4179 matches found
Vulnerability fixed in Cisco Meeting Server
A vulnerability has been fixed in Cisco Meeting Server. The vulnerability has been labeled CVE-2021-40122 and allows an unauthenticated remote malicious party to cause a Denial-of-Service DoS attack. By sending a large amount of messages to the vulnerable API Call Bridge, a malicious party can...
Vulnerabilities fixed in Cisco Identity Services Engine (ISE).
A vulnerability has been fixed in Cisco Identity Services Engine ISE. The vulnerability allows an unauthenticated malicious person able to execute arbitrary code under privileges of the application. To do this, the malicious party must trick the victim into upload a malicious file in the browser...
Vulnerabilities fixed in Nitro Pro PDF
Vulnerabilities have been fixed in Nitro Pro PDF. The vulnerabilities allow an unauthenticated remote malicious person to opportunity to execute arbitrary code under the privileges of the application. To do this, the malicious agent must trick the victim to open a malicious file. Nitro Software...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in the following products: Operations Intelligence Applications Manager Payables Incentive Compensation Mobile Field Service Trade Management Universal Work Queue Shipping Execution Sales Offline Content Manager Applications Framework Web Analytics Deal Management...
Vulnerabilities fixed in Oracle Essbase
Oracle has fixed vulnerabilities in Hyperion Essbase Administration Services. The vulnerabilities allow a malicious potentially be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to...
Vulnerabilities fixed in Oracle Communications products
Oracle has fixed vulnerabilities in the following Communications products: Communications Services Gatekeeper Communications Converged Application Server - Service Controller Communications Session Border Controller Enterprise Communications Broker Communications Operations Monitor Communications...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in the following products: Enterprise Manager for Oracle Database Enterprise Manager Base Platform Application Testing Suite APM - Application Performance Management Enterprise Manager Ops Center The vulnerabilities potentially enable a malicious party to execute...
Vulnerabilities fixed in Oracle Systems Solaris, ZFS Storage Appliance Kit and Ethernet switches
Oracle has fixed vulnerabilities in Solaris, ZFS Storage Appliance Kit and ES2-64 and ES2-72 switches. The vulnerabilities potentially enable a malicious party to launch attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Oracle Fusion Middleware products: HTTP Server BAM Business Activity Monitoring WebCenter Portal Business Intelligence Enterprise Edition Real-Time Decision Server Data Integrator Outside In Technology WebLogic Server Enterprise Repository...
Vulnerability fixed in Huawei S5700 switch series
Huawei has fixed a vulnerability in its S5700 switch series. A remote malicious person could exploit the vulnerability to cause a denial-of-service attack. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in the following products: Financial Services Analytical Applications Infrastructure FLEXCUBE Core Banking Banking Platform Banking Enterprise Default Management Banking Virtual Account Management Financial Services Enterprise Case Management Banking Corporate...
Vulnerabilities fixed in Oracle Supply Chain Suite products
Oracle has fixed vulnerabilities in the following Supply Chain Suite products: Transportation Management Autovue for Agile Product Lifecycle Management Agile PLM Framework The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Spatial and Graph Application Express APEX Engineered Systems Utilities The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...
Vulnerabilities fixed in Google Chrome
Google has released version 95.0.4638.54 of Chrome for Windows, MacoOS and Linux. A malicious party could potentially exploit them to cause a Denial-of-Service, or for executing arbitrary code in the context of the browser. Google has released updates to fix the vulnerabilities in Chrome...
Vulnerabilities fixed in Oracle Peoplesoft products
Oracle has fixed vulnerabilities in the following PeopleSoft products: PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise CS SA Integration Pack PeopleSoft Enterprise SCM Purchasing PeopleSoft Enterprise CS Academic Advisement PeopleSoft Enterprise CS Student Records. PeopleSoft Enterpris...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in the following JD Edwards products: JD Edwards EnterpriseOne Tools JD Edwards World Security JD Edwards EnterpriseOne Orchestrator The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...
Vulnerabilities fixed in Oracle Virtualization products
Oracle has fixed vulnerabilities in Secure Global Desktop and VirtualBox. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Gain access to VM Accessing sensitive data Accessing system data...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following MySQL products: MySQL Workbench MySQL Server MySQL Cluster MySQL Enterprise Monitor MySQL Connectors The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service D...
Vulnerabilities fixed in Oracle Communications Applications
Oracle has fixed vulnerabilities in the following Communications Applications products: Communications Billing and Revenue Management Communications MetaSolv Solution Communications Offline Mediation Controller Communications Design Studio Communications Calendar Server Communications Messaging...
Vulnerabilities fixed in Oracle Java SE and GraalVM
Oracle has fixed vulnerabilities in Java SE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Circumvention of security measure. Denial-of-Service DoS. Remote code execution User Rights Acces...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denail-Of-Service DOS. Remote code execution User Rights Provide elevated privileges Accessing sensitive data...
Vulnerabilities fixed in Trend Micro Apex One
Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service or execute arbitrary code with SYSTEM privileges. Trend Micro has released updates to address the vulnerabilities fixes in Apex One. For more...
Vulnerability fixed in OTRS
A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. OTRS uses the deprecated npm module "resolve-url-loader" which is depends on the module "postcs" and is vulnerable to the ReDoS attack. OTRS has...
Vulnerability fixed in Palo Alto Networks GlobalProtect
A vulnerability has been fixed in Palo Alto Networks GlobalProtect app. A malicious party could potentially exploit it to perform a man-in-the-middle attack or to execute execute arbitrary code under SYSTEM privileges. Palo Alto Networks has released updates to fix the vulnerability fix in...
Vulnerabilities fixed in IBM Cognos
IBM has fixed vulnerabilities in Cognos. The vulnerabilities allow a remote malicious person to manipulate data manipulate. To do so, the malicious party must induce the victim to run rogue Java Web Start applications or rogue Java applets. execute. IBM has released updates to fix the...
Vulnerabilities fixed in Oracle Linux kernel
Vulnerabilities have been fixed in the Oracle Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user privileges...
Vulnerabilities fixed in Juniper Junos OS
Vulnerabilities have been fixed in Juniper Junos OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Increased user rights Juniper...
Vulnerabilities fixed in Foxit products
Vulnerabilities have been fixed in Foxit products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Foxit has released updates to fix the vulnerabilitie...
Vulnerability fixed in Acrobat Reader Mobile
Adobe has fixed a vulnerability in Acrobat Reader Mobile for Android. A remote malicious person could potentially exploit it to execute arbitrary code with permissions from the user. The malicious party must trick the victim into opening a rogue PDF document to open. Adobe has released updates to...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Vulnerabilities have been fixed in Aruba ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Bypassing authentication. Bypassing security measure Remote code execution Administrator/Root...
Vulnerabilities fixed in Acrobat Reader
Acrobat has fixed vulnerabilities in Acrobat Reader. A unauthenticated malicious person could potentially abuse them to obtain elevated privileges or to execute arbitrary code with application privileges. To exploit the vulnerabilities, the malicious party must entice the victim to open a rogue P...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed two vulnerabilities in Adobe Connect. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to execute arbitrary code with permissions of the application. Adobe has released updates to fix the vulnerabilities in Connect 11.2.3. For mo...
Vulnerability fixed in SonicOS
SonicWall has fixed a vulnerability in SonicOS. A malicious party could potentially exploit the vulnerability to send a user on the vulnerable SonicWall system via a header redirection to a rogue website under the control of the malicious party's control. However, the rogue website and the...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Circumvention of authentication Remote code executio...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution User Rights Spoofing Access to sensitive data The vulnerability with reference...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Microsoft Dynamics. The vulnerabilities allow a malicious party to launch a Cross-Site Scripting attack and the malicious party can then impersonate then impersonate another user. Microsoft indicates That for the vulnerability with attribute CVE-2021-40457...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities potentially enable a malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Impersonating another user Executing arbitrary code Administrator/Root...
Vulnerability fixed in Apple iOS and iPadOS
Apple has fixed a vulnerability in iOS and iPadOS. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with kernel privileges and thus access gain access to sensitive information or possibly install more malware install. Apple reports receiving reports...
Vulnerability fixed in Microsoft System Center Operations Manager
Microsoft has fixed a vulnerability in System Center Operations Manager SCOM. The vulnerability allows a malicious remotely able to view files. The vulnerability is only exploitable on SCOM systems that have the web console installed. System Center:...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Microsoft Visual Studio. The vulnerabilities allow a malicious person to perform attacks execute attacks that result in the following categories of damage: Access to sensitive data. Spoofing, Denial-of-Service DoS The vulnerabilities with characteristics...
Vulnerability fixed in Grafana Enterprise
A vulnerability has been fixed in the Snapshot functionality of Grafana. A malicious party could exploit the vulnerability to obtain sensitive information that should not have been shared with them should have been shared. Under certain circumstances, when "publicmode" is configured, an...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows and Hyper-V. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of securit...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Access to system...
Vulnerability fixed in Huawei CloudEngine
Huawei has fixed a vulnerability in their CloudEngine series of switches. An unauthenticated malicious person on the same network could exploit the vulnerability to cause a denial-of-service cause. Huawei has released updates to fix the vulnerability in CloudEngine. For more information, see:...
Vulnerabilities fixed in IBM FileNet Content manager
IBM has fixed two vulnerabilities in the PDFBox module in the FileNet Content Manager. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service by tricking a victim into processing a rogue PDF file or have it processed. IBM has released updates to...
Vulnerabilities fixed in Google Chrome
Google has released version 94.0.4606.81 of Chrome for Windows, MacoOS and Linux. In this version, four vulnerabilities are fixed. A malicious party could potentially exploit them to cause a denial-of-service, or to executing arbitrary code in the context of the browser. Google has released updat...
Vulnerability fixed in Cisco Anyconnect Secure Client
Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client for linux and macOS. A locally authenticated malicious party could exploit the vulnerability to load a rogue shared library, which allows the malicious party to execute arbitrary code execute with root privileges and gain access...
Vulnerability fixed in Cisco Email Security Appliance
Cisco has fixed a vulnerability in the Email Security Appliance. An unauthenticated malicious person could exploit the vulnerability to use a specially prepared URL to still bypass the URL Reputation filters and, in effect, the entire filtering system. The integrity or continuity of the Appliance...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed vulnerabilities in the Identity Services Engine ISE. A malicious party could potentially exploit the vulnerabilities to obtain sensitive data, or execute arbitrary code with root privileges. To obtain sensitive data, the malicious party must be authenticated to the management...
Vulnerability fixed in Typo3
The developers of Typo3 have fixed a vulnerability in Typo3 core. An unauthenticated malicious person could potentially exploit the vulnerability potentially exploit it to perform a Cross-site Request Forgery and thereby trick a victim into execute code under the malicious party's control. In the...