Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor

Vulnerabilities have been fixed in the PDF Reader and PDF Editor from Foxit. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data This...

Vulnerabilities fixed in Apple Safari

Vulnerabilities have been fixed in Apple Safari. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute arbitrary code or gain access to sensitive information. Apple has made updates available to fix the vulnerabilities fixes in Safari. For more information, se...

Vulnerability fixed in QEMU

A vulnerability has been fixed in QEMU. The vulnerability allows a local malicious person to obtain elevated privileges. The developers of QEMU have released updates to fix the vulnerability. More information can be found at the page below:...

Vulnerabilities fixed in Apple iOS and iPad OS

Vulnerabilities have been fixed in the operating systems iOS and iPadOS. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

Vulnerability found in i915 kernel driver

A researcher has found a vulnerability in the Linux i915 kernel driver. The memory cache of the i915 kernel graphics driver is not properly cleaned up. An attacker exploiting this vulnerability could cause a local denial-of-service DoS cause or gain access to system data or elevated user...

Vulnerabilities fixed in Apple macOS

Vulnerabilities have been fixed in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerability fixed in Apache Tomcat

A vulnerability has been fixed in Apache Tomcat. The vulnerability potentially allows a local malicious party to obtain the same rights obtain the same rights as the user used by the Tomcat process. used. To exploit this vulnerability, Tomcat must be configured to keep sessions active through the...

Vulnerability fixed in Micro Focus Operations Agent

A vulnerability has been fixed in Micro Focus Operational Agent. The vulnerability allows a local malicious agent to access gain access to system data. Micro Focus indicates that mitigating measures are available that eliminate the vulnerability. For more information see:...

Vulnerabilities fixed in Dell BIOS

Two vulnerabilities have been fixed in Dell products. The vulnerabilities allow a locally authenticated malicious person potentially be able to execute arbitrary code through a System Management Interupt SMI in the System Management RAM SMRAM of the device. This portion of memory is normally only...

Vulnerabilities fixed in Autodesk Inventor

Vulnerabilities have been fixed in Autodesk Inventor. The vulnerabilities potentially allow a malicious party to execute code execute code under the application's permissions. The malicious party must entice a victim to open a rogue file to do so. open. Autodesk has released updates to address th...

Vulnerability fixed in Polkit

Qualys researchers have found a vulnerability in the pkexec function of polkit. Polkit is a standard component of a large number of Linux distributions and was previously known as Policykit. Polkit controls communication between applications that elevated privileges and applications that do not...

Vulnerability found in Xerox printers

A researcher has found a vulnerability in VersaLink printers from Xerox. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. In order to exploit the vulnerability, the attacker must obtain a TIFF document with incomplete image directory...

Vulnerabilities fixed in Trend Micro Deep Security

Two vulnerabilities have been fixed in Trend Micro Deep Security Agent for Linux. The vulnerability with attribute CVE-2022-23119 can be exploited if access is gained to the Deep Security Manager or on devices on which the agent is not yet not yet activated or configured. The vulnerability with...

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in Xen. The vulnerabilities allow a malicious person to perform attacks that could potentially lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges Xen has released updates to address the vulnerabilities...

Vulnerabilities fixed in Zabbix

Vulnerabilities have been fixed in Zabbix. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User rights...

Vulnerability fixed in IBM FileNet Content Manager

A vulnerability has been fixed in IBM FileNet Content Manager. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6509840...

Vulnerability fixed in McAfee Data Loss Prevention

A vulnerability has been fixed in McAfee Data Loss Prevention DLP. The vulnerability potentially allows a malicious party to execute code on the ePolicy Orchestrator-sever ePO. The malicious party must have access to the DLP database on the ePO server. Through a blind-SQL injection, it is possibl...

Vulnerabilities fixed in Lexmark printers

Vulnerabilities have been fixed in Lexmark devices. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Remote code execution User Right...

Vulnerabilities fixed in F5 products

F5 has fixed multiple vulnerabilities in several F5 products, including BIG-IP and BIG-IQ. Most of the updates are relate to the Traffic Management Microkernel TMM, a component of virtually all BIG-IP modules. The vulnerability with reference CVE-2022-23008 concerns the NGINX Controller API...

Vulnerabilities fixed in node.js

Vulnerabilities have been fixed in node.js 12, 14 and 16. Due to a flaw in certificate handling, a remote malicious party could remotely could potentially manipulate traffic to an application running on node.js manipulate traffic to gain access to sensitive data. -= Fedora =- Fedora has made...

Fixed vulnerability in AIDE (Advanced Indtrusion Detection Environment)

A vulnerability has been fixed in AIDE Advanced Intrusion Detection Environment. Due to a flaw in the way base64 data is is processed, a local malicious agent can cause a denial-of-service cause, or potentially execute arbitrary code under the rights of the application. -= SUSE =- SUSE has made...

Vulnerabilities fixed in Drupal core

Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a remote malicious person to execute arbitrary code to execute under the application's permissions. Google typically does not release details about the vulnerabilities but marks the vulnerability with attribut...

Vulnerabilities fixed in McAfee Agent

Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially allow a malicious party to obtain elevated privileges to obtain or execute arbitrary code with the privileges of the application. McAfee has made updates available to address the vulnerabilities. fixes. For more...

Vulnerability fixed in Linux kernel

A local malicious party can, by exploiting a buffer overflow vulnerability in the Linux kernel, gain elevated privileges acquire, execute arbitrary code or cause a denial of service cause a denial of service on the vulnerable system. -= Red Hat =- Red Hat has made updates available for...

Vulnerabilities fixed in Cisco StarOS Software

Cisco has fixed vulnerabilities in StarOS, the operating system of a series of Aggregation Services Routers ASR. Because the debug mode was misconfigured, a remote malicious party may be able to access sensitive information and may be able to execute arbitrary code under the root privileges of th...

Vulnerabilities fixed in Oracle Virtualization

Oracle has fixed vulnerabilities in VM VirtualBox. A malicious party needs local access rights to exploit the vulnerabilities. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------| |...

Vulnerability fixed in Oracle Health Sciences Applications

Oracle has fixed a vulnerability in the following products: Thesaurus Management System Clinical Health Sciences Clinical Development Analytics Argus Safety Argus Insight Argus Analytics Health Sciences InForm CRF Submit Argus Mart ------------------.------.------------------------------------- |...

Vulnerability fixed in Oracle JD Edwards EnterpriseOne Tools

Oracle has fixed a vulnerability in JD Edwards EnterpriseOne Tools. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------| | CVE-2021-23337 | 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |...

Vulnerability fixed in ClamAV

A vulnerability has been fixed in ClamAV. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause by having a rogue file opened by the parser in the application. The clamscan --gen-json function must be enabled. -= ClamAV =- Cisco has released updates to f...

Vulnerabilities fixed in Oracle Supply Chain

Oracle has fixed vulnerabilities in the following products: Demantra Demand Management Agile Engineering Data Management Agile PLM MCAD Connector Agile PLM Framework Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite Rapid Planning Product Lifecycle Analytics The...

Vulnerabilities fixed in Oracle Essbase

Oracle has fixed vulnerabilities in the following products: Hyperion Essbase Hyperion Essbase Administration Services The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...

Vulnerabilities fixed in Oracle Systems

Oracle has fixed vulnerabilities in the following products: Solaris Operating System Sun ZFS Storage Appliance Kit AK Software Sun ZFS Storage Application Integration Engineering Software Fujitsu SPARC Servers Firmware The vulnerability with CVE attribute CVE-2021-2351 allows for an unauthorized...

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise CS SA Integration Pack The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in the following products: MySQL Workbench MySQL Server MySQL Cluster MySQL Connectors The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...

Vulnerabilities fixed in Oracle Siebel CRM

Oracle has fixed vulnerabilities in the Siebel UI Framework product. ------------------.------.------------------------------------- | CVE-ID | CVSS | Vector |. |------------------|------|-------------------------------------| | CVE-2021-2351 | 8.3 | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | |...

Vulnerabilities fixed in Oracle Financial Services Applications

Oracle has fixed vulnerabilities in the following Oracle Financial Services Applications products: Financial Services Analytical Applications Infrastructure FLEXCUBE Investor Servicing FLEXCUBE Private Banking Banking Platform Financial Services Behavior Detection Platform Financial Services...

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed vulnerabilities in the following products: Enterprise Manager Base Platform Application Testing Suite APM - Application Performance Management Enterprise Manager Ops Center The vulnerabilities potentially enable a malicious party to execute attacks that result in the following...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in the following Oracle Fusion Middleware products: Fusion Middleware HTTP Server Fusion Middleware MapViewer BI Publisher formerly XML Publisher BAM Business Activity Monitoring WebCenter Portal Business Intelligence Enterprise Edition Data Integrator WebLogic...

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in the following Oracle E-Business Suite products: Configurator Time and Labor iStore Trade Management Partner Management Installed Base Sourcing Project Costing The vulnerabilities enable a malicious person to carry out attacks execute attacks that result in the...

Vulnerabilities fixed in Oracle Construction and Engineering

Oracle has fixed vulnerabilities in the following products: Primavera P6 Enterprise Project Portfolio Management Primavera P6 Professional Project Management Primavera Portfolio Management Primavera Data Warehouse Primavera Analytics Primavera Unifier Instantis EnterpriseTrack Primavera Gateway T...

Vulnerabilities fixed in Oracle Communications

Oracle has fixed vulnerabilities in the following products: Communications Services Gatekeeper Communications Service Broker Communications Session Border Controller Enterprise Session Border Controller Enterprise Communications Broker Communications Operations Monitor Communications Interactive...

Vulnerabilities fixed in Oracle Communications Applications

Oracle has fixed vulnerabilities in the following Oracle Communications Applications products: Communications Billing and Revenue Management Communications Offline Mediation Controller Communications Design Studio Communications Network Integrity Communications Unified Inventory Management...

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following Oracle Database Server products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX Engineered Systems Utilities The vulnerabilities allow a malicious person to carry out attacks execute attac...

Vulnerability fixed in Oracle Java SE and GraalVM Enterprise Edition

Oracle has fixed vulnerabilities in the following products: Java SE JDK and JRE GraalVM Enterprise Edition The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of...

Vulnerabilities fixed in Expat

Developers have fixed vulnerabilities in Expat. The vulnerabilities allow a remote malicious person to perform a Denial-of-Service. To do this, the malicious party must send an XML tag with an overflow of attributes to the vulnerable XML server send or trigger an integer overflow on various...

Vulnerabilities fixed in Gitlab

Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Spoofing Accessing sensitive data O...

Vulnerability fixed in Zoho ManageEngine Desktop Central

Zoho has fixed a vulnerability in ManageEngine Desktop Central. Desktop Central is a solution used by administrators to remotely manage devices within an organization. manage. The vulnerability makes it possible for a malicious person to bypass authentication and execute arbitrary code under the...

Vulnerabilities fixed in Citrix Hypervisor

Several security issues have been fixed in Citrix Hypervisor, which may cause the host to crash or become un responsive. Citrix has released updates to fix the vulnerabilities. More information can be found on the page below: https://support.citrix.com/article/CTX335432...

Vulnerabilities fixed Juniper Junos OS

Juniper has fixed several vulnerabilities in Junos OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Increased user privileges Because these are...