4190 matches found
Vulnerabilities fixed in Dell iDRAC
Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...
Vulnerability fixed in Nessus agent
Nessus Agent 8.3.0 and earlier contains multiple local vulnerabilities that would allow an authenticated, local administrator to execute specific executable code on the Nessus Agent host could execute. Tenable has made updates available for Nessus to address the vulnerability. More information ca...
Vulnerabilities fixed in ArubaOS and Aruba SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Access-Points and SD-WAN Gateways. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damag...
Vulnerabilities fixed in Cisco Application Policy Infrastructure Controller (APIC).
Vulnerabilities have been fixed in Cisco Application Policy Infrastructure Controller APIC. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution Administrator/Root right...
Vulnerability fixed in Joomla! media manager
Joomla has fixed a vulnerability in the Joomla! media!! manager. Due to improper access control, a user could without being authorized to do so could delete arbitrary content from the media directory. Joomla has released updates to fix the vulnerability in Joomla! 4.0.1. For more information, see...
Vulnerability fixed in Red Hat JBoss Enterprise Application Platform
A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. A remote malicious agent could vulnerability potentially exploit it to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Autodesk Licensing Service
A vulnerability has been fixed in the Autodesk Licensing Service. This service is present on all of Autodesk's flagship products. The vulnerability allows a malicious person with local access to obtain elevated privileges. Autodesk has released updates to fix the vulnerability. More information c...
Vulnerability fixed in Citrix ShareFile
Citrix has fixed a vulnerability caused by the CTX269106 mitigation tool for Citrix ShareFile storage zones controller. The tool disabled encryption when it was enabled. This would have allowed data to be stored and transmitted. Citrix has released updates to fix the vulnerability. More informati...
Vulnerabilities fixed in SolarWinds products
Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root privileges SQL Injection Increased user...
Vulnerabilities fixed in Oracle Linux Unbreakable Enterprise kernel
Oracle has fixed vulnerabilities in the Unbreakable Enterprise Linux kernel. The vulnerabilities potentially enable a malicious person able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed vulnerabilities in Jira Server. A remote malicious person could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. The vulnerability with CVE attribute...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Connectors MySQL Server MySQL Enterprise Monitor The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in t...
Vulnerability fixed in GitLab
A vulnerability has been fixed in GitLab. A malicious party could exploit the vulnerability to obtain sensitive information with the application's permissions through the uploading a prepared "design" file. To do this, "Large File Support" LFS must be enabled for the GitLab server or the specific...
Vulnerability fixed in SonicWall network switches
SonicWall has fixed a vulnerability in several network switches. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause or read system memory. The vulnerability resides in the way LLDP network traffic is processed...
Vulnerabilities fixed in Android
Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased user privileges As usual, Google has disclosed...
Vulnerabilities fixed in MediaWiki
Vulnerabilities have been fixed in MediaWiki. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code...
Vulnerability fixed in MISP
A vulnerability has been fixed in MISP. An unauthenticated remote malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers have...
Vulnerability fixed in XWiki
Advanced Open Source Enterprise Wiki has fixed a vulnerability fixed in XWiki. The vulnerability allows an unauthenticated malicious person able to reset a counter that tracks the number of failed login attempts to zero. This makes it possible to launch a brute-force attack. Updates have been...
InjectaBLE vulnerability discovered in Bluetooth Low Energy (BLE)
Researchers at the LAAS-CNRS laboratory have demonstrated the ability to obtain a be able to obtain full man-in-the-middle status from two Bluetooth Low Energy BLE devices that have an unencrypted connection have. The man-in-the-middle attack does not work on encrypted connections. However, it is...
Vulnerabilities fixed in Red Hat OpenShift
Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Red Hat ha...
Vulnerability fixed in VMware products
A vulnerability has been fixed in VMware products. The vulnerability allows a malicious party to obtain elevated privileges obtain in a Windows guest system. VMware has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Pulse Connect Secure
A vulnerability has been fixed in Pulse Connect Secure. A authenticated malicious person could potentially abuse it to execute arbitrary code under root privileges. To do this, however, the user must have the rights to view a Samba SMB share via the "Windows File Share Browser" functionality. Sin...
Vulnerability fixed in MantisBT
A vulnerability has been fixed in MantisBT. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. MantisBT has released updates to fix...
Vulnerabilities fixed in Cisco Finesse
Cisco has fixed two vulnerabilities in Finesse. A unauthenticated remote malicious person could exploit the vulnerability with reference CVE-2021-1245 to perform a cross-site scripting XSS attack. Such an attack can lead to the execution of arbitrary code in the context of the browser of the...
Vulnerabilities fixed in Bosch IP Cameras
Bosch has fixed vulnerabilities in IP cameras CPP4, CPP6, CPP7, CPP13 and AVIOTEC. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, obtaining sensitive information, manipulating manipulate camera settings or perform a cross-site scripting...
Vulnerabilities fixed in Adobe products
Several vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The exact damage varies by...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in Citrix ADC and Citrix Gateway
Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2020-8299 potentially exploit it to cause a denial-of-service from the same local network segment. The vulnerability with CVE attribute...
Vulnerabilities fixed in SAP Netweaver
Vulnerabilities have been fixed in SAP Netweaver. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Remote code execution User rights...
Vulnerability fixed in FortiGate SSL VPN Portal
FortiGuard has fixed a vulnerability in e FortiGate SSL VPN portal. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...
Vulnerability fixed in Nginx
A vulnerability has been fixed in Nginx. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause and potentially execute arbitrary code by sending a specially prepared DNS response. Nginx is only vulnerable if the "resolver directive" is used in the...
Vulnerability fixed in Huawei S5700 switch series
Huawei has fixed a vulnerability in its S5700 switch series. A remote malicious person could exploit the vulnerability to cause a denial-of-service attack. Huawei categorizes this vulnerability according to the CVSSv3 method with a score of 6.5. Huawei has released updates to fix the vulnerabilit...
Vulnerability fixed in Xerox printer drivers
Xerox has fixed a vulnerability in its printer driver for Windows. A remote malicious person could, by exploiting of this vulnerability obtain elevated privileges on the vulnerable system. Few substantive details about the vulnerability have been made publicly available. Xerox has released update...
Vulnerabilities fixed in Cisco Finesse
Vulnerabilities have been fixed in Cisco Finesse. The vulnerability with reference CVE-2021-1254 allows an authenticated malicious person remotely capable of executing a Cross-Site scripting attack and thereby executing arbitrary code under the privileges of the user. The vulnerability with...
Vulnerabilities fixed in Cisco products
Cisco has fixed a local file inclusion vulnerability in ADE-OS as used to deploy Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE and Cisco Prime Infrastructure. The vulnerability with attribute CVE-2021-1306 enables a local, authenticated malicious party to able...
Vulnerability fixed in Dell Remote Access Controller (iDRAC).
A vulnerability has been fixed in Dell Remote Access Controller iDRAC. The vulnerability allows a remote malicious person to able to bypass authentication. With exploiting this vulnerability, the malicious party gains access to the virtual console of iDRAC. iDRAC is a management environment. It i...
Vulnerability fixed in Huawei CloudEngine
A vulnerability has been fixed in several Huawei CloudEngine products. The vulnerability allows a malicious party to capable of causing a denial-of-service. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Spoofing Remote code execution User rights Access to sensitive data Below is a summary of the various...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Increased user privileges Siemens categorizes...
Vulnerabilities fixed in Atlassian Confluence
Vulnerabilities have been fixed in Atlassian Confluence Server. The vulnerabilities allow an authenticated remote malicious agent to remote user to gain access to system data and to execute arbitrary code under the user's privileges. Atlassian has released updates to address the vulnerabilities...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Multiple vulnerabilities fixed in RedHat OpenShift
Red Hat has fixed multiple vulnerabilities in the jackson databind of their OpenShift Container platform for RHEL 8. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data or execute arbitrary code under the privileges of the application. Many of t...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to...
Vulnerabilities fixed in Oracle Solaris
Vulnerabilities have been fixed in Oracle Solaris. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in PAN-OS
A security vulnerability exists regarding log files in Palo Alto Networks PAN-OS software, in which the connection details for a scheduled configuration export are recorded recorded in system logs. PAN-OS developers have issued updates to PAN-OS to address the vulnerabilities. More information...
Vulnerabilities fixed in WhatsApp
Vulnerabilities have been fixed in WhatsApp. A malicious party could potentially exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service. The vulnerability with CVE attribute CVE-2021-24027 only applies to applicable to WhatsApp for Android and WhatsApp Busines...
Vulnerability fixed in HP Integrated Lights Out Amplifier Pack
HP has fixed a vulnerability in Integrated Lights Out Amplifier Pack. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the...
Vulnerability found in Keycloak
A vulnerability has been found in Keycloak. The vulnerability allows a malicious person to use the new-account console to execute to execute arbitrary code. Red Hat reports that the vulnerability in version 13 of Keycloak has been fixed. At Keycloak itself, this information cannot be found found...
Vulnerabilities fixed in OpenSSL
Two vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerability with reference CVE-2021-3449 potentially exploit it to cause a denial-of-service. To do this requires sending a specially prepared "renegotiation ClientHello" message needs to be sent fro...