Vulnerabilities fixed in IBM QRadar

IBM has fixed vulnerabilities in QRadar. The vulnerabilities are in underlying software and libraries, such as the Linux kernel used, OpenSSL, Bash, OpenSSH, Kerberos and Mozilla software. A malicious party could exploit the vulnerabilities to causing a denial-of-service, executing arbitrary code...

Vulnerabilities fixed in Tomcat for Ubuntu

Vulnerabilities have been fixed in Tomcat. The vulnerabilities potentially allow a malicious party to cause a denial-of-service cause, access sensitive data or execute code execute code with privileges from the vulnerable application. These vulnerabilities have already been described in several...

0day vulnerability discovered in Spring Core Framework

A vulnerability has been discovered in Spring Core Framework. Spring Core Framework is a set of Java libraries that can be used to develop applications in a structured way to develop applications that can can then run either standalone or in Web application environments such as Tomcat. A maliciou...

Vulnerabilities fixed in Salt

Several vulnerabilities have been fixed in Salt. The vulnerabilities allow a malicious person to perform the following attacks execute: - altering piller data sent by the master to the minion - denial-of-service on a minion process by impersonating a rogue master - resending file server...

Vulnerability fixed in Arista EOS switches

Arista has fixed a vulnerability in switches running on the EOS platform. The vulnerability is in the way VXLAN access rules are processed on the IP4 stack. Because this does not the access rule can be dropped in certain circumstances, allowing network traffic to pass unauthorized. Not all switch...

Vulnerabilities fixed in Google Chrome

Google has published a new version of Chrome 100.0.4896.60, which fixes vulnerabilities. A malicious party can exploit the vulnerabilities to bypass security measures, execute code under the user's privileges, or potentially gain access to sensitive data in the context of the browser. The malicio...

Vulnerability fixed in Spring Cloud Function

A vulnerability has been fixed in Spring Cloud Function. A malicious party could potentially exploit the vulnerability to execute arbitrary code under application privileges. Spring Cloud Function is a complementary library for Spring Cloud, but is made available separately from the Spring...

Vulnerability fixed in OpenBSD slaacd

A vulnerability has been fixed in OpenBSD slaacd. This is a service for IPv6 stateless address autoconfiguration SLAAC. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party needs to send a specially prepared router advertisement...

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A malicious party could exploit the vulnerabilities to bypass security measures, execute arbitrary code on the underlying system, or gain access to sensitive information. However, the malicious party must have prior...

Vulnerability fixed in zlib

A vulnerability has been fixed in Zlib. The vulnerability allows a malicious person potentially able to corrupt memory during compression of specially prepared data. As a result of this, the malicious party could establish a denial-of-service effect a Denial-of-Service in the application using...

Vulnerability fixed in Google Chrome and Microsoft Edge

A vulnerability has been fixed in Google Chrome and Microsoft Edge. The vulnerability potentially allows a malicious person to execute arbitrary code under the application's permissions. Google indicates that the vulnerability is being actively exploited. The NCSC has not yet found any public...

Vulnerability found in Atlassian Confluence Datacenter

A vulnerability has been found in Atlassian Confluence Datacenter. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code. Confluence Datacenter systems are only vulnerable when using the cluster functionality. Confluence...

Vulnerability fixed in SonicOS

SonicWall has fixed a vulnerability in SonicOS. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service, and potentially execute arbitrary code execute arbitrary code in the firewall process. SonicWall has released updates to fix the vulnerability in SonicO...

Vulnerability fixed in Sophos Firewall

Sophos has fixed a vulnerability in Sophos Firewall. The vulnerability allows a malicious party to bypass authentication in the User Portal and Webadmin interfaces to bypass authentication. Subsequently, the malicious party executes code on the vulnerable system. Sophos has released updates to fi...

Vulnerability fixed in containerd

Cloud Native Computing Foundation CNCF has fixed a vulnerability fixed in containerd as used by Kubernetes, among others and Docker. A malicious party could exploit the vulnerability to gain access to sensitive data. To do so, the malicious party persuades the victim to use a rogue container imag...

Vulnerability fixed in IrfanView

A vulnerability has been fixed in IrfanView. The vulnerability allows a malicious party to cause a denial-of-service of the application or possibly under user privileges to cause execute arbitrary code. To do this, the malicious party needs to victim to open a rogue TIFF file. The developer has...

Vulnerabilities fixed in McAfee ePolicy Orchestrator

McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to sensitive dat...

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6560040...

Vulnerabilities fixed in HP printers

HP has fixed vulnerabilities in several printers. The vulnerabilities allow an unauthenticated malicious person with network access to the printer to execute arbitrary code execute arbitrary code, cause a denial-of-service, or access gain access to sensitive information. HP has released updates t...

Vulnerabilities fixed in NetApp Clustered Data ONTAP

NetApp has released updates to fix vulnerabilities in several third-party components for Clustered Data ONTAP. The vulnerabilities are in OpenSSL, PHP, OpenSSH and Apache and enable a malicious party to cause a denial-of-service cause, gain access to sensitive data and potentially manipulate data...

Vulnerabilities fixed in OTRS

OTRS developers have fixed vulnerabilities in OTRS 7 and 8. An authenticated malicious person can exploit the vulnerabilities exploit them to perform a cross-site scripting XSS attack, execute commands in the context of the application, or to gain access to sensitive data. OTRS has released updat...

Vulnerability fixed in IBM Specturm Protect

IBM has fixed a vulnerability in Spectrum Protect Server. By exploiting this vulnerability obtain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Server 8.1.14.100. For more information, see:...

Vulnerabilities fixed in Adobe Acrobat

Adobe has fixed vulnerabilities in Acrobat. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. A malicious person who has a user's partial credentials can exploit the exploit the vulnerability to bypass authentication. Only systems that use multiple external authentication plug-ins are vulnerable. OpenVPN has released updates to fix the...

Vulnerability fixed in libxml2

A vulnerability has been fixed in libxml2. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The developers of libxml2 have released an update to fix the vulnerability: https://gitlab.gnome.org/GNOME/libxml2/-/commit...

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Remote code execution User Rights The developers of MISP have released a new versi...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data Increased user privileges Python...

Vulnerabilities fixed in Drupal

Vulnerabilities have been fixed in CKEditor as used by Drupal. The vulnerability with reference CVE-2022-24728 can be exploited to perform a cross-site scripting attack. The vulnerability with attribute CVE-2022-24729 allows a malicious additionally able to cause a denial-of-service that is limit...

Vulnerabilities fixed in BIND

The Internet Systems Consortium ISC has fixed vulnerabilities in BIND. An unauthenticated remote malicious person can exploit the exploit the vulnerabilities to perform a cache-poisoning attack or cause a denial-of-service. One of the fixed vulnerabilities has been given the attribute CVE-2022-06...

Vulnerability fixed in Tibco JasperReports

A path-traversal vulnerability has been fixed in TIBCO JasperReports. TIBCO indicates that the vulnerability could theoretically could theoretically be used to obtain sensitive data obtain sensitive data from the system on which the JasperReports server is hosted. TIBCO has released updates to fi...

Vulnerabilities fixed in Bareos

Vulnerabilities have been fixed in Bareos. The vulnerability with reference CVE-2022-24755 can be exploited to bypass authentication. circumvention. To exploit this vulnerability, the Bareos Director must be configured with PAM as the authentication agent. The vulnerability with attribute...

Vulnerabilities fixed in Mattermost Server

Two vulnerabilities have been fixed in Mattermost Server. A unauthenticated malicious person can exploit the vulnerabilities to cause a denial-of-service. To do so, a malicious file needs to be uploaded or a malicious POST request needs to be sent be sent to the server. For the latter, no...

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. The vulnerability allows an unauthenticated malicious person to cause a denial-of-service. To do so, the malicious party must offer a specially crafted certificate to the system that of OpenSSL. The vulnerability is caused by the "BNmodsqrt" function. Th...

Vulnerabilities fixed in Expat

Vulnerabilities have been fixed in Expat. Combining exploiting these vulnerabilities allows a remote malicious person able to execute arbitrary code or cause a Denial-of-Service cause. Expat's developers have made updates available to address the vulnerabilities. For more information, see:...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google has made little to no information made available about the fixed vulnerabilities. Google has released...

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a local malicious agent to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data The vulnerabilities have been fix...

Vulnerabilities fixed in pfSense

Netgate has fixed vulnerabilities in pfSense. The vulnerabilities marked CVE-2022-26019, CVE-2021-41282 and CVE-2022-24299 allow a malicious party to execute arbitrary code or cause a denial-of-service. To exploit these vulnerabilities requires administrator privileges on the vulnerable device...

Vulnerability fixed in IBM WebSphere and Tivoli Netcool/OMNIbus WebGUI

IBM has fixed a vulnerability in WebSphere Application Server. WebSphere is also used by other systems such as Tivoli Netcool/OMNIbus. The vulnerability allows an unauthenticated remote malicious person to execute arbitrary code to execute arbitrary code. To do so, rogue network traffic must be...

Vulnerabilities fixed in CyberArk Privileged Session Manager and Password Vault Manager

Vulnerabilities have been fixed in the CyberArk Privileged Session Manager and Password Vault Manager. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to...

Vulnerabilities fixed in macOS

Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...

Vulnerabilities fixed in iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Circumvention of security measure. Remote code execution...

Vulnerabilities fixed in Yokogawa CENTUM VP

Vulnerabilities have been fixed in Yokogawa CENTUM VP. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Backup & Replication. A malicious party could exploit the vulnerabilities to execute of arbitrary code. To do so, the malicious party must access an internal API of the Veeam Distribution Service. For this no authentication is required. Veeam has released update...

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service or potentially execute arbitrary code. The vulnerability with attribute CVE-2022-22720 additionally enables an HTTP request...

Vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed vulnerabilities in IBM Spectrum Protect and IBM Spectrum Protect Plus. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Bypassing authenticatio...

Vulnerabilities fixed in Red Hat Openshift Container Platform

Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing authentication Circumvention of...

Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of several Dell products. The vulnerabilities make it possible for a local malicious person with elevated privileges to execute code while the system is active in System Management Mode SMM. Dell has made updates available to fix the vulnerabilities fix...

Vulnerability fixed in F-Secure products

A vulnerability has been fixed in the F-Secure Support tool, which is is used in Business Suite and consumer products. A authenticated malicious person could potentially exploit it to execute arbitrary code under higher privileges. F-Secure has made available an update that fixes the described...

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in Xen Hypervisor. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Xen has released updates to address the...

Vulnerabilities fixed in Sophos SG UTM

Vulnerabilities have been fixed in Sophos SG UTM. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data Sophos has fixed the vulnerabilities in SG UTM version 9.710. More...