4179 matches found
Vulnerabilities fixed in VMware Workstation, Fusion & ESXi
VMware has fixed several vulnerabilities in various products, namely Workstation Pro/Player, Fusion and ESXi. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User right...
Vulnerabilities fixed in AVEVA System Platform
Vulnerabilities have been fixed in AVEVA System Platform. A malicious party could exploit the vulnerabilities to obtain sensitive information, namely the plaintext password of the Network User Account. With this information, the malicious party could gain further access to systems. No CVE feature...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged-in user. Google has made little technical information about the vulnerabilities made publicly...
Vulnerabilities fixed in Intel Wi-Fi chipset firmware
Intel has fixed several vulnerabilities in various Intel PROSet/Wireless Wi-Fi and Intel Active Management Technology AMT Wireless chipsets. The vulnerabilities allow a local malicious party to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Access to...
Vulnerability fixed in Adobe Magento
Adobe has fixed a vulnerability in Magento. A malicious party could potentially exploit the vulnerability to execute arbitrary code without authentication to execute arbitrary code under the privileges of the application. Adobe indicates that targeted exploits have been observed on Adobe Commerce...
Vulnerabilities fixed in DiskStation Manager (DSM)
Vulnerabilities have been fixed in DiskStation Manager. The vulnerabilities allow a remote malicious person to inject arbitrary web script or HTML. Synology has released updates to fix the vulnerabilities in DSM. For more information, see: https://www.synology.com/en-global/security/advisory...
Vulnerability fixed in Apple macOS, iOS, iPadOS and Safari
Apple has fixed a vulnerability in macOS, iOS, iPadOS and Safari. An unauthenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code under the rights of the application. To do this, the malicious party must entice the victim to open a rogue Web page...
Vulnerabilities fixed in Red Hat OpenShift
Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A flaw in the input sanitization allowed a malicious person to potentially execute arbitrary commands at the OS level by uploading uploading a rogue image. To do this, the malicious party must have prior authorization to modif...
Vulnerabilities fixed in Dell PowerEdge
Intel has fixed vulnerabilities in chipset firmware as used by Dell PowerEdge servers. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges. The vulnerability with reference CVE-2021-33068 allows an authenticated remote malicious party additionally...
Vulnerability fixed in ABB OPC Server for AC 800M
ABB has fixed a vulnerability in OPC Server for AC 800M systems. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to execute arbitrary code. Few substantive details about the vulnerability made publicly available. ABB has released update...
Vulnerabilities fixed in Palo Alto GlobalProtect App
Palo Alto Networks has fixed vulnerabilities in GlobalProtect App. The vulnerabilities potentially enable a local malicious person to able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased...
Vulnerabilities fixed in Grafana
Vulnerabilities have been fixed in Grafana. A malicious party could potentially exploit the vulnerabilities to perform a cross-site scripting attack, gain access to information about the system or perform a cross-site request-forgery attack. Through the latter, the malicious take over user accoun...
Vulnerabilities fixed in Schneider Electric Modicon M241/M251
Schneider Electric has fixed vulnerabilities in the CODESYS web server and gateway components of Modicon M241 and M251 controllers. An unauthenticated remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the...
Vulnerability fixed in Adobe Creative Cloud Desktop
Adobe has fixed a vulnerability in the Creative Cloud Desktop Application. A malicious party could exploit the vulnerability to execute arbitrary code with the victim's privileges. The malicious party needs to trick the victim into opening a rogue file. Adobe has released updates to fix the...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the vulnerabilit...
Vulnerability fixed in Adobe After Effects
Adobe has fixed a vulnerability in After Effects. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed several vulnerabilities in Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service, execute arbitrary code with user privileges, or to gain access to sensitive data within the scope of the application. The malicious party must to d...
Vulnerabilities fixed in Siemens products
Several vulnerabilities have been fixed in Siemens products. The vulnerabilities potentially allow a malicious party to gain access to sensitive data or cause a denial-of-service cause. To exploit the vulnerabilities, the malicious party must have access to the production environment. It is good...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows an authenticated malicious person to to execute arbitrary code. To exploit the vulnerability exploit the vulnerability, high privileges are required. Microsoft Dynamics:...
Vulnerabilities fixed in Microsoft SQL Server and Power BI
Microsoft has fixed vulnerabilities in Microsoft SQL Server and Power BI. The vulnerabilities allow a malicious party to obtain elevated user privileges. SQL Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in the Kestrel Web Server and Visual Studio Code. The vulnerabilities allow a malicious party to execute arbitrary code or cause a denial-of-service cause. The Denial-of-Service vulnerability with reference CVE-2022-21986 is located in the Kestrel web server. This...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges The vulnerability with attribute...
Vulnerability fixed in Zimbra
A vulnerability has been fixed in Zimbra. An unauthenticated malicious party could exploit the vulnerability to perform a reflected cross-site scripting attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Within Zimbra,...
Vulnerability fixed in XWiki
A vulnerability has been fixed in XWiki. A malicious party can exploit the exploit the vulnerability to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. For the vulnerabilit...
Vulnerability fixed in F5 BIG-IP
F5 has fixed a vulnerability in BIG-IP. A malicious person with rights to execute regular expressions could exploit the exploit the vulnerability to cause a denial-of-service, or potentially execute arbitrary code on the system. F5 has released updates to fix the vulnerability in BIG-IP 16.1.2,...
Vulnerability discovered in NetApp Clustered Data ONTAP
NetApp has discovered a vulnerability in Clustered Data ONTAP. The vulnerability is located in the version of the provided tool Expat and allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a Denial-of-Service. NetApp has not released any updates a...
Vulnerability fixed in Kibana
A vulnerability has been fixed in Kibana. The vulnerability allows an authenticated malicious person to perform a Cross-Site Scripting attack on users with higher privileges within the application. Elastic has made version 7.17.0 available for Kibana to fix the vulnerability. For more information...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system...
Vulnerabilities fixed in Red Hat products
Vulnerabilities have been fixed in Log4j version 1 in several Red Hat products. Log4j v1 has been End-of-Life since 2015 and it is recommended to upgrade to v2. In a number of Red Hat products Log4j v1 is still being used. These vulnerabilities allow a remote malicious person to execute arbitrary...
Vulnerability fixed in VMware Workstation, Fusion & ESXi
A vulnerability has been fixed in VMware Workstation, Fusion & ESXi. The vulnerability enables a malicious person with access to a virtual machine on which CD-ROM virtualization is enabled to able to execute arbitrary code on the hypervisor. To exploit this vulnerability, a CD image must be...
Vulnerabilities fixed in Cisco Small Business RV routers
Cisco has fixed vulnerabilities in Small Business RV routers. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerability fixed in Zoho ManageEngine Desktop Central
A vulnerability has been fixed in Zoho ManageEngine Desktop Central. The vulnerability allows a logged-in user to change passwords of other users, including users with elevated privileges. Zoho has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform
Vulnerabilities have been fixed in Red Hat JBOSS Enterprise Application Platform. The vulnerabilities allow a remote malicious person to remotely capable of causing a denial-of-service or execute arbitrary code. Red Hat has released updates to fix the vulnerabilities. More information can be foun...
Vulnerability fixed in PostgreSQL JDBC Driver
A vulnerability has been fixed in the PostgreSQL JDBC Driver. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code. The developers of the PostgreSQL JDBC Driver have released updates released updates to fix the vulnerability. More information can be...
Vulnerability fixed in Cisco Web Security Appliance
A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an authenticated malicious person with access to the management interface is able to obtain sensitive data, such as passwords, by viewing the HTML code returned by the interface. Cisco has released updates to...
Vulnerability fixed in Arista EOS
A vulnerability has been fixed in Arista EOS. Arista EOS is a Linux-based operating system installed on network equipment from Arista. With eAPI it is possible to remotely manage and configure Arista's network equipment. When authentication is based on certificates, it is possible that eAPI...
Vulnerabilities fixed in Fortinet FortiWeb
Vulnerabilities have been fixed in Fortinet FortiWeb. The vulnerabilities marked CVE-2021-36193, CVE-2021-41018 and CVE-2021-43073 allow an authenticated remote malicious person able to execute arbitrary code or commands. The vulnerability with attribute CVE-2021-42753 enables an authenticated...
Vulnerability fixed in Fortinet FortiMail
A vulnerability has been fixed in FortiMail. The vulnerability allows an unauthenticated remote malicious party to launch a Cross-Site Scripting attack by sending specially prepared HTTP GET requests to the FortiGuard URI protection service. Fortinet has released updates to fix the vulnerability...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made little technical...
Vulnerabilities fixed in IBM Cognos Controller
IBM has fixed vulnerabilities in Cognos Controller. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Use...
Vulnerability fixed in Tenable Nessus
A vulnerability has been fixed in Tenable Nessus. Nessus makes uses Underscore.js, a JavaScript library. Developers of Underscore have fixed the vulnerability with reference CVE-2021-23358 fixed. This vulnerability allows an authenticated remote malicious person to execute arbitrary code by...
Vulnerabilities fixed in IBM Spectrum Protect Plus
IBM has fixed vulnerabilities in Spectrum Protect Plus. The vulnerabilities, which include those in the Node.js and PostgreSQL components of the product, allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data...
Vulnerability fixed in XStream
A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.19 to fix the vulnerability. More information can be found on...
Vulnerability fixed in IBM Spectrum Protect Plus
IBM has fixed a vulnerability in Spectrum Protect Plus. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.9. For more information, see:...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious person to perform attacks leading to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Access to system data The vulnerability with attribute...
Vulnerability fixed in ABB OPC Server
A vulnerability has been fixed in ABB OPC Server for AC 800M. The vulnerability enables an authenticated remote malicious person to able to execute arbitrary code. ABB has released updates to fix the vulnerability. To exploit this vulnerability requires access to the network of the victim's netwo...