CIS Advisories

CIS Advisories

222 bookmarks
Custom sorting
Multiple Vulnerabilities in Citrix Products Could Allow For Disclosure Of Sensitive Data
Multiple Vulnerabilities in Citrix Products Could Allow For Disclosure Of Sensitive Data
Multiple vulnerabilities have been discovered in Citrix products, the most severe of which could allow disclosure of sensitive data. Citrix ADC performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4 - Layer 7 network traffic for web applications. Successful exploitation of the most severe of these vulnerabilities could allow for memory overread, leading to disclosure of potentially sensitive information such as authenticated session tokens. Depending on the sensitive information retrieved via this technique, the attacker may gain further access to the appliance or systems.
cisecurity.org
Multiple Vulnerabilities in Citrix Products Could Allow For Disclosure Of Sensitive Data
Multiple Vulnerabilities in Cisco ISE and ISE-PIC Could Allow for Remote Code Execution
Multiple Vulnerabilities in Cisco ISE and ISE-PIC Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Cisco ISE and ISE-PIC that could allow for remote code execution. Cisco Identity Services Engine (ISE) is a security policy management platform that provides secure access to network resources. Successful exploitation of these vulnerabilities could allow the attacker to obtain root privileges on an affected device.
cisecurity.org
Multiple Vulnerabilities in Cisco ISE and ISE-PIC Could Allow for Remote Code Execution
A Vulnerability in Grafana Could Allow for Arbitrary Code Execution
A Vulnerability in Grafana Could Allow for Arbitrary Code Execution
A vulnerability exists in Grafana which could result in arbitrary code execution. Grafana is an open-source platform used for visualizing and analyzing time series data. It allows users to connect to various data sources, query and transform data, and create interactive dashboards to monitor and explore metrics, logs, and traces. Successful exploitation could allow an attacker to run malicious plugins and take over user accounts without needing elevated privileges. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
A Vulnerability in Grafana Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla Firefox, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution
Critical Patches Issued for Microsoft Products, June 10, 2025
Critical Patches Issued for Microsoft Products, June 10, 2025
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Critical Patches Issued for Microsoft Products, June 10, 2025
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. 聽Adobe InCopy is a word processor within Adobe Creative Cloud that allows copywriters and editors to write, edit, and format text in InDesign documents, while designers work on the same file in InDesign simultaneously.Adobe Experience Manager (AEM) is a comprehensive content management system (CMS) and digital asset management (DAM) platform that helps businesses create, manage, and deliver digital experiences across multiple channels.Adobe Commerce is a comprehensive, enterprise-grade e-commerce platform, formerly known as Magento Commerce, that allows businesses to build, personalize, and manage online stores.Adobe InDesign is a professional-grade software used for desktop publishing and page layout design.Adobe Substance 3D Sampler is a 3D scanning and material creation software that transforms real-life pictures into photorealistic materials, 3D objects, and HDR environments.Adobe Acrobat Reader is a free software that serves as the industry standard for viewing, printing, and interacting with PDFs.Adobe Substance 3D Painter is a software application primarily used for texturing 3D models.聽Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
cisecurity.org
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in HPE StoreOnce Software Could Allow for Remote Code Execution
Multiple Vulnerabilities in HPE StoreOnce Software Could Allow for Remote Code Execution
Multiple Vulnerabilities have been discovered in HPE StoreOnce Software, which when chained together could allow for remote code execution, potentially leading to session hijacking and full system compromise. HPE StoreOnce is a data protection platform from Hewlett Packard Enterprise that uses deduplication to reduce backup storage requirements and improve backup and recovery speeds. Successful exploitation of these vulnerabilities could allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure.
cisecurity.org
Multiple Vulnerabilities in HPE StoreOnce Software Could Allow for Remote Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google聽Chrome聽is a web browser used to access the internet.聽Successful exploitation of the most severe of these vulnerabilities聽could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile Could Allow for Remote Code Execution
Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager Mobile, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager Mobile (EPMM) is a unified endpoint management solution that enables organizations to securely manage and monitor mobile devices, applications, and content across multiple platforms from a centralized interface. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
cisecurity.org
Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile Could Allow for Remote Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe produces software that is used for creating and publishing a wide variety of content including graphics, photography, illustration, animation, multimedia, motion pictures and print. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Critical Patches Issued for Microsoft Products, May 13, 2025
Critical Patches Issued for Microsoft Products, May 13, 2025
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Critical Patches Issued for Microsoft Products, May 13, 2025
Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Fortinet Products, the most severe of which could allow for arbitrary code execution. The products affected by vulnerabilities in this round of monthly Fortinet patches is:聽FortiADC is an application delivery controller (ADC) from Fortinet that enhances application availability, performance, and security. It offers features like load balancing, SSL/TLS offloading, web application firewalls (WAF), and global server load balancing (GSLB).FortiAnalyzer is a log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape.FortiClient Endpoint Management Server (EMS) is聽a centralized platform for managing and deploying FortiClient software on endpoints, providing visibility, policy enforcement, and compliance management for organizations using FortiClient for endpoint security.聽FortiCamera is a suite of smart, network-based video surveillance solutions offered by Fortinet.FortiManager is a comprehensive network management solution designed to streamline the administration, configuration, and monitoring of Fortinet devices across complex network environments.FortiOS is the Fortinet鈥檚 proprietary Operation System which is utilized across multiple product lines.FortiNDR is Fortinet鈥檚 network detection and response (NDR) solution which uses file-based analytics & AI to detect suspicious network activity.FortiProxy is a secure web proxy solution that enhances network security by filtering web traffic and providing advanced threat protection.FortiSIEM is a is a highly scalable multi-tenant Security Information and Event Management (SIEM) solution that provides real-time infrastructure and user awareness for accurate threat detection, analysis and reporting.FortiSwitch Manager enables network administrators to cut through the complexities of non-FortiGate-managed FortiSwitch deployments.FortiVoice is a robust communication solution that integrates voice, conferencing, and messaging services to enhance business collaboration and productivity.FortiWeb is聽a web application firewall (WAF) that protects web applications and APIs from attacks that target known and unknown exploits and helps maintain compliance with regulations.聽Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution with no additional execution privileges needed. Android is an operating system developed by Google for mobile devices, such as smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those that operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Multiple Vulnerabilities in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution
Multiple Vulnerabilities in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in SonicWall Secure Mobile Access (SMA) 100 Management Interface, which could allow for remote code execution.聽SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applications from anywhere. Successful exploitation of these vulnerabilities when chained together could allow for remote code execution, potentially leading to session hijacking and full system compromise.
cisecurity.org
Multiple Vulnerabilities in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.Mozilla Thunderbird ESR is a version of the email client intended to be deployed in large organizations.Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
A Vulnerability in SAP NetWeaver Visual Composer Could Allow for Remote Code Execution
A Vulnerability in SAP NetWeaver Visual Composer Could Allow for Remote Code Execution
A vulnerability has been discovered in SAP NetWeaver Visual Composer, which could allow for remote code execution. SAP NetWeaver Visual Composer is SAP鈥檚 web-based software modelling tool. It enables business process specialists and developers to create business application components, without coding. Successful exploitation of this vulnerability could allow for remote code execution in the context of the system.
cisecurity.org
A Vulnerability in SAP NetWeaver Visual Composer Could Allow for Remote Code Execution
A Vulnerability in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution
A Vulnerability in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution
A vulnerability has been discovered in SonicWall Secure Mobile Access (SMA) 100 Management Interface, which could allow for remote code execution. SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applications from anywhere. Successful exploitation of this vulnerability could allow for remote code execution.
cisecurity.org
A Vulnerability in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution
Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. 聽FortiAnalyzer is a log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape.FortiClient Endpoint Management Server (EMS) is聽a centralized platform for managing and deploying FortiClient software on endpoints, providing visibility, policy enforcement, and compliance management for organizations using FortiClient for endpoint security.聽FortiIsolator is聽a browser isolation solution from Fortinet designed to protect users from zero-day malware and phishing threats delivered over the web and email by creating a visual "air gap" between the user's browser and the web content.FortiManager is a comprehensive network management solution designed to streamline the administration, configuration, and monitoring of Fortinet devices across complex network environments.FortiOS is the Fortinet鈥檚 proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure web proxy solution that enhances network security by filtering web traffic and providing advanced threat protection.FortiSwitch Manager enables network administrators to cut through the complexities of non-FortiGate-managed FortiSwitch deployments.FortiVoice is a robust communication solution that integrates voice, conferencing, and messaging services to enhance business collaboration and productivity.FortiWeb is聽a web application firewall (WAF) that protects web applications and APIs from attacks that target known and unknown exploits and helps maintain compliance with regulations.聽Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution
Critical Patches Issued for Microsoft Products, April 8, 2025
Critical Patches Issued for Microsoft Products, April 8, 2025
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Critical Patches Issued for Microsoft Products, April 8, 2025
Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for Remote Code Execution
Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
cisecurity.org
Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for Remote Code Execution
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Commerce is a composable ecommerce solution that lets you quickly create global, multi-brand B2C and B2B experiences.Adobe Experience Manager (AEM) Forms is a solution within the AEM platform that allows businesses to create, manage, and deploy digital forms, integrating with back-end processes, business rules, and data for seamless customer experiences across web and mobile channels.Adobe ColdFusion is a commercial, rapid web application development platform and scripting language (CFML) that simplifies building dynamic web applications, allowing for easy integration with databases, APIs, and other systems, and supporting both on-premises and cloud deployments.Adobe After Effects is a powerful software used for creating motion graphics, visual effects, and compositing in film, television, and online content.Adobe Media Encoder is a standalone media transcoding and rendering application, part of the Adobe Creative Cloud, that allows users to convert and export video and audio files to various formats, optimize them for different platforms, and automate workflows.Adobe Bridge is a free, digital asset management software that lets you preview, organize, edit, and publish creative assets, including images, videos, and other files, quickly and easily.Adobe Premiere Pro is a professional-grade, timeline-based, non-linear video editing software used for tasks like cutting footage, adding effects, color correction, and audio mixing.Adobe Photoshop is a powerful, industry-leading raster graphics editor and image editing software developed by Adobe, used by photographers, graphic designers, and artists to create, edit, and manipulate digital images.Adobe Animate is a software application used for creating interactive animations, multimedia content, and web applications, allowing users to design animations for cartoons, banners, games, and the web.Adobe Experience Manager (AEM) Screens is a digital signage solution that allows you to create, manage, and publish dynamic and interactive digital experiences across various screens and displays in physical venues, built on top of the AEM platform.Adobe FrameMaker is a powerful, market-leading document processor and authoring tool primarily used for creating and publishing large, complex, and structured technical documentation, including manuals, online help, and other technical content, in various formats like PDF, HTML5, and more.Adobe XMP Toolkit SDK is a set of documentation and libraries that allows developers to integrate XMP (Extensible Metadata Platform) functionality into their applications, enabling them to read, write, and manipulate metadata in various file formats.聽Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
A Vulnerability in Ivanti Products Could Allow for Remote Code Execution
A Vulnerability in Ivanti Products Could Allow for Remote Code Execution
A Vulnerability has been discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways which could allow for remote code execution. 聽Ivanti Connect Secure (formerly Pulse Connect Secure) is a widely deployed SSL VPN solution that provides secure and controlled access to corporate data and applications for remote and mobile users, offering features like single sign-on, multi-factor authentication, and integration with various security frameworks.Ivanti Policy Secure (IPS) is a Network Access Control (NAC) solution that provides network access only to authorized and secured users and devices, offering comprehensive NAC management, visibility, and monitoring to protect networks and sensitive data.Ivanti Neurons for Zero Trust Access (ZTA) Gateway is a component of Ivanti's zero-trust network access solution聽Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
cisecurity.org
A Vulnerability in Ivanti Products Could Allow for Remote Code Execution
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.聽Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.聽Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in IBM AIX could allow for arbitrary code execution.
Multiple Vulnerabilities in IBM AIX could allow for arbitrary code execution.
Multiple vulnerabilities have been discovered in IBM AIX,聽the most severe of which could allow for arbitrary code execution. IBM AIX is a secure and reliable Unix operating system designed for IBM's Power Systems. It supports modern applications and provides strong security features, making it ideal for mission-critical business environments. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the affected system. Depending on the privileges associated with the account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Accounts with fewer privileges on the system could be less impacted than those with administrative user rights.
cisecurity.org
Multiple Vulnerabilities in IBM AIX could allow for arbitrary code execution.
A Vulnerability in CrushFTP Could Allow for Unauthorized Access
A Vulnerability in CrushFTP Could Allow for Unauthorized Access
A vulnerability has been discovered in CrushFTP, which could allow for unauthorized access. CrushFTP is a proprietary multi-protocol, multi-platform file transfer server. The vulnerability is mitigated if the DMZ feature of CrushFTP is in place. Successful exploitation of this vulnerability could allow an attacker to remotely control the compromised server and execute remote code.聽An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
cisecurity.org
A Vulnerability in CrushFTP Could Allow for Unauthorized Access
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability聽could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
cisecurity.org
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution