4189 matches found
Vulnerabilities fixed in Dell Precision products
Vulnerabilities have been fixed in Dell Precision products. The vulnerabilities allow a local malicious person to obtain elevated rights or to cause a denial-of-service. Dell has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in Nginx
A vulnerability has been fixed in Nginx. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause and potentially execute arbitrary code by sending a specially prepared DNS response. Nginx is only vulnerable if the "resolver directive" is used in the...
Vulnerabilities fixed in Red Hat kernel
Red Hat has fixed vulnerabilities in its kernel. The vulnerabilities allow a local malicious party to circumvent a security measure to bypass and to cause a denial-of-service cause. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can install these updates usin...
Vulnerabilities fixed in Liferay Portal
Vulnerabilities have been fixed in Liferay Portal. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure...
Vulnerability fixed in SAP NetWeaver
A vulnerability has been fixed in SAP NetWeaver. The vulnerability allows a malicious party to remotely execute arbitrary code execute. As usual, SAP is making few details publicly available. SAP has released updates to fix the vulnerabilities. More information can be found at:...
Vulnerability fixed in Microsoft Dynamics 365 for Finance and Operations
A vulnerability has been fixed in Dynamics 365 for Finance and Operations. An authenticated malicious party can exploit the vulnerability exploit it to perform Cross-Site-Scripting XSS on a logged-in user. Such an attack could result in the execution of arbitrary script code in the browser used t...
Vulnerabilities fixed in Atlassian Confluence
Vulnerabilities have been fixed in Atlassian Confluence Server. The vulnerabilities allow an authenticated remote malicious agent to remote user to gain access to system data and to execute arbitrary code under the user's privileges. Atlassian has released updates to address the vulnerabilities...
Vulnerabilities fixed in NVidia drivers and tools
NVidia has fixed several vulnerabilities in the drivers and tools of GPU video cards. Malicious parties can exploit the vulnerabilities exploit them to cause a denial-of-service, obtain obtain system data, or execute arbitrary code under the GPU's privileges. Because GPU drivers sit very close to...
Vulnerabilities fixed in Oracle Supply Chain
Vulnerabilities have been fixed in Oracle Supply Chain Suite. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to...
Vulnerability fixed in VMware NSX-T
VMware has fixed a vulnerability in NSX-T. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. VMware has released updates to fix the vulnerability in NSX-T 3.1.2. For more information, see:...
Vulnerability fixed in LibreOffice
LibreOffice has fixed a vulnerability. A malicious party can bypass the deny-list in the Windows version and execute arbitrary code execute under user privileges by inserting a rogue hyperlink into a document. The Document Foundation has released updates to fix the vulnerability in LibreOffice...
Vulnerability fixed in Cisco IOS XR
Due to a vulnerability in the CLI of Cisco IOS XR 64-bit software allows an authenticated, local attacker to inject arbitrary commands inject arbitrary commands executed with root privileges on the underlying Linux operating system OS of an affected device. Cisco has released updates to fix the...
Vulnerabilities fixed in PAN-OS
A security vulnerability exists regarding log files in Palo Alto Networks PAN-OS software, in which the connection details for a scheduled configuration export are recorded recorded in system logs. PAN-OS developers have issued updates to PAN-OS to address the vulnerabilities. More information...
Vulnerabilities fixed in SAP Netweaver products
Several vulnerabilities have been fixed in SAP Netweaver products. By exploiting the vulnerabilities, a malicious party within the local network to bypass authentication, view sensitive information or cause cross-site scripting and Denial-of-Service. SAP has made updates available to address the...
Vulnerability fixed in Tableau Server
A vulnerability has been fixed in Tableau Server. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website redirect when sharing a "view." Salesforce has released updates to fix the vulnerability fix in Tableau Server...
Vulnerability fixed in FreeBSD
A vulnerability has been fixed in FreeBSD. The vulnerability allows a locally authenticated malicious person to obtain to obtain system credentials. -= FreeBSD =- FreeBSD has made updates available to fix the vulnerability fix in kernel. More information about these updates can be found at:...
Vulnerabilities fixed in ClamAV
Vulnerabilities have been fixed in ClamAV. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the permissions with which the service is running. By exploiting the vulnerability with CVE attribute CVE-2021-1386, a...
Vulnerabilities concealment in Oracle Linux
Vulnerabilities have been fixed in Oracle Linux. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Increased user rights -= Oracle =- Oracle has made updates...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to obtain sensitive data. This security advisory addresses two OpenSSL vulnerabilities that also appear in security advisory NCSC-2021-0259. For this reason, they are not included in the probability damage...
Vulnerability fixed in Mitel MiContact Center
Mitel has fixed a vulnerability in MiContact Center. The vulnerability allows an authenticated malicious party with access to the Enterprise License Manager portal is able to obtain system data obtain. Mitel has released updates to fix the vulnerability. More information can be found on the page...
Vulnerabilities fixed in FreeBSD
Several vulnerabilities have been fixed in FreeBSD. The vulnerabilities allow a malicious person, potentially unauthenticated remote, be able to carry out attacks resulting in the following categories of damage: Bypassing authentication Bypassing security measure Accessing sensitive data Access t...
Vulnerabilities fixed in OpenSSL
Two vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerability with reference CVE-2021-3449 potentially exploit it to cause a denial-of-service. To do this requires sending a specially prepared "renegotiation ClientHello" message needs to be sent fro...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed multiple vulnerabilities in its BIG-IP product line. The vulnerabilities allow a potentially unauthenticated remote malicious person is able to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in Visual Studio and Visual Studio Code. The vulnerabilities allow a malicious person able to execute arbitrary code under the privileges of the user. The vulnerability with reference CVE-2021-21300 has been classified by Microsoft rated "Critical" the...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure...
Vulnerability fixed in Cisco ESA and SMA
A vulnerability has been fixed in the web-based administrator interface Cisco AsyncOS for Cisco ESA and SMA. The vulnerability allows an authenticated remote malicious party to able to obtain sensitive data. Cisco has released updates to fix the vulnerability. More information can be found on the...
Vulnerabilities fixed in Clustered Data ONTAP
NetApp has fixed two vulnerabilities in Clustered Data ONTAP. The vulnerabilities could be exploited by a malicious person to gather information about the vulnerable system or cause a denial-of-service. To cause a Denial-of-Service, the malicious party must be authenticated on the vulnerable...
Serious vulnerabilities fixed in Microsoft Exchange Server
Vulnerabilities have been fixed in Microsoft Exchange Server. A combination of several vulnerabilities allow a malicious person remotely able to execute arbitrary code under SYSTEM privileges Microsoft states that the vulnerabilities with attribute CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 a...
Vulnerability fixed in Kaspersky Endpoint Security
Kaspersky has fixed a vulnerability in Kaspersky Endpoint Security and Kaspersky Rescue Disk. A local malicious person with administrator privileges or a malicious person with physical access to the vulnerable device could exploit the vulnerability to bypass of UEFI Secure Boot. This could allow...
Vulnerabilities fixed in Intel BIOS
Intel has fixed vulnerabilities in the BIOS which is used along with specific Xeon and Atom processors. The vulnerabilities enable a locally authenticated malicious person to opportunity to obtain elevated privileges. The malicious party needs physical access to the vulnerable machine to do so...
Vulnerability fixed in IBM Integration Bus
A vulnerability has been fixed in IBM Integration Bus. The vulnerability allows a remote malicious party to perform a denial-of-service attack. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6416609...
Vulnerability fixed in Cisco Anyconnect Client
Cisco has fixed a vulnerability in the Anyconnect client for Windows. A local, authenticated malicious party could exploit the exploit the vulnerability to perform a DLL hijack and thus potentially execute arbitrary code under SYSTEM privileges. Cisco has released updates to fix the vulnerability...
Vulnerability fixed in vSphere Replication
VMWare has fixed a vulnerability in vSphere Replicator. A malicious person with management privileges in Replicator can exploit the vulnerability exploit it to execute arbitrary code with system privileges on the underlying system. Because such an attack fits into the so-called "evil admin"...
Vulnerability fixed in IBM Spectrum Protect Plus
IBM has fixed a vulnerability in Spectrum Protect Plus. A unauthenticated remote malicious party can exploit the vulnerability exploit it to cause a denial-of-service. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.7.2 10.1.7 ifix2. For more information, see:...
Vulnerabilities fixed in SUSE Linux kernel
Several vulnerabilities have been fixed in SUSE Linux Enterprise Server. The vulnerabilities enable a malicious person remote or otherwise to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root...
Vulnerabilities fixed in Apple macOS
Vulnerabilities have been fixed in Apple macOS. The vulnerabilities allow a local malicious person to obtain elevated privileges to obtain or execute arbitrary code with kernel privileges. The vulnerability with attribute CVE-2021-3156 is known as the sudo vulnerability named "Baron Samedit." Mor...
Vulnerability fixed in Siemens TIA Portal
Siemens has fixed a vulnerability in TIA Portal. A local malicious party could potentially exploit the vulnerability to obtain elevated privileges and thus execute arbitrary code execute code with SYSTEM privileges. To exploit the vulnerability, the malicious party must have physical access to th...
Vulnerabilities fixed in GitLab Community and Enterprise Edition
GitLab has fixed a number of vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data...
Vulnerabilities fixed in Clustered Data ONTAP
NetApp has fixed two vulnerabilities. An unauthorized malicious party can use the vulnerabilities to discover the presence of data, which is stored outside his authorizations. stored. NetApp has released updates to fix the vulnerabilities in Clustered Data ONTAP. For more information, see:...
Vulnerabilities fixed in Apache ActiveMQ
Vulnerabilities have been fixed in Apache ActiveMQ. The vulnerabilities allow a malicious party to bypass authentication bypassing. Bypassing authentication is only possible when the optional LDAP login module is used. Apache has released updates to fix the vulnerability. More information can be...
Vulnerability fixed in Apple XCode
Apple has fixed a vulnerability in XCode. A malicious could potentially exploit the vulnerability to gain access to arbitrary files and thus sensitive data. The malicious party must entice the victim to install a malicious application. -= Apple =- Apple has made updates available for XCode to fix...
Vulnerabilities fixed in Cisco Data Center Network Manager
Cisco has fixed multiple vulnerabilities in several Data Center Network Manager components. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Bypassing authentication Circumvention of...
Vulnerability fixed in VLC
A vulnerability has been fixed in VLC. The vulnerability allows a malicious party capable of causing a denial-of-service and possibly executing arbitrary code under the privileges of the user. To exploit the vulnerability, a user must open a malicious file open. VLC has released updates to fix th...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in the following Oracle Hyperion products: Hyperion Infrastructure Technology Hyperion Financial Reporting The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that...
Vulnerability fixed in Atlassian Confluence
A vulnerability has been fixed in Atlassian Confluence. The vulnerability allows a malicious party to cause a denial-of-service cause. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/CONFSERVER-60854...
Vulnerability fixed in Elasticsearch
A vulnerability has been fixed in Elasticsearch. The vulnerability allows a malicious person to obtain system data. Elastic has released updates to fix the vulnerability. More information can be found on the page below: https://discuss.elastic.co/t/elasticsearch-7-10-2-security-update /261164...
Vulnerabilities fixed in Juniper Junos OS
Juniper has fixed vulnerabilities in Junos OS. The vulnerabilities allow a remote malicious person to to bypass a security measure and to cause a denial-of-service cause. Juniper categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 8.8. Juniper has released...
Vulnerabilities fixed in Aruba Airwave Glass
Vulnerabilities have been fixed in Aruba Airwave Glass. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root privileges...
Vulnerability fixed in FortiGate
A remotely authenticated malicious person is able to view the log entries of SSL VPN events from users in other VDOMs by executing "get vpn ssl monitor" from the command line. The sensitive data includes usernames, user groups and IP addresses. FortiGuard has made updates available to fix the...