4189 matches found
Vulnerabilities fixed in openSUSE kernel
Vulnerabilities have been fixed in openSUSE. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user privileges -= OpenSUSE =- The developers of...
Vulnerabilities in multiple TCP/IP stacks
Researchers at Forescout Research Labs have found 33 vulnerabilities found in four open source TCP/IP stacks. In the research called AMNESIA:33, four vulnerabilities are identified as critical. The highest assigned CVSS score is 9.8. The vulnerabilities allow a malicious party to carry out attack...
Vulnerability fixed in Kibana
A vulnerability has been fixed in Kibana. The vulnerability allows a malicious party the opportunity to spoof a URL and to cause a Denial-of-Service. Elastic has released bug fixes to address the vulnerability. fix. More information can be found on the pages below: Bug 1898572:...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in Jira. The vulnerability allows a remote malicious person to manipulate to manipulate Jira templates. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerability fixed in MISP
CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS attack, potentially executing arbitrary code in the context of the browser. CIRCL has released updates to fix the...
Multiple vulnerabilities fixed in Intel systems
Intel has fixed several vulnerabilities in Converged Security and Manageability Engine CSME, Server Platform Services SPS, Trusted Execution Engine TXE, Dynamic Application Loader DAL, Active Management Technology AMT and Standard Manageability ISM. Malicious parties can exploit the vulnerabiliti...
Vulnerabilities fixed in macOS
Apple has released a new version of macOS. This version 11.01 Big Sur fixes a large number of vulnerabilities. A malicious party can exploit the vulnerabilities to access gain access to sensitive data, execute arbitrary code with user privileges or to cause a denial-of-service. The vulnerabilitie...
Vulnerability fixed in EcoStruxure Control Expert
A vulnerability has been fixed that could cause a crash of the PLC simulator in EcoStruxure Control Expert software when a specially crafted request is received via Modbus. Schneider Electric has made available a firmware update that fixes the vulnerability. For more information, see:...
Vulnerabilities fixed in Cisco Unified Communications Manager
Due to a vulnerability in Cisco Unified Communications Manager -software, an authenticated remote malicious party could cause the Cisco XCP Authentication Service on an affected device to be restarted, resulting in a Denial-of-Service DoS. Cisco has released an update to fix the vulnerability. Mo...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person remote or otherwise to potentially able to carry out attacks leading to the following categories of damage: Remote code execution User rights Circumvention of security measure Denial-of-Service...
Serious vulnerability fixed in Oracle Weblogic Server
Oracle has released an update for Weblogic Server to fix a serious vulnerability. This new vulnerability is related to the Fusion Middleware vulnerability with attribute CVE-2020-14882, for which an update was released in October. This was described by the NCSC in security advisory NCSC-2020-0858...
Vulnerabilities fixed in Juniper Networks Junos OS
Vulnerabilities have been fixed in Junos OS. The vulnerabilities allow a malicious party to launch a denial-of-service attack and to execute arbitrary code under the privileges of the user. Juniper has released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerabilities fixed in QNAP QTS
QNAS has fixed vulnerabilities in the QTS operating system. The vulnerabilities allow a remote malicious person to to inject arbitrary commands. It is good practice to have the user interface for a system like QTS to be exposed on a separate administrator network. QNAP has released updates to fix...
Vulnerabilities fixed in Red Hat OpenShift
Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of security measure Remote code execution User right...
Vulnerability fixed in Snort
A vulnerability has been fixed in Snort. The vulnerability allows an unauthenticated remote malicious person to enable an security measure to bypass. Cisco has released updates to fix the vulnerability. More information can be found on the page below: https://tools.cisco.com/security/center/conte...
Vulnerability in Ghisler Total Commander
There is a vulnerability in Ghisler Total Commander. The vulnerability allows a local malicious person to obtain elevated permissions by replacing the Total Commander binary. The developers of Total Commander have indicated that they will not fix the vulnerability will not be fixed. According to...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in the following Oracle E-Business Suite products: Applications Manager Marketing Application Object Library Trade Management Universal Work Queue Installed Base CRM Technical Foundation One-to-One Fulfillment Applications Framework E-Business Suite Secure...
Vulnerability fixed in Nexpose
A vulnerability has been fixed in Nexpose. The vulnerability allows an authenticated malicious party to execute an SQL injection to execute and thereby obtain sensitive data. Rapid7 has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Citrix Gateway Plug-in for Windows
Citrix has fixed two vulnerabilities in the Citrix Gateway Plug-in for Windows. By exploiting these vulnerabilities could potentially gain elevated privileges acquire elevated privileges on the vulnerable system. Citrix has released updates to fix the vulnerabilities. For more information, see:...
Vulnerabilities fixed in SUSE
Several vulnerabilities have been fixed in SUSE Linux Enterprise. The vulnerabilities potentially enable a local malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to syste...
Vulnerabilities fixed in Siemens Ruggedcom and Scalance
Siemens has fixed multiple vulnerabilities in several Ruggedcom and Scalance products. A remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service of dnsmasq or execute arbitrary code. To do this requires sending malicious network traffic to the vulnerable...
Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel
Oracle has fixed vulnerabilities in the Oracle Unbreakable Enterprise kernel. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitiv...
Vulnerability fixed in Trend Micro Anti-virus
A vulnerability has been fixed in Trend Micro Anti-Virus for Mac. The vulnerability allows a malicious person to obtain elevated privileges. Trend Micro has released updates to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerability fixed in Red Hat Satellite
A vulnerability has been fixed in Red Hat Satellite. The vulnerability allows a local malicious person to obtain sensitive data by reading the temporary memory. This vulnerability is exploitable only if an installation of Satellite via RPM an installation of Satellite has taken place. -= Red Hat ...
Vulnerability discovered in Siemens SIMATIC S&-300 and S7-400 CPUs
Siemens has discovered a vulnerability in the SIMATIC S7-300 and S7-400 CPUs. An unauthenticated malicious person can exploit the exploit the vulnerability to eavesdrop on network traffic and thereby obtaining login credentials. To exploit the vulnerability, the attacker must have access to the...
Vulnerabilities fixed in Nagios
Several vulnerabilities have been fixed in Nagios. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Increased user privileges For now, not ever...
Vulnerabilities fixed in Sophos UTM Up2Date
Sophos has fixed multiple vulnerabilities in Up2Date for Sophos UTM. The vulnerabilities allow a remote malicious person potentially able to cause a denial-of-service or gain access gain access to sensitive information. Sophos has released updates to fix the vulnerabilities in Sophos UTM Up2Data...
Vulnerabilities fixed in Kaspersky Security Center
Kaspersky has fixed multiple vulnerabilities in Kaspersky Security Center. The vulnerabilities allow a local malicious able to cause a denial-of-service or obtain elevated privileges obtain elevated privileges on the local system. Not all of the vulnerabilities have assigned a CVE number. Kaspers...
Vulnerabilities fixed in OpenSUSE kernel
The developers of OpenSUSE have fixed several vulnerabilities fixed in the OpenSUSE Linux kernel. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data...
Vulnerability in Autodesk 3ds max actively exploited
Autodesk says it is actively observing abuse of a vulnerability in 3ds max software. A variant of the MAXScript exploit "PhysXPluginMfx" allows a remote malicious person to to execute arbitrary code within the context of the application. To do this, the malicious party must entice the victim to...
Vulnerabilities fixed in Apache HTTP server
Vulnerabilities have been fixed in Apache. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data -= Ubuntu =- Canonical has...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication Circumvention of security...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code, to gain elevated privileges or to perform a denial-of-service DoS attack. Below is a summary of the various vulnerabilities described by...
Vulnerabilities fixed in Apache HTTP Server
Vulnerabilities have been fixed in Apache HTTP Server. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial of Service Apache has made updates available to address the vulnerabilities. fixes. More information can ...
Vulnerabilities fixed in GRUB2
Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...
Multiple vulnerabilities fixed in macOS
Apple has fixed several vulnerabilities in macOS. The vulnerabilities allow a malicious person remote or otherwise to perform able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root...
Vulnerabilities fixed in Cisco products
Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Cisco has released updates to fix the vulnerabilities. More...
Vulnerability fixed in Microsoft SQL Server Reporting Services
There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to improper processing of page requests. If successfully exploited, the vulnerability allows an authenticated remote malicious person to execute arbitrary execu...
Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products
Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in Cisco products. The vulnerabilities are all in the Cisco Discovery Protocol CDP. The vulnerabilities allow an unauthenticated malicious person using a rogue CDP packet to establish a Denial-of-Service and potentially execute arbitrary code execution. Because CDP...
Vulnerability fixed in Spring Framework
A vulnerability has been fixed in Spring Framework. The vulnerability allows a malicious party to perform a reflected file download RFD attack. The developers of Spring Framework have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerabilities fixed in Nginx
A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...
Vulnerabilities fixed in Jackson databind
Debian has fixed vulnerabilities in Jackson databind. The vulnerabilities allow a malicious party to execute arbitrary code execute under user privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to the deserialization of an...
Vulnerability fixed in PostgreSQL
Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...
Multiple vulnerabilities fixed in Aruba networks products
Multiple vulnerabilities have been discovered in various Aruba Networks products including Instant and ArubaOS access points, the Airwave management platform and the PAPI protocol that these systems mutually use. Some vulnerabilities have been fixed, others will be fixed in a future update, and f...
Vulnerabilities in GitHub Enterprise Server
GitHub has identified several vulnerabilities in GitHub Enterprise Server, particularly in versions prior to 3.21 and 3.22. The first vulnerability involves stored XSS attacks, where authenticated attackers can inject malicious JavaScript payloads into discussion titles. These scripts are execute...
The vulnerabilities in libssh2 are addressed through libssh.
LibSSH has vulnerabilities in libssh2, including versions up to 1.11.1. The first vulnerability involves a denial-of-service attack during the pre-authentication phase, within the SSHMSGEXTINFO handler. A malicious SSH server can send a specially constructed extensioncount value, causing the clie...
Vulnerabilities are managed in Oracle Enterprise Manager
Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...
Vulnerability handling functions in cPanel and WHM
cPanel has identified a vulnerability in its cPanel and WHM products, including versions after 11.40 and before the specific patched releases. The vulnerability involves an authentication bypass that occurs due to the injection of CRLF characters in session files, allowing attackers to impersonat...
Vulnerabilities in Oracle Identity Manager Connector
Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...