4207 matches found
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerabilities fixed in Microsoft SQL Server and Power BI
Microsoft has fixed vulnerabilities in Microsoft SQL Server and Power BI. The vulnerabilities allow a malicious party to obtain elevated user privileges. SQL Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows an authenticated malicious person to to execute arbitrary code. To exploit the vulnerability exploit the vulnerability, high privileges are required. Microsoft Dynamics:...
Vulnerabilities fixed in Siemens products
Several vulnerabilities have been fixed in Siemens products. The vulnerabilities potentially allow a malicious party to gain access to sensitive data or cause a denial-of-service cause. To exploit the vulnerabilities, the malicious party must have access to the production environment. It is good...
Vulnerability fixed in Zimbra
A vulnerability has been fixed in Zimbra. An unauthenticated malicious party could exploit the vulnerability to perform a reflected cross-site scripting attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Within Zimbra,...
Vulnerability discovered in NetApp Clustered Data ONTAP
NetApp has discovered a vulnerability in Clustered Data ONTAP. The vulnerability is located in the version of the provided tool Expat and allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a Denial-of-Service. NetApp has not released any updates a...
Vulnerability fixed in XWiki
A vulnerability has been fixed in XWiki. A malicious party can exploit the exploit the vulnerability to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. For the vulnerabilit...
Vulnerability fixed in F5 BIG-IP
F5 has fixed a vulnerability in BIG-IP. A malicious person with rights to execute regular expressions could exploit the exploit the vulnerability to cause a denial-of-service, or potentially execute arbitrary code on the system. F5 has released updates to fix the vulnerability in BIG-IP 16.1.2,...
Vulnerability fixed in Kibana
A vulnerability has been fixed in Kibana. The vulnerability allows an authenticated malicious person to perform a Cross-Site Scripting attack on users with higher privileges within the application. Elastic has made version 7.17.0 available for Kibana to fix the vulnerability. For more information...
Vulnerability fixed in VMware Workstation, Fusion & ESXi
A vulnerability has been fixed in VMware Workstation, Fusion & ESXi. The vulnerability enables a malicious person with access to a virtual machine on which CD-ROM virtualization is enabled to able to execute arbitrary code on the hypervisor. To exploit this vulnerability, a CD image must be...
Vulnerabilities fixed in Red Hat products
Vulnerabilities have been fixed in Log4j version 1 in several Red Hat products. Log4j v1 has been End-of-Life since 2015 and it is recommended to upgrade to v2. In a number of Red Hat products Log4j v1 is still being used. These vulnerabilities allow a remote malicious person to execute arbitrary...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system...
Vulnerability fixed in PostgreSQL JDBC Driver
A vulnerability has been fixed in the PostgreSQL JDBC Driver. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code. The developers of the PostgreSQL JDBC Driver have released updates released updates to fix the vulnerability. More information can be...
Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform
Vulnerabilities have been fixed in Red Hat JBOSS Enterprise Application Platform. The vulnerabilities allow a remote malicious person to remotely capable of causing a denial-of-service or execute arbitrary code. Red Hat has released updates to fix the vulnerabilities. More information can be foun...
Vulnerability fixed in Zoho ManageEngine Desktop Central
A vulnerability has been fixed in Zoho ManageEngine Desktop Central. The vulnerability allows a logged-in user to change passwords of other users, including users with elevated privileges. Zoho has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Cisco Small Business RV routers
Cisco has fixed vulnerabilities in Small Business RV routers. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerability fixed in Cisco Web Security Appliance
A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an authenticated malicious person with access to the management interface is able to obtain sensitive data, such as passwords, by viewing the HTML code returned by the interface. Cisco has released updates to...
Vulnerability fixed in Arista EOS
A vulnerability has been fixed in Arista EOS. Arista EOS is a Linux-based operating system installed on network equipment from Arista. With eAPI it is possible to remotely manage and configure Arista's network equipment. When authentication is based on certificates, it is possible that eAPI...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made little technical...
Vulnerability fixed in Fortinet FortiMail
A vulnerability has been fixed in FortiMail. The vulnerability allows an unauthenticated remote malicious party to launch a Cross-Site Scripting attack by sending specially prepared HTTP GET requests to the FortiGuard URI protection service. Fortinet has released updates to fix the vulnerability...
Vulnerabilities fixed in Fortinet FortiWeb
Vulnerabilities have been fixed in Fortinet FortiWeb. The vulnerabilities marked CVE-2021-36193, CVE-2021-41018 and CVE-2021-43073 allow an authenticated remote malicious person able to execute arbitrary code or commands. The vulnerability with attribute CVE-2021-42753 enables an authenticated...
Vulnerability fixed in XStream
A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.19 to fix the vulnerability. More information can be found on...
Vulnerability fixed in Tenable Nessus
A vulnerability has been fixed in Tenable Nessus. Nessus makes uses Underscore.js, a JavaScript library. Developers of Underscore have fixed the vulnerability with reference CVE-2021-23358 fixed. This vulnerability allows an authenticated remote malicious person to execute arbitrary code by...
Vulnerabilities fixed in IBM Cognos Controller
IBM has fixed vulnerabilities in Cognos Controller. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Use...
Vulnerabilities fixed in IBM Spectrum Protect Plus
IBM has fixed vulnerabilities in Spectrum Protect Plus. The vulnerabilities, which include those in the Node.js and PostgreSQL components of the product, allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious person to perform attacks leading to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Access to system data The vulnerability with attribute...
Vulnerability fixed in IBM Spectrum Protect Plus
IBM has fixed a vulnerability in Spectrum Protect Plus. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.9. For more information, see:...
Vulnerability fixed in ABB OPC Server
A vulnerability has been fixed in ABB OPC Server for AC 800M. The vulnerability enables an authenticated remote malicious person to able to execute arbitrary code. ABB has released updates to fix the vulnerability. To exploit this vulnerability requires access to the network of the victim's netwo...
Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor
Vulnerabilities have been fixed in the PDF Reader and PDF Editor from Foxit. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data This...
Vulnerability fixed in QEMU
A vulnerability has been fixed in QEMU. The vulnerability allows a local malicious person to obtain elevated privileges. The developers of QEMU have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerabilities fixed in Apple iOS and iPad OS
Vulnerabilities have been fixed in the operating systems iOS and iPadOS. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...
Vulnerabilities fixed in Apple Safari
Vulnerabilities have been fixed in Apple Safari. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute arbitrary code or gain access to sensitive information. Apple has made updates available to fix the vulnerabilities fixes in Safari. For more information, se...
Vulnerability fixed in Apache Tomcat
A vulnerability has been fixed in Apache Tomcat. The vulnerability potentially allows a local malicious party to obtain the same rights obtain the same rights as the user used by the Tomcat process. used. To exploit this vulnerability, Tomcat must be configured to keep sessions active through the...
Vulnerabilities fixed in Apple macOS
Vulnerabilities have been fixed in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerability found in i915 kernel driver
A researcher has found a vulnerability in the Linux i915 kernel driver. The memory cache of the i915 kernel graphics driver is not properly cleaned up. An attacker exploiting this vulnerability could cause a local denial-of-service DoS cause or gain access to system data or elevated user...
Vulnerability fixed in Micro Focus Operations Agent
A vulnerability has been fixed in Micro Focus Operational Agent. The vulnerability allows a local malicious agent to access gain access to system data. Micro Focus indicates that mitigating measures are available that eliminate the vulnerability. For more information see:...
Vulnerabilities fixed in Dell BIOS
Two vulnerabilities have been fixed in Dell products. The vulnerabilities allow a locally authenticated malicious person potentially be able to execute arbitrary code through a System Management Interupt SMI in the System Management RAM SMRAM of the device. This portion of memory is normally only...
Vulnerability fixed in Polkit
Qualys researchers have found a vulnerability in the pkexec function of polkit. Polkit is a standard component of a large number of Linux distributions and was previously known as Policykit. Polkit controls communication between applications that elevated privileges and applications that do not...
Vulnerabilities fixed in Autodesk Inventor
Vulnerabilities have been fixed in Autodesk Inventor. The vulnerabilities potentially allow a malicious party to execute code execute code under the application's permissions. The malicious party must entice a victim to open a rogue file to do so. open. Autodesk has released updates to address th...
Vulnerability found in Xerox printers
A researcher has found a vulnerability in VersaLink printers from Xerox. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. In order to exploit the vulnerability, the attacker must obtain a TIFF document with incomplete image directory...
Vulnerabilities fixed in Trend Micro Deep Security
Two vulnerabilities have been fixed in Trend Micro Deep Security Agent for Linux. The vulnerability with attribute CVE-2022-23119 can be exploited if access is gained to the Deep Security Manager or on devices on which the agent is not yet not yet activated or configured. The vulnerability with...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in Xen. The vulnerabilities allow a malicious person to perform attacks that could potentially lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges Xen has released updates to address the vulnerabilities...
Vulnerability fixed in McAfee Data Loss Prevention
A vulnerability has been fixed in McAfee Data Loss Prevention DLP. The vulnerability potentially allows a malicious party to execute code on the ePolicy Orchestrator-sever ePO. The malicious party must have access to the DLP database on the ePO server. Through a blind-SQL injection, it is possibl...
Vulnerability fixed in IBM FileNet Content Manager
A vulnerability has been fixed in IBM FileNet Content Manager. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6509840...
Vulnerabilities fixed in Zabbix
Vulnerabilities have been fixed in Zabbix. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerabilities fixed in Lexmark printers
Vulnerabilities have been fixed in Lexmark devices. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Remote code execution User Right...
Vulnerabilities fixed in node.js
Vulnerabilities have been fixed in node.js 12, 14 and 16. Due to a flaw in certificate handling, a remote malicious party could remotely could potentially manipulate traffic to an application running on node.js manipulate traffic to gain access to sensitive data. -= Fedora =- Fedora has made...
Vulnerabilities fixed in F5 products
F5 has fixed multiple vulnerabilities in several F5 products, including BIG-IP and BIG-IQ. Most of the updates are relate to the Traffic Management Microkernel TMM, a component of virtually all BIG-IP modules. The vulnerability with reference CVE-2022-23008 concerns the NGINX Controller API...
Vulnerabilities fixed in Drupal core
Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...
Fixed vulnerability in AIDE (Advanced Indtrusion Detection Environment)
A vulnerability has been fixed in AIDE Advanced Intrusion Detection Environment. Due to a flaw in the way base64 data is is processed, a local malicious agent can cause a denial-of-service cause, or potentially execute arbitrary code under the rights of the application. -= SUSE =- SUSE has made...