Vulnerability fixed in ARM, AMD and Intel processors

Researchers at VU Amsterdam have found a new variant of the Spectre vulnerability. The researchers have dubbed the attack Branch History Injection. Previous mitigation for Spectre v2 is not sufficient to fully fix the vulnerability, according to the researchers. According to the researchers, this...

Vulnerability fixed in PAN-OS

A vulnerability has been fixed in PAN-OS. The vulnerability with reference CVE-2022-0022 allows a malicious person with access to the system's password hashes, to crack the hashes to crack and thus gain access to the passwords. This vulnerability arose because PAN-OS uses a weak cryptographic...

Vulnerabilities fixed in mariadb

Vulnerabilities have been fixed in mariadb 10.2.43. Due to an error in the handling and validation of database queries, a local attacker is able to crash the application or increase the user privileges to service account privileges. -= SUSE =- SUSE has made updates available to address the...

Vulnerabilities fixed in Schneider Electric Ecostruxure Control Expert

Vulnerabilities have been fixed in the Schneider Electric Ecostruxure Control Expert. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service cause. To exploit these vulnerabilities, a malicious party must be able to intercept specific Modbus data and...

Vulnerabilities fixed in Zabbix

Vulnerabilities have been fixed in Zabbix. An authenticated malicious party could exploit the vulnerabilities to launch a cross-site scripting attack. Zabbix has made updates available to fix the vulnerabilities. fixes. For more information, see: https://support.zabbix.com/browse/ZBX-20680...

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in Photoshop, Illustrator and After Effects. The vulnerabilities allow a malicious person to to execute arbitrary code within the context of the user, or gain access to sensitive data. To exploit the vulnerabilities, an attacker must entice a user to open a rogue...

Vulnerabilities fixed in APC UPS systems

Vulnerabilities have been fixed in Uninterruptible Power Supply UPS systems from APC. APC is part of Schneider Electric. These UPS systems are widely used in situations where up-time is very important. The vulnerabilities with reference CVE-2022-22805 and CVE-2022-22806 allow a remote malicious...

Vulnerabilities fixed in Icinga Web 2

Several vulnerabilities have been fixed in Icinga Web 2. The vulnerability with the attribute CVE-2022-24716 allows an unauthenticated malicious party to use a path-traversal to obtain to obtain files that may contain database credentials. The vulnerabilities with attributes CVE-2022-24714 and...

Vulnerability fixed in Mitel MiCollab and MiVoice Business Express

A vulnerability has been fixed in Mitel MiCollab and MiVoice Business Express. The vulnerability allows an unauthenticated remote malicious party to perform attacks that lead to the following categories of damage Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Th...

Vulnerability fixed in AMD processors

AMD has fixed a vulnerability with reference CVE-2021-26401 for the Ryzen and Athlon processors. This vulnerability has the same cause as the vulnerability known as Spectre, with attribute CVE-2017-5717. This vulnerability allows a malicious party to obtain sensitive data from the memory of a loc...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication. Remote code execution...

Vulnerabilities fixed in Intel processors

Intel has fixed vulnerabilities in processors from the Atom, Core, Celeron and Atom families. A malicious person with physical access to the system could exploit the vulnerability to, among other things access sensitive data and potentially gain elevated privileges, among other things. obtain...

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Exchange Server. A malicious party could potentially exploit the vulnerabilities to access gain access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. Exploitation of both vulnerabilities requires...

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution User rights Access to...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User...

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Developer Tools products. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing In order to exploit these vulnerabilities, a...

Vulnerabilities fixed in Microsoft Defender

Microsoft has fixed vulnerabilities in Defender. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, be able to impersonate another user and execute arbitrary code in the context of a user. In order to exploit the vulnerabilities, the malicious party nee...

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication...

Vulnerabilities fixed in Microsoft Azure Site Recovery

Vulnerabilities have been fixed in Microsoft Azure Site Recovery. The vulnerabilities allow a malicious party to obtain elevated rights or to execute arbitrary code. With the exception of CVE-2022-24469, an attacker already needs need elevated privileges to one or more of the components that are...

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Increased user privileges The...

Vulnerabilities fixed in Firefox

Vulnerabilities have been fixed in Firefox. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Mozilla has released updates to fix the...

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges The vulnerability with attribute...

Vulnerabilities fixed in Bitdefender products

Vulnerabilities have been fixed in Bitdefender products. The vulnerabilities allow a local malicious agent to cause a denial-of-service or to obtain elevated privileges. obtained. Bitdefender has released updates to address the vulnerabilities. fixes. More information can be found on the pages...

Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations

A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in the Asterisk framework. The vulnerabilities potentially allow a malicious party to cause a denial-of-service or execute arbitrary code. Asterisk indicates that proof-of-concept code is in circulation from these vulnerabilities. Asterisk has made updates availabl...

Vulnerabilities fixed in Firefox

Vulnerabilities have been fixed in Firefox. The vulnerabilities allow a remote malicious person to execute arbitrary code execute arbitrary code under the user's privileges; also, the vulnerability with reference CVE-2022-26486 the ability to break out of the sandbox of the browser. According to...

Vulnerabilities fixed in Autodesk products

Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities allow a malicious person to execute arbitrary code with the application's permissions. To exploit the vulnerabilities, a malicious party must trick a user into entice a user to open a rogue file. Autodesk has made...

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in several components of IBM Spectrum Control. These include vulnerabilities in third-party software parties such as Apache Log4j, Dojo, Java SE, Gson and Websphere Liberty. A malicious party could exploit the vulnerabilities to cause damage cause damage in the...

Vulnerability fixed in Liferay portal

A vulnerability has been fixed in Liferay Portal. The vulnerability potentially allows a remote malicious party to perform execute a Cross-Site Request Forgery XSRF attack. Liferay has made updates available to fix the vulnerability. fix. For more information, see:...

Vulnerability fixed in Elasticsearch and Kibana

Vulnerabilities have been fixed in Elasticsearch and Kibana. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Increased user privileges Elastic has made updates...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Increased user privileges The...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system data Google has ma...

Vulnerabilities fixed in Fortinet products

Fortinet has fixed multiple vulnerabilities in several Fortinet products. The vulnerabilities allow a malicious party to able to carry out attacks that potentially lead to: Bypassing authentication Bypassing security measures Accessing sensitive data Increased user privileges The vulnerability wi...

Vulnerabilities fixed in Aruba AOS-CX switches

Vulnerabilities have been fixed in Aruba AOS-CX switches. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Remote code execution...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Remote code execution User rights The vulnerabilit...

Vulnerabilities fixed in Trend Micro Server Protect

Trend Micro has fixed multiple vulnerabilities in Server Protect. The vulnerability with reference CVE-2022-25329 allows a remote malicious person to misuse a hardcoded password in order to perform administrative actions. perform. The other vulnerabilities allow an authenticated malicious person...

Vulnerability fixed in pfSense

NetGate has fixed a vulnerability in pfSense versions lower than and equal to 2.5.2. A malicious person with user privileges within the same network is able to write arbitrary code to the system. Due to the lack of Cross-Site Request Forgery Protection CSRF on the vulnerable system, it is possibl...

Vulnerability fixed in VMWare Workspace ONE

VMWare has fixed a vulnerability in Workspace ONE for iOS. A malicious party could potentially exploit the vulnerability for a Cross-Site Scripting Attack XSS. Because workspace ONE is an application for accessing enterprise email, calendars and contact information on BYOD, it could potentially...

Vulnerabilities fixed in IBM AIX kernel and Java SDK

Vulnerabilities have been fixed in IBM AIX versions 7.1-7.3. The vulnerabilities in the kernel with attributes CVE-2021-38994 and CVE-2021-38995 allow a malicious person to perform perform denial-of-service DoS attacks from a user with low privileges. This is caused by user input that is...

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed two vulnerabilities in JunOS for the MX and SRX series systems. An unauthenticated remote malicious person could exploit the vulnerabilities to cause a denial-of-service on the systems that have SIP Application Layer Gateway SIP ALG active. This gateway is active when the system...

Bug fixes in Cisco NX-OS

Cisco has fixed several vulnerabilities in NX-OS for various platforms. A malicious party could exploit the vulnerabilities to cause a denial-of-service or, in specific configurations, execute arbitrary code with root privileges. No prior authentication is necessary. The vulnerable services, Cisc...

Vulnerability fixed in redis

A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...

Vulnerabilities fixed in BMC Track-It!

BMC has fixed several vulnerabilities in Track-It! A malicious party could exploit the vulnerabilities to gain access to the application or to execute arbitrary code under the application's privileges. The vulnerability with reference CVE-2022-24047 involves an "authentication bypass" that allows...

Vulnerabilities fixed in Cobbler

The Cobbler project has fixed two vulnerabilities. A local malicious party can exploit the vulnerabilities to view configuration files or locally execute arbitrary code execute arbitrary code under the application's permissions. A third vulnerability was also found, CVE-2021-45081. There are...

Vulnerabilities fixed in snapd

Several vulnerabilities have been fixed in Canonical's snapd. The vulnerabilities allow a local malicious person to launch attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to...

Vulnerabilities fixed in Ubuntu Linux kernel

Vulnerabilities have been fixed in the Ubuntu Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data...

Vulnerability fixed in Cisco Email Security Appliance

Cisco has fixed a vulnerability in the Email Security Appliance ESA. A malicious party could potentially exploit it to cause a denial-of-service. To exploit this vulnerability, a malicious party must send a specially prepared e-mail to a vulnerable device. By default, DANE validation is not enabl...

Vulnerability fixed in Brocade Fabric OS

A vulnerability has been fixed in Brocade Fabric OS. There is at least one account with hardcoded credentials where the administrator is not forced to change the password by default. adjust. With the new versions of Fabric OS, this is now mandatory. Cisco has released updates to fix the...

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ for the Solaris platform. A malicious party could potentially exploit the vulnerability to cause a denial-of-service via the Queue Manager channel process. IBM has released updates to fix the vulnerability in MQ 9.1. For more information, see:...

Vulnerability fixed in VMware NSX Edge

A vulnerability has been fixed in VMware NSX Edge. A authenticated malicious person with SSH access could potentially execute arbitrary commands on the underlying system with root privileges. Although this product is typically connected to a publicly accessible network, it is good practice to mak...