4189 matches found
Vulnerability fixed in Zimbra
Synacor has fixed a vulnerability in Zimbra in the way in which XML entities are processed in zm-saml-consumer-store. This vulnerability makes it possible for a malicious person to perform a Denial-of-Service attack. Attacks carried out via this vulnerability are also known as "billion laughs"...
Vulnerabilities fixed in Veritas products
Vulnerabilities have been fixed in Veritas Backup Exec and Veritas NetBackup. The vulnerabilities allow a local attacker to to obtain elevated privileges. The vulnerability makes it possible for the attacker to execute arbitrary code under SYSTEM or administrator. The vulnerabilities rated by...
Serious vulnerability fixed in Zyxel products
A vulnerability has been fixed in Zyxel products. A researcher found an undocumented user whose both the username and password could be found in plaintext were in firmware. This undocumented account has admin rights. Zyxel has released updates to fix the vulnerability. Zyxel indicated that for AP...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to cause a denial-of-service cause. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6386466...
Vulnerabilities fixed in HCL Lotus Notes
HCL has fixed two vulnerabilities in Lotus Notes. A malicious party could exploit the vulnerabilities for a Cross-Site-Scripting XSS attack, potentially running arbitrary execute arbitrary scripts in the victim's browser, or for the perform a denial-of-service DoS on the service. HCL has released...
Vulnerability fixed in Dell iDRAC
Dell has fixed a vulnerability in iDrac. A malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. iDRAC is a management environment. I...
Vulnerabilities fixed in LogRhythm SIEM
Vulnerabilities have been fixed in LogRhythm SIEM. The vulnerabilities allow a malicious person to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution Administrator/Root...
Vulnerabilities fixed in XStream
Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Manipulation of data Access to sensitive data The vulnerabilities are exploitable only when using the defau...
Vulnerabilities fixed in F5 BIG-IP
Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to cause a Denial-of-Service cause and perform a Cross-site scripting attack. F5 has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-5948:...
Vulnerabilities fixed in ArubaOS
Hewlett Packard has fixed vulnerabilities in ArubaOS. The vulnerability with reference CVE-2020-24637 was known earlier this year become known as "Boothole" NCSC-2020-0614. This vulnerability allows a malicious person with sufficient access to the system to load a rogue kernel. The remaining...
Vulnerabilities fixed in Citrix Secure Mail
Citrix has fixed vulnerabilities in Citrix Secure Mail. A malicious party can use a rogue app to gain access to the email data and, to a lesser extent, the calendar data stored in the victim's Citrix Secure Mail. The vulnerability is located in Citrix Secure Mail for Android. Citrix Secure Mail f...
Vulnerability discovered in WildFly
A vulnerability has been discovered in WildFly. The vulnerability allows an unauthenticated remote malicious person to perform a Denial-of-Service to cause. The vulnerability occurs when the application uses the OpenTracing APIs java interceptors. JBoss Community is working on updates...
Vulnerability fixed in Apache Struts
A vulnerability has been fixed in Apache Struts. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under privileges of the Struts application. To exploit the vulnerability, the OGNL evaluation must be be enabled. Apache has released a new version to fix th...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Azure. The vulnerabilities allow a malicious person to bypass security measures. Azure Sphere: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |. |----------------|------|-------------------------------------| |...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with user privileges. Vulnerabilities related to Visual Studio can only be be exploited by convincing the user to open rogue files. Visual Studio:...
Vulnerabilities fixed in Microsoft Windows
There are several vulnerabilities in Microsoft Windows. The vulnerabilities allow a malicious person to: - execute arbitrary code with user privileges; - grant themselves elevated privileges; - circumvent security measures; - gain access to sensitive data; - construct a DNS cache poisoning attack...
Vulnerabilities fixed in NetApp products
The makers of NetApp products have incorporated new versions of Eclipse Jetty server and Python into their products. With these, the release of sensitive information, the addition or modification of data or denial of service DoS is prevented. Netapp has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Atlassian Crucible
Atlassian has fixed vulnerabilities in Crucible. The vulnerabilities allow a remote malicious person to perform a denial-of-service. Atlassian has released updates to fix the vulnerabilities. fixes. More information can be found on the pages below: CVE-2020-14190:...
Vulnerability fixed in Xen
A vulnerability has been fixed in Xen. A malicious person who can execute code in a guest VM under elevated privileges can execute code, could vulnerability could potentially exploit it to cause a denial-of-service on the Xen hypervisor. Potentially, the vulnerability could also be exploited to...
Vulnerability fixed in Nagios XI
Nagios has fixed several vulnerabilities in Nagios XI. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root privileges Increased us...
Several vulnerabilities fixed in Citrix Hypervisor and XenDesktop
Citrix has fixed vulnerabilities in XenDesktop and Hypervisor. The vulnerabilities in XenDesktop allow a malicious party to to gain elevated privileges on a virtual Windows environment and execute code with SYSTEM privileges. The vulnerability in Hypervisor allows a remote malicious person to abl...
Vulnerability fixed in EcoStruxure Control Expert
A vulnerability has been fixed that could cause a crash of the PLC simulator in EcoStruxure Control Expert software when a specially crafted request is received via Modbus. Schneider Electric has made available a firmware update that fixes the vulnerability. For more information, see:...
Vulnerabilities fixed in McAfee Endpoint
McAfee has fixed vulnerabilities in Endpoint Security for Windows. A malicious party could exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with user privileges through a Cross-Site-Scripting Attack XSS or a Cross-Site-Request-Forgery XSRF. McAfee has released...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...
Vulnerabilities fixed in Apple iOS and iPadOS
Vulnerabilities have been fixed in Apple iOS and iPadOS, including three 0-day vulnerabilities. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Increased user...
Serious vulnerability fixed in Oracle Weblogic Server
Oracle has released an update for Weblogic Server to fix a serious vulnerability. This new vulnerability is related to the Fusion Middleware vulnerability with attribute CVE-2020-14882, for which an update was released in October. This was described by the NCSC in security advisory NCSC-2020-0858...
Vulnerability fixed in Red Hat JBoss
Vulnerabilities have been fixed in JBoss. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing system data Red Hat categorizes these vulnerabilities as "moderate. -= Re...
Vulnerabilities fixed in SonicWall
Vulnerabilities have been fixed in SonicWall Global VPN Client. The vulnerabilities allow a local malicious person to gain elevated rights and to execute arbitrary code under the user's privileges. SonicWall has released updates to address the vulnerabilities. fixes. More information can be found...
Vulnerability fixed in FortiOS
A vulnerability has been fixed in FortiOS. The vulnerability allows an authenticated attacker to obtain sensitive data, for example, passwords stored in cleartext. Fortinet has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Red Hat OpenShift
Vulnerabilities have been fixed in Red Hat OpenShift. The vulnerabilities allow a malicious party to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data -= Red Hat =- Red Hat has...
Vulnerabilities fixed in Check Point Zone Alarm Extreme Security
Check Point fixed vulnerabilities in Zone Alarm Extreme Security. The vulnerabilities allow a local malicious party to able to delete files restored from an archive and to obtain elevated privileges. Check Point has released a new version to address the vulnerabilities fixes. More information can...
Vulnerability fixed in FortiClient
A vulnerability has been fixed in FortiClient for Linux. The vulnerability enables a local malicious person who has the ability has the ability to run scripts or programs on the system is able to able to obtain elevated privileges. FortiNet has released updates to fix the vulnerability. More...
Vulnerabilities fixed in Pulse Secure products for Windows, Linux and Mac
Vulnerabilities have been fixed in Pulse Secure products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security...
Vulnerabilities fixed in Oracle Communications-producton
Oracle has fixed vulnerabilities in Communications Messaging Server. The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS...
Vulnerability fixed in Adobe Creative Cloud
Adobe has fixed a vulnerability in Creative Cloud. The vulnerability allows a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in Adobe InDesign
Adobe has fixed a vulnerability in InDesign. The vulnerability allows a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in XWiki
A vulnerability has been fixed in XWiki. The vulnerability allows an authenticated malicious person to execute arbitrary code execute arbitrary code under the user's privileges. XWiki has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Juniper Junos OS
Juniper Networks has fixed several vulnerabilities in Junos OS. A malicious person, whether remotely authenticated or not, could potentially exploit these vulnerabilities to carry out attacks leading to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...
Vulnerability fixed in IBM Security Access Manager
IBM has fixed a vulnerability in IBM Security Access Manager in which sessions are not deleted after a user is logged out. A malicious party could potentially reuse the session of a logged out user thereby potentially reuse it and thus gain elevated rights to the vulnerable system. IBM has releas...
Vulnerability fixed in Cisco Webex Teams for Windows
Cisco has fixed a vulnerability in the Windows client of Cisco Webex Teams. The vulnerability allows a local, authenticated malicious person to execute arbitrary code execute under privileges of other local users. This requires a malicious DLL file must be placed in a specific location of the fil...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person remote or otherwise potentially able to carry out attacks leading to the following categories of damage: Remote code execution User rights. Access to sensitive data Access to system data...
Vulnerabilities fixed in openSUSE
Vulnerabilities have been fixed in openSUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Access to system data Increased user privileges -= OpenSU...
Vulnerability fixed in FortiOS
A vulnerability has been fixed in FortiOS. The vulnerability allows an authenticated malicious party the ability to cause a denial-of-service denial-of-service. Fortinet has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Dell SonicWall
A vulnerability has been fixed in Dell SonicWall. It involves a domain name collision vulnerability. The web interface of SonicWall makes it possible for an attacker to obtain information about domain names used on an organization's internal network. organization. The attacker can register a foun...
Vulnerabilities fixed in FortiOS
Vulnerabilities have been fixed in FortiOS. The vulnerabilities allow an authenticated remote malicious agent to opportunity to cause a denial-of-service via an SSL VPN. To exploit the vulnerability, a number of non-standard settings must have been made. FortiNet categorizes these vulnerabilities...
Vulnerabilities fixed in Cisco IOS and IOS XE
Vulnerabilities have been fixed in Cisco IOS and IOS XE. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Circumvention of security measure Remot...
Vulnerabilities fixed in Cisco Aironet
Vulnerabilities have been fixed in Cisco Aironet. The vulnerabilities allow a malicious party to launch attacks that lead to a denial-of-service DoS. After a successful attack, the affected device recover itself. Cisco has released updates to fix the vulnerabilities. More information can be found...
Vulnerability fixed in F5 BIG-IP and BIG-IQ
A vulnerability has been fixed in F5 BIG-IP and BIG-IQ products. The vulnerability allows a malicious party to launch attacks execute attacks that lead to a denial-of-service DoS. F5 has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Pulse Secure
Vulnerabilities have been fixed in Pulse Secure. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to system data Pulse Secure has released updates to address the...