4199 matches found
Vulnerabilities fixed in Oracle Supply Chain Products Suite
Oracle has fixed vulnerabilities in the following products within the Supply Chain Products Suite: Transportation Management Agile Engineering Data Management Agile PLM Framework An unauthenticated malicious person could potentially exploit them to cause a denial-of-service. In addition the...
Vulnerabilities fixed in Oracle Fusion Middleware products
Oracle has fixed vulnerabilities in several products in the Oracle Fusion product group. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Remot...
Vulnerabilities fixed in Oracle Peoplesoft products
Oracle has fixed vulnerabilities in PeopleSoft Enterprise HCM Candidate Gateway, PeopleSoft Enterprise PT PeopleTools, PeopleSoft Enterprise CS Campus Community and PeopleSoft Enterprise HCM Shared Components. The vulnerabilities potentially enable a malicious party to able to perform attacks tha...
Vulnerability fixed in Linux kernel
A vulnerability has been fixed in the Linux kernel. The Qualys researchers have dubbed this vulnerability "Sequoia." A local malicious party can, by exploiting this vulnerability cause a local denial-of-service or they can acquire root privileges on the vulnerable system. For Qualys' research...
Vulnerabilities fixed in Oracle Siebel Suite
Oracle has fixed vulnerabilities in Siebel CRM and Siebel Apps. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Acce...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Connectors MySQL Server MySQL Enterprise Monitor The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in t...
Vulnerability fixed in FortiNet products
A vulnerability has been fixed in Fortinet FortiManager and FortiAnalyzer. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code under root privileges. To do this, a malicious party must send a specially prepared network packet to...
Fixed vulnerabilities in the Lexmark Universal Printer Driver
Lexmark has fixed vulnerabilities in the Universal Printer Driver. A local malicious person with rights to install/activate new printers could install/activate, could exploit the vulnerabilities to execute arbitrary code with SYSTEM privileges. Lexmark has released updates to fix the...
Vulnerability fixed in Juniper Junos OS
Two vulnerabilities have been fixed in Juniper JunOS. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To do this, an attacker needs to send valid network traffic in a specific sequence to the device. The traffic should be destined for the Junip...
Vulnerabilities fixed in Aruba AOS-CX switches
Vulnerabilities have been fixed in Aruba AOS-CX switches. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Remote code execution Administrator/Root privileges The...
Vulnerabilities fixed in Typo3
The developers of Typo3 have fixed vulnerabilities in Typo3 Core. The vulnerabilities allow a malicious party to perform Perform cross-site scripting XSS attacks. Such attacks can lead to the execution of arbitrary script code in the context of the victim's browser. In order to perform such an...
Vulnerabilities fixed in Citrix ADC, Gateway and SDWAN WAN-OP
Citrix has fixed vulnerabilities in Citrix ADC formerly NetScaler ADC, Gateway formerly NetScaler Gateway and SDWAN WAN-OP. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data by taking over sessions. To cause a Denial-of-Service, the...
Vulnerabilities fixed in IBM Tivoli Monitoring
Vulnerabilities have been fixed in the IBM WebSphere Application Server as part of IBM Tivoli Monitoring. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data Access to system data IB...
Vulnerability found in Microsoft Printer Spooler service
Microsoft has found a vulnerability in the Printer Spooler service. A local malicious person with the ability to execute code under user privileges to execute code could potentially exploit it to execute arbitrary code under SYSTEM privileges. It is as yet unknown in which versions of Windows the...
Vulnerability fixed in Cisco ASA
Cisco has fixed a vulnerability in Cisco ASA. A authenticated remote malicious party can exploit the vulnerability exploit the vulnerability to cause a denial-of-service on the system. To do this, the malicious party must send specially prepared network traffic to the vulnerable system. Cisco has...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A unauthenticated remote malicious person can exploit the vulnerabilities potentially exploit them to execute arbitrary code under permissions of the application. As usual, few substantive details about the vulnerabilities disclosed. Google...
Vulnerabilities fixed in Icinga Web
Vulnerabilities have been fixed in Icinga Web. A malicious person could exploit the vulnerabilities to gain access to sensitive data, including login credentials to underlying systems such as Databases. Also, a malicious party could potentially cause a Denial-of-Service cause. Icinga has released...
Vulnerability fixed in NetBSD
The developers of NetBSD have fixed a vulnerability in kernfs. The vulnerability allows an authenticated malicious person to able to read any files on the file system, including files both system and userspace for which the malicious party is not originally authorized. No CVE ID has been disclose...
Vulnerabilities fixed in Linux kernel
Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Increased use...
Vulnerabilities fixed in Juniper products
Juniper has fixed vulnerabilities in Junos OS, Junos OS Evolved and PTX, QTX, MX, EX9200 and SRX4600 devices. The vulnerabilities potentially enable a malicious party to launch attacks leading to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote...
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed vulnerabilities in Bridge. A malicious person could potentially exploit the vulnerabilities to execute arbitrary code under a user's privileges or to gain access to files on the vulnerable system. Adobe has released updates to fix the vulnerabilities in Bridge 11.1. For more...
Vulnerability fixed in Citrix Virtual Apps and Desktops
Citrix has fixed a vulnerability in Virtual Apps and Desktops, XenApp and XenDesktop. A local malicious party could by exploiting this vulnerability within a Windows VDA acquire elevated privileges. The vulnerability resides only in systems using Citrix Profile Management or the Citrix Profile...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code under a user's privileges or to gain access to files on the vulnerable system. Adobe has released updates to fix the vulnerabilities in Illustrator 25.3. For...
Vulnerability fixed in Adobe Framemaker
Adobe has fixed a vulnerability in Framemaker. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. Adobe has released updates to fix the vulnerability in Framemaker 2019 Update 8 and 2020 Update 2. For more information, see:...
Vulnerabilities fixed in Adobe Acrobat
Adobe has fixed vulnerabilities in Acrobat, Acrobat DC and Acrobat Reader. The vulnerabilities potentially enable a malicious person able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Increase...
Vulnerabilities fixed in VMware ESXi
VMware has fixed two vulnerabilities in ESXi. The vulnerability with reference CVE-2021-21994 is located in the Small Footprint CIM Broker SFCB and allows a remote malicious person to bypass authentication. This requires rogue network traffic be sent to port 5989 of the ESXi server. The...
Vulnerabilities fixed in QEMU
Vulnerabilities have been fixed in QEMU. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution with privileges of the QEMU process Access to sensitive data Access to...
Vulnerabilities fixed in Mozilla Thunderbird
Mozilla has fixed vulnerabilities in Thunderbird. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed vulnerabilities in Identity Services Engine ISE. An authenticated malicious person could exploit the vulnerabilities on the management interface to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser us...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Dynamics Business Central Control. A malicious party could potentially exploit it to execute arbitrary code under the privileges of the application on the underlying operating system. Microsoft has made updates available that fix the described vulnerability...
Vulnerability fixed in Microsoft Power BI
A vulnerability has been fixed in the Microsoft Power BI application. A malicious party could potentially abuse it to execute arbitrary code with elevated privileges. Microsoft has made updates available that fix the described vulnerability described. We recommend that you install these updates...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Acces...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service Circumvention of security measure Executing arbitrary code Accessing...
Vulnerabilities fixed in Microsoft Exchange
Vulnerabilities have been fixed in Microsoft Exchange. Microsoft indicates that the vulnerabilities with reference CVE-2021-34523 and CVE-2021-34473 were already fixed in the April updates but this has been now being administered. Below is a summary of the various vulnerabilities described for ea...
Vulnerabilities Fixed in Microsoft Malware Protection Engine
Microsoft has fixed vulnerabilities in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. A local malicious agent could vulnerabilities potentially exploit them to execute code under elevated privileges execute code. Windows...
Vulnerability fixed in Siemens SIMIT
Siemens has fixed a vulnerability in SIMIT. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or to gain access to data stored in system memory. For this vulnerability, Proof-of-Concept code is publicly available. Siemens has released updates to fix the...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Spoofing Accessing sensitive data Microsoft Offic...
Actively exploited vulnerability fixed in ForgeRock AM
ForgeRock has fixed a vulnerability in ForgeRock Access Manager AM. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code under the application's permissions. To do this, malicious network traffic should be sent to a...
Vulnerabilities fixed in Siemens Scalance and Ruggedcom
Siemens has fixed vulnerabilities in Scalance and Ruggedcom products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Access to sensitive data Siemens has...
Vulnerabilities fixed in Siemens SIMATIC
Siemens has fixed vulnerabilities in Simatic products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Mozilla has...
Vulnerability fixed in OpenVPN
A vulnerability has been fixed in OpenVPN. The vulnerability allows a malicious party in a Man-in-the-Middle position to be able to bypass certificate-based authentication. To do so the malicious party must generate its own server certificate containing containing the hostname as it appears in th...
Vulnerabilities fixed in Esri ArcGIS Server
Esri has fixed vulnerabilities in ArcGIS Server. A malicious party could exploit the vulnerabilities to perform of a Same-Site Request Forgery SSRF or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application visite...
Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus
IBM has fixed vulnerabilities in the web interface of Tivoli Netcool/OMNIbus. An authenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visi...
Vulnerability fixed in NetIQ Advanced Authentication
Micro Focus has fixed a vulnerability in NetIQ Advanced Authentication. The vulnerability allows a malicious party to bypass bypass multi-factor authentication. No substantive details about this vulnerability made publicly available. Micro Focus has released updates to fix the vulnerability fix i...
Vulnerability fixed in GitLab
A vulnerability has been fixed in GitLab. A malicious party could exploit the vulnerability to obtain sensitive information with the application's permissions through the uploading a prepared "design" file. To do this, "Large File Support" LFS must be enabled for the GitLab server or the specific...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js and npm. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service in the npm client or within a service that uses node.js. Also, by exploiting the vulnerability with CVE attribute CVE-2021-22921 SYSTEM privileges gain...
Vulnerability fixed in SonicWall network switches
SonicWall has fixed a vulnerability in several network switches. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause or read system memory. The vulnerability resides in the way LLDP network traffic is processed...
Vulnerabilities fixed in Kaseya Virtual System Administrator (VSA)
Vulnerabilities have been fixed in Kaseya VSA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights SQL Injection Access to sensitive data...
Vulnerabilities fixed in FortiMail
Fortinet has fixed vulnerabilities in FortiMail. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution Access to sensitive data Increased user privileges Fortinet ha...