4189 matches found
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Access to system...
Vulnerabilities fixed in Ubuntu kernel
Vulnerabilities have been fixed in Ubuntu kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing sensitive data Accessing system data -= Ubuntu ...
Vulnerabilities fixed in FortiSandbox
Due to a session expiration vulnerability in FortiSandbox allows a malicious party to reuse the non-expired session IDs of an administrator reuse to obtain information about other users. obtain. CVE-2020-29012 Due to a vulnerability in the input validation of the sniffer interface of FortiSandbox...
Vulnerabilities fixed in Apache Tomcat
Vulnerabilities have been fixed in Apache Tomcat that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data The developers of Apache Tomcat have made updates available made available. For more information, see the following page: https://tomcat.apache.org...
Vulnerabilities fixed in Dell iDRAC
Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...
Vulnerability fixed in Nessus agent
Nessus Agent 8.3.0 and earlier contains multiple local vulnerabilities that would allow an authenticated, local administrator to execute specific executable code on the Nessus Agent host could execute. Tenable has made updates available for Nessus to address the vulnerability. More information ca...
Vulnerabilities fixed in ArubaOS and Aruba SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Access-Points and SD-WAN Gateways. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damag...
Vulnerabilities fixed in Cisco Application Policy Infrastructure Controller (APIC).
Vulnerabilities have been fixed in Cisco Application Policy Infrastructure Controller APIC. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution Administrator/Root right...
Vulnerability fixed in Joomla! media manager
Joomla has fixed a vulnerability in the Joomla! media!! manager. Due to improper access control, a user could without being authorized to do so could delete arbitrary content from the media directory. Joomla has released updates to fix the vulnerability in Joomla! 4.0.1. For more information, see...
Vulnerability fixed in Red Hat JBoss Enterprise Application Platform
A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. A remote malicious agent could vulnerability potentially exploit it to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Autodesk Licensing Service
A vulnerability has been fixed in the Autodesk Licensing Service. This service is present on all of Autodesk's flagship products. The vulnerability allows a malicious person with local access to obtain elevated privileges. Autodesk has released updates to fix the vulnerability. More information c...
Vulnerabilities fixed in SolarWinds products
Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root privileges SQL Injection Increased user...
Vulnerability fixed in Citrix ShareFile
Citrix has fixed a vulnerability caused by the CTX269106 mitigation tool for Citrix ShareFile storage zones controller. The tool disabled encryption when it was enabled. This would have allowed data to be stored and transmitted. Citrix has released updates to fix the vulnerability. More informati...
Vulnerabilities fixed in Oracle Linux Unbreakable Enterprise kernel
Oracle has fixed vulnerabilities in the Unbreakable Enterprise Linux kernel. The vulnerabilities potentially enable a malicious person able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed vulnerabilities in Jira Server. A remote malicious person could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. The vulnerability with CVE attribute...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Connectors MySQL Server MySQL Enterprise Monitor The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in t...
Vulnerabilities fixed in Typo3
The developers of Typo3 have fixed vulnerabilities in Typo3 Core. The vulnerabilities allow a malicious party to perform Perform cross-site scripting XSS attacks. Such attacks can lead to the execution of arbitrary script code in the context of the victim's browser. In order to perform such an...
Vulnerability fixed in GitLab
A vulnerability has been fixed in GitLab. A malicious party could exploit the vulnerability to obtain sensitive information with the application's permissions through the uploading a prepared "design" file. To do this, "Large File Support" LFS must be enabled for the GitLab server or the specific...
Vulnerabilities fixed in Android
Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased user privileges As usual, Google has disclosed...
Vulnerabilities fixed in MediaWiki
Vulnerabilities have been fixed in MediaWiki. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code...
Vulnerability fixed in MISP
A vulnerability has been fixed in MISP. An unauthenticated remote malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers have...
Vulnerability fixed in XWiki
Advanced Open Source Enterprise Wiki has fixed a vulnerability fixed in XWiki. The vulnerability allows an unauthenticated malicious person able to reset a counter that tracks the number of failed login attempts to zero. This makes it possible to launch a brute-force attack. Updates have been...
Vulnerability fixed in Veeam Backup & Replication
A vulnerability has been fixed in Veeam Backup & Replication. The vulnerability potentially allows a malicious party to execute arbitrary code to execute arbitrary code because the Veeam application was vulnerable to a flaw in the deseralization logic of .NET remoting. Veeam's developers have mad...
InjectaBLE vulnerability discovered in Bluetooth Low Energy (BLE)
Researchers at the LAAS-CNRS laboratory have demonstrated the ability to obtain a be able to obtain full man-in-the-middle status from two Bluetooth Low Energy BLE devices that have an unencrypted connection have. The man-in-the-middle attack does not work on encrypted connections. However, it is...
Vulnerabilities fixed in Red Hat OpenShift
Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Red Hat ha...
Vulnerability fixed in VMware products
A vulnerability has been fixed in VMware products. The vulnerability allows a malicious party to obtain elevated privileges obtain in a Windows guest system. VMware has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in MantisBT
A vulnerability has been fixed in MantisBT. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. MantisBT has released updates to fix...
Vulnerability fixed in Pulse Connect Secure
A vulnerability has been fixed in Pulse Connect Secure. A authenticated malicious person could potentially abuse it to execute arbitrary code under root privileges. To do this, however, the user must have the rights to view a Samba SMB share via the "Windows File Share Browser" functionality. Sin...
Vulnerabilities fixed in Bosch IP Cameras
Bosch has fixed vulnerabilities in IP cameras CPP4, CPP6, CPP7, CPP13 and AVIOTEC. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, obtaining sensitive information, manipulating manipulate camera settings or perform a cross-site scripting...
Vulnerabilities fixed in Cisco Finesse
Cisco has fixed two vulnerabilities in Finesse. A unauthenticated remote malicious person could exploit the vulnerability with reference CVE-2021-1245 to perform a cross-site scripting XSS attack. Such an attack can lead to the execution of arbitrary code in the context of the browser of the...
Vulnerabilities fixed in Adobe products
Several vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The exact damage varies by...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in SAP Netweaver
Vulnerabilities have been fixed in SAP Netweaver. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Remote code execution User rights...
Vulnerability fixed in FortiGate SSL VPN Portal
FortiGuard has fixed a vulnerability in e FortiGate SSL VPN portal. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...
Vulnerabilities fixed in VMware vCenter Server
Vulnerabilities have been fixed in VMware vCenter Server. The vulnerability with reference CVE-2021-21985 allows an unauthenticated malicious person with access to port 443 of the vSphere HTML5 Client to execute under elevated privileges execute arbitrary code on both the vCenter Server and the...
Vulnerability fixed in Huawei S5700 switch series
Huawei has fixed a vulnerability in its S5700 switch series. A remote malicious person could exploit the vulnerability to cause a denial-of-service attack. Huawei categorizes this vulnerability according to the CVSSv3 method with a score of 6.5. Huawei has released updates to fix the vulnerabilit...
Vulnerability fixed in Xerox printer drivers
Xerox has fixed a vulnerability in its printer driver for Windows. A remote malicious person could, by exploiting of this vulnerability obtain elevated privileges on the vulnerable system. Few substantive details about the vulnerability have been made publicly available. Xerox has released update...
Vulnerabilities fixed in Cisco Finesse
Vulnerabilities have been fixed in Cisco Finesse. The vulnerability with reference CVE-2021-1254 allows an authenticated malicious person remotely capable of executing a Cross-Site scripting attack and thereby executing arbitrary code under the privileges of the user. The vulnerability with...
Vulnerabilities fixed in Cisco products
Cisco has fixed a local file inclusion vulnerability in ADE-OS as used to deploy Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE and Cisco Prime Infrastructure. The vulnerability with attribute CVE-2021-1306 enables a local, authenticated malicious party to able...
Vulnerability fixed in Dell Remote Access Controller (iDRAC).
A vulnerability has been fixed in Dell Remote Access Controller iDRAC. The vulnerability allows a remote malicious person to able to bypass authentication. With exploiting this vulnerability, the malicious party gains access to the virtual console of iDRAC. iDRAC is a management environment. It i...
Vulnerability fixed in Huawei CloudEngine
A vulnerability has been fixed in several Huawei CloudEngine products. The vulnerability allows a malicious party to capable of causing a denial-of-service. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Spoofing Remote code execution User rights Access to sensitive data Below is a summary of the various...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Increased user privileges Siemens categorizes...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Multiple vulnerabilities fixed in RedHat OpenShift
Red Hat has fixed multiple vulnerabilities in the jackson databind of their OpenShift Container platform for RHEL 8. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data or execute arbitrary code under the privileges of the application. Many of t...
Vulnerabilities fixed in Oracle Solaris
Vulnerabilities have been fixed in Oracle Solaris. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in WhatsApp
Vulnerabilities have been fixed in WhatsApp. A malicious party could potentially exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service. The vulnerability with CVE attribute CVE-2021-24027 only applies to applicable to WhatsApp for Android and WhatsApp Busines...
Vulnerability fixed in HP Integrated Lights Out Amplifier Pack
HP has fixed a vulnerability in Integrated Lights Out Amplifier Pack. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the...
Vulnerability found in Keycloak
A vulnerability has been found in Keycloak. The vulnerability allows a malicious person to use the new-account console to execute to execute arbitrary code. Red Hat reports that the vulnerability in version 13 of Keycloak has been fixed. At Keycloak itself, this information cannot be found found...