The vulnerability allows a malicious person potentially able to corrupt memory during compression of specially prepared data. As a result of this, the malicious party could establish a denial-of-service effect a Denial-of-Service in the application using...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A malicious party could exploit the vulnerabilities to bypass security measures, execute arbitrary code on the underlying system, or gain access to sensitive information. However, the malicious party must have prior...
Vulnerability fixed in Google Chrome and Microsoft Edge
A vulnerability has been fixed in Google Chrome and Microsoft Edge. The vulnerability potentially allows a malicious person to execute arbitrary code under the application's permissions. Google indicates that the vulnerability is being actively exploited. The NCSC has not yet found any public...
Vulnerability fixed in Sophos Firewall
Sophos has fixed a vulnerability in Sophos Firewall. The vulnerability allows a malicious party to bypass authentication in the User Portal and Webadmin interfaces to bypass authentication. Subsequently, the malicious party executes code on the vulnerable system. Sophos has released updates to fi...
Vulnerability fixed in SonicOS
SonicWall has fixed a vulnerability in SonicOS. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service, and potentially execute arbitrary code execute arbitrary code in the firewall process. SonicWall has released updates to fix the vulnerability in SonicO...
Vulnerability found in Atlassian Confluence Datacenter
A vulnerability has been found in Atlassian Confluence Datacenter. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code. Confluence Datacenter systems are only vulnerable when using the cluster functionality. Confluence...
Vulnerability fixed in containerd
Cloud Native Computing Foundation CNCF has fixed a vulnerability fixed in containerd as used by Kubernetes, among others and Docker. A malicious party could exploit the vulnerability to gain access to sensitive data. To do so, the malicious party persuades the victim to use a rogue container imag...
Vulnerabilities fixed in McAfee ePolicy Orchestrator
McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to sensitive dat...
Vulnerability fixed in IrfanView
A vulnerability has been fixed in IrfanView. The vulnerability allows a malicious party to cause a denial-of-service of the application or possibly under user privileges to cause execute arbitrary code. To do this, the malicious party needs to victim to open a rogue TIFF file. The developer has...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6560040...
Vulnerabilities fixed in NetApp Clustered Data ONTAP
NetApp has released updates to fix vulnerabilities in several third-party components for Clustered Data ONTAP. The vulnerabilities are in OpenSSL, PHP, OpenSSH and Apache and enable a malicious party to cause a denial-of-service cause, gain access to sensitive data and potentially manipulate data...
Vulnerabilities fixed in HP printers
HP has fixed vulnerabilities in several printers. The vulnerabilities allow an unauthenticated malicious person with network access to the printer to execute arbitrary code execute arbitrary code, cause a denial-of-service, or access gain access to sensitive information. HP has released updates t...