4209 matches found
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication...
Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations
A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...
Vulnerabilities fixed in Asterisk
Vulnerabilities have been fixed in the Asterisk framework. The vulnerabilities potentially allow a malicious party to cause a denial-of-service or execute arbitrary code. Asterisk indicates that proof-of-concept code is in circulation from these vulnerabilities. Asterisk has made updates availabl...
Vulnerabilities fixed in Bitdefender products
Vulnerabilities have been fixed in Bitdefender products. The vulnerabilities allow a local malicious agent to cause a denial-of-service or to obtain elevated privileges. obtained. Bitdefender has released updates to address the vulnerabilities. fixes. More information can be found on the pages...
Vulnerabilities fixed in Firefox
Vulnerabilities have been fixed in Firefox. The vulnerabilities allow a remote malicious person to execute arbitrary code execute arbitrary code under the user's privileges; also, the vulnerability with reference CVE-2022-26486 the ability to break out of the sandbox of the browser. According to...
Vulnerabilities fixed in IBM Spectrum Control
IBM has fixed vulnerabilities in several components of IBM Spectrum Control. These include vulnerabilities in third-party software parties such as Apache Log4j, Dojo, Java SE, Gson and Websphere Liberty. A malicious party could exploit the vulnerabilities to cause damage cause damage in the...
Vulnerabilities fixed in Autodesk products
Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities allow a malicious person to execute arbitrary code with the application's permissions. To exploit the vulnerabilities, a malicious party must trick a user into entice a user to open a rogue file. Autodesk has made...
Vulnerability fixed in Liferay portal
A vulnerability has been fixed in Liferay Portal. The vulnerability potentially allows a remote malicious party to perform execute a Cross-Site Request Forgery XSRF attack. Liferay has made updates available to fix the vulnerability. fix. For more information, see:...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Increased user privileges The...
Vulnerability fixed in Elasticsearch and Kibana
Vulnerabilities have been fixed in Elasticsearch and Kibana. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Increased user privileges Elastic has made updates...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed multiple vulnerabilities in several Fortinet products. The vulnerabilities allow a malicious party to able to carry out attacks that potentially lead to: Bypassing authentication Bypassing security measures Accessing sensitive data Increased user privileges The vulnerability wi...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system data Google has ma...
Vulnerabilities fixed in Aruba AOS-CX switches
Vulnerabilities have been fixed in Aruba AOS-CX switches. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Remote code execution...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Remote code execution User rights The vulnerabilit...
Vulnerability fixed in VMWare Workspace ONE
VMWare has fixed a vulnerability in Workspace ONE for iOS. A malicious party could potentially exploit the vulnerability for a Cross-Site Scripting Attack XSS. Because workspace ONE is an application for accessing enterprise email, calendars and contact information on BYOD, it could potentially...
Bug fixes in Cisco NX-OS
Cisco has fixed several vulnerabilities in NX-OS for various platforms. A malicious party could exploit the vulnerabilities to cause a denial-of-service or, in specific configurations, execute arbitrary code with root privileges. No prior authentication is necessary. The vulnerable services, Cisc...
Vulnerability fixed in pfSense
NetGate has fixed a vulnerability in pfSense versions lower than and equal to 2.5.2. A malicious person with user privileges within the same network is able to write arbitrary code to the system. Due to the lack of Cross-Site Request Forgery Protection CSRF on the vulnerable system, it is possibl...
Vulnerabilities fixed in IBM AIX kernel and Java SDK
Vulnerabilities have been fixed in IBM AIX versions 7.1-7.3. The vulnerabilities in the kernel with attributes CVE-2021-38994 and CVE-2021-38995 allow a malicious person to perform perform denial-of-service DoS attacks from a user with low privileges. This is caused by user input that is...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed two vulnerabilities in JunOS for the MX and SRX series systems. An unauthenticated remote malicious person could exploit the vulnerabilities to cause a denial-of-service on the systems that have SIP Application Layer Gateway SIP ALG active. This gateway is active when the system...
Vulnerabilities fixed in Trend Micro Server Protect
Trend Micro has fixed multiple vulnerabilities in Server Protect. The vulnerability with reference CVE-2022-25329 allows a remote malicious person to misuse a hardcoded password in order to perform administrative actions. perform. The other vulnerabilities allow an authenticated malicious person...
Vulnerability fixed in redis
A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...
Vulnerabilities fixed in Cobbler
The Cobbler project has fixed two vulnerabilities. A local malicious party can exploit the vulnerabilities to view configuration files or locally execute arbitrary code execute arbitrary code under the application's permissions. A third vulnerability was also found, CVE-2021-45081. There are...
Vulnerabilities fixed in BMC Track-It!
BMC has fixed several vulnerabilities in Track-It! A malicious party could exploit the vulnerabilities to gain access to the application or to execute arbitrary code under the application's privileges. The vulnerability with reference CVE-2022-24047 involves an "authentication bypass" that allows...
Vulnerabilities fixed in snapd
Several vulnerabilities have been fixed in Canonical's snapd. The vulnerabilities allow a local malicious person to launch attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to...
Vulnerabilities fixed in Ubuntu Linux kernel
Vulnerabilities have been fixed in the Ubuntu Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in IBM MQ for the Solaris platform. A malicious party could potentially exploit the vulnerability to cause a denial-of-service via the Queue Manager channel process. IBM has released updates to fix the vulnerability in MQ 9.1. For more information, see:...
Vulnerability fixed in Cisco Email Security Appliance
Cisco has fixed a vulnerability in the Email Security Appliance ESA. A malicious party could potentially exploit it to cause a denial-of-service. To exploit this vulnerability, a malicious party must send a specially prepared e-mail to a vulnerable device. By default, DANE validation is not enabl...
Vulnerability fixed in Brocade Fabric OS
A vulnerability has been fixed in Brocade Fabric OS. There is at least one account with hardcoded credentials where the administrator is not forced to change the password by default. adjust. With the new versions of Fabric OS, this is now mandatory. Cisco has released updates to fix the...
Vulnerability fixed in VMware NSX Edge
A vulnerability has been fixed in VMware NSX Edge. A authenticated malicious person with SSH access could potentially execute arbitrary commands on the underlying system with root privileges. Although this product is typically connected to a publicly accessible network, it is good practice to mak...
Vulnerabilities fixed in VMware Workstation, Fusion & ESXi
VMware has fixed several vulnerabilities in various products, namely Workstation Pro/Player, Fusion and ESXi. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User right...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged-in user. Google has made little technical information about the vulnerabilities made publicly...
Vulnerabilities fixed in Intel Wi-Fi chipset firmware
Intel has fixed several vulnerabilities in various Intel PROSet/Wireless Wi-Fi and Intel Active Management Technology AMT Wireless chipsets. The vulnerabilities allow a local malicious party to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Access to...
Vulnerabilities fixed in AVEVA System Platform
Vulnerabilities have been fixed in AVEVA System Platform. A malicious party could exploit the vulnerabilities to obtain sensitive information, namely the plaintext password of the Network User Account. With this information, the malicious party could gain further access to systems. No CVE feature...
Vulnerability fixed in Adobe Magento
Adobe has fixed a vulnerability in Magento. A malicious party could potentially exploit the vulnerability to execute arbitrary code without authentication to execute arbitrary code under the privileges of the application. Adobe indicates that targeted exploits have been observed on Adobe Commerce...
Vulnerabilities fixed in DiskStation Manager (DSM)
Vulnerabilities have been fixed in DiskStation Manager. The vulnerabilities allow a remote malicious person to inject arbitrary web script or HTML. Synology has released updates to fix the vulnerabilities in DSM. For more information, see: https://www.synology.com/en-global/security/advisory...
Vulnerability fixed in Apple macOS, iOS, iPadOS and Safari
Apple has fixed a vulnerability in macOS, iOS, iPadOS and Safari. An unauthenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code under the rights of the application. To do this, the malicious party must entice the victim to open a rogue Web page...
Vulnerabilities fixed in Palo Alto GlobalProtect App
Palo Alto Networks has fixed vulnerabilities in GlobalProtect App. The vulnerabilities potentially enable a local malicious person to able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased...
Vulnerability fixed in ABB OPC Server for AC 800M
ABB has fixed a vulnerability in OPC Server for AC 800M systems. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to execute arbitrary code. Few substantive details about the vulnerability made publicly available. ABB has released update...
Vulnerabilities fixed in Grafana
Vulnerabilities have been fixed in Grafana. A malicious party could potentially exploit the vulnerabilities to perform a cross-site scripting attack, gain access to information about the system or perform a cross-site request-forgery attack. Through the latter, the malicious take over user accoun...
Vulnerabilities fixed in Dell PowerEdge
Intel has fixed vulnerabilities in chipset firmware as used by Dell PowerEdge servers. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges. The vulnerability with reference CVE-2021-33068 allows an authenticated remote malicious party additionally...
Vulnerabilities fixed in Schneider Electric Modicon M241/M251
Schneider Electric has fixed vulnerabilities in the CODESYS web server and gateway components of Modicon M241 and M251 controllers. An unauthenticated remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the...
Vulnerabilities fixed in Red Hat OpenShift
Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A flaw in the input sanitization allowed a malicious person to potentially execute arbitrary commands at the OS level by uploading uploading a rogue image. To do this, the malicious party must have prior authorization to modif...
Vulnerability fixed in Adobe Creative Cloud Desktop
Adobe has fixed a vulnerability in the Creative Cloud Desktop Application. A malicious party could exploit the vulnerability to execute arbitrary code with the victim's privileges. The malicious party needs to trick the victim into opening a rogue file. Adobe has released updates to fix the...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the vulnerabilit...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed several vulnerabilities in Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service, execute arbitrary code with user privileges, or to gain access to sensitive data within the scope of the application. The malicious party must to d...
Vulnerability fixed in Adobe After Effects
Adobe has fixed a vulnerability in After Effects. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in the Kestrel Web Server and Visual Studio Code. The vulnerabilities allow a malicious party to execute arbitrary code or cause a denial-of-service cause. The Denial-of-Service vulnerability with reference CVE-2022-21986 is located in the Kestrel web server. This...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...