4190 matches found
Vulnerabilities fixed in Pulse Connect Secure
Pulse Connect has fixed vulnerabilities in Pulse Connect Secure. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remote code execution...
Vulnerabilities fixed in ForsiOS
FortiGuard Labs has fixed several vulnerabilities in FortiOS. The vulnerabilities allow a malicious party to execute attacks that potentially lead to the execution of arbitrary code under the user's privileges. FortiGuard Labs has released updates to fix the vulnerabilities fixes in FortiOS SSL...
Vulnerabilities fixed in FortiManager and FortiAnalyzer
A vulnerability has been fixed in FortiManager and FortiAnalyzer. A malicious party could potentially exploit them to execute arbitrary code with elevated privileges or gain access to sensitive data. Fortinet has released updates to fix the vulnerability. More information can be found on the page...
Vulnerability fixed in PowerDNS
A vulnerability has been fixed in PowerDNS. The vulnerability allows an unauthenticated remote malicious agent to cause a denial-of-service. PowerDNS has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed is MISP
Vulnerabilities have been fixed in MISP. The vulnerabilities allow an unauthenticated remote malicious person to be able to execute arbitrary code in the victim's browser. To do so, the malicious party must induce the victim to follow a rogue hyper-link to follow CIRCL has released updates to fix...
Vulnerabilities fixed in Xerox AltaLink systems
Xerox has released a cumulative update that fixes several vulnerabilities that could lead to: Security measure circumvention SQL Injection Accessing sensitive data Xerox has released updates to address the vulnerabilities in AltaLink systems. For more information, see:...
Vulnerability fixed in MISP
A vulnerability has been fixed in MISP. A malicious party can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application is visited. MISP has released updates ...
Vulnerability fixed in MIT Kerberos
A vulnerability has been fixed in krb5, part of MIT's Kerberos. A malicious party could potentially exploit the vulnerability to cause a denial-of-service on the KDC process through a specially prepared request. -= Debian =- Debian has made updates to krb5 available for Debian 10.0 Buster to fix...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in After Effects. A malicious party could potentially exploit the vulnerabilities to access gain access to system data, or execute arbitrary code with the application's permissions. To do this, the malicious party must trick the victim into opening a rogue file...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Orchestrator and EnterpriseOne Tools. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication...
Vulnerabilities fixed in Oracle Virtualization products
Oracle has fixed vulnerabilities in Secure Global Desktop and VirtualBox. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Access to sensitive da...
Vulnerabilities fixed in Adobe Photoshop
Adobe has fixed vulnerabilities in Photoshop. A local malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or gain access to system files. Adobe has released updates to fix the vulnerabilities in Photoshop 2020 and 2021. For more information,...
Vulnerability fixed in Juniper Junos OS
Two vulnerabilities have been fixed in Juniper JunOS. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To do this, an attacker needs to send valid network traffic in a specific sequence to the device. The traffic should be destined for the Junip...
Vulnerability fixed in FortiNet products
A vulnerability has been fixed in Fortinet FortiManager and FortiAnalyzer. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code under root privileges. To do this, a malicious party must send a specially prepared network packet to...
Fixed vulnerabilities in the Lexmark Universal Printer Driver
Lexmark has fixed vulnerabilities in the Universal Printer Driver. A local malicious person with rights to install/activate new printers could install/activate, could exploit the vulnerabilities to execute arbitrary code with SYSTEM privileges. Lexmark has released updates to fix the...
Vulnerability fixed in NetBSD
The developers of NetBSD have fixed a vulnerability in kernfs. The vulnerability allows an authenticated malicious person to able to read any files on the file system, including files both system and userspace for which the malicious party is not originally authorized. No CVE ID has been disclose...
Vulnerabilities fixed in Adobe Acrobat
Adobe has fixed vulnerabilities in Acrobat, Acrobat DC and Acrobat Reader. The vulnerabilities potentially enable a malicious person able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Increase...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed vulnerabilities in Identity Services Engine ISE. An authenticated malicious person could exploit the vulnerabilities on the management interface to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser us...
Actively exploited vulnerability fixed in ForgeRock AM
ForgeRock has fixed a vulnerability in ForgeRock Access Manager AM. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code under the application's permissions. To do this, malicious network traffic should be sent to a...
Vulnerabilities Fixed in Microsoft Malware Protection Engine
Microsoft has fixed vulnerabilities in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. A local malicious agent could vulnerabilities potentially exploit them to execute code under elevated privileges execute code. Windows...
Vulnerabilities fixed in Microsoft Exchange
Vulnerabilities have been fixed in Microsoft Exchange. Microsoft indicates that the vulnerabilities with reference CVE-2021-34523 and CVE-2021-34473 were already fixed in the April updates but this has been now being administered. Below is a summary of the various vulnerabilities described for ea...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Mozilla has...
Vulnerability fixed in Siemens SIMIT
Siemens has fixed a vulnerability in SIMIT. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or to gain access to data stored in system memory. For this vulnerability, Proof-of-Concept code is publicly available. Siemens has released updates to fix the...
Vulnerability fixed in NetIQ Advanced Authentication
Micro Focus has fixed a vulnerability in NetIQ Advanced Authentication. The vulnerability allows a malicious party to bypass bypass multi-factor authentication. No substantive details about this vulnerability made publicly available. Micro Focus has released updates to fix the vulnerability fix i...
Vulnerabilities fixed in Joomla!
Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights released updates to addre...
Vulnerabilities fixed in OpenVPN
Vulnerabilities have been fixed in the Windows versions of OpenVPN and OpenVPN Connect. A local malicious party could potentially exploit them to execute arbitrary code under the rights of the OpenVPN process. To do this, the malicious party must modify the OpenVPN configuration file such that th...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Vulnerabilities have been fixed in OpenShift Container Platform. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...
Vulnerabilities fixed in Zimbra
Vulnerabilities have been fixed in Zimbra. The vulnerabilities allow a remote malicious person to launch a so-called cross-site scripting, and open-redirect attack. To do this, the attacker must trick the victim into following a rogue link to follow. Zimbra has released patches to fix the...
Fixed vulnerabilities in Dell boot functionality.
Eclypsium has discovered vulnerabilities in Dell SupportAssist for Windows. The vulnerabilities allow an unauthenticated remote malicious person able to execute arbitrary code in the BIOS before the operating system is booted. The malicious must perform a man-in-the-middle attack to do so and...
Vulnerability fixed in MediaWiki
A vulnerability has been fixed in MediaWiki. The vulnerability allows an authenticated remote malicious person to delete delete pages while the account is locked. MediaWiki has released new versions to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerability found in Lexmark drivers
An IBM X-Force researcher has discovered a vulnerability in the LMbdsvc component in the Lexmark printer drivers for Windows. The vulnerability allows a locally authenticated malicious person to able to execute arbitrary code under system privileges. One and all is described in the following...
Vulnerabilities fixed in Dovecot
Dovecot's developers have fixed two vulnerabilities. An authenticated remote malicious person can exploit the vulnerabilities exploit them to cause a denial-of-service, execute execute commands with application privileges or to obtain sensitive data. -= Ubuntu =- Canonical has made updates...
Vulnerability fixed in Fortinet FortiClient for macOS
A vulnerability has been fixed in Fortinet FortiClient for macOS. By exploiting this vulnerability to gain root privileges on the vulnerable system. See also the page below from the discoverers of this vulnerability, for more information: https://www.zerodayinitiative.com/advisories/ZDI-21-693/...
Vulnerability fixed in VMware Tools for Windows
A vulnerability has been fixed in VMware Tools for Windows. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by exploiting a race condition in the VM3DMP driver. VMware has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed vulnerabilities in IBM Spectrum Protect Backup Archive Client and IBM Spectrum Protect for Space Management. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to execute under elevated privileges execute arbitrary code. IBM has...
Vulnerability fixed in VMware vRealize Business for Cloud
VMware has fixed a vulnerability in virtual appliances of vRealize Business for Cloud. An unauthenticated remote malicious agent could remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code. To do so, the malicious party must maliciously send network...
Vulnerabilities fixed in Red Hat OpenShift
Red Hat has fixed vulnerabilities in OpenShift Container Platform. A malicious party could potentially exploit them to obtain elevated privileges on the vulnerable system or to cause a denial-of-service. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can...
Vulnerability fixed in OTRS
A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to send a rogue email message that must then be sent by the OTRS application to process. OTRS has released...
Vulnerability fixed in Citrix Cloud Connector
Citrix has discovered a vulnerability in the Cloud Connector client application. When the client is installed using command line parameters, these parameters are stored in readable text in the installation log file. These parameters may contain sensitive data, which a malicious person with access...
Vulnerabilities fixed in Microsoft .NET Core and Visual Studio
Microsoft has fixed vulnerabilities in .NET Core, Visual Studio and Visual Studio Code. An unauthenticated malicious person at remote user could potentially exploit it to cause a denial-of-service. The vulnerability with attribute CVE-2021-31938 could potentially be exploited by a local malicious...
Vulnerability fixed in Xerox AltaLink systems
Xerox has fixed a vulnerability in AltaLink systems. A remote malicious person could exploit the vulnerability to conduct execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to access the system. No CVE vulnerability h...
Vulnerability fixed in Red Hat Enterprise Linux
Red Hat has fixed a vulnerability in the Public Key Infrastructure PKI Core package. A component of this package writes out the administrator password during installation to a log file that is unjustifiably readable by any local user. A local malicious person with knowledge of the location of thi...
Vulnerability fixed in Redis
A vulnerability has been fixed in Redis. A malicious person at remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code under application privileges. The vulnerability is caused by an integer overflow that can be triggered via the command "STRALGO LCS" c...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab Community Edition and GitLab Enterprise Edition. The vulnerabilities allow a remote malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights...
Vulnerability fixed in WhatsApp
A vulnerability has been fixed in the Android versions of WhatsApp and WhatsApp Business. It involves a path-traversal vulnerability which could potentially be exploited remotely to overwrite files used by WhatsApp. There few substantive details of the vulnerability have been made publicly...
Vulnerability fixed in Squid
A vulnerability has been fixed in Squid. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause cause a denial-of-service. To do this, a rogue HTTP response message should be sent to the Squid service. The developers have released updates to fix the...
Vulnerabilities fixed in XWiki
Vulnerabilities have been fixed in XWiki. The vulnerabilities allow an authenticated malicious person to execute scripts without having the necessary permissions to do so. In addition, a malicious person with inactive account could bypass a security measure that allows access to the account to be...
Vulnerability fixed in Siemens SIMATIC
Siemens has fixed a vulnerability in several SIMATIC products. An unauthenticated malicious person with access to TCP port 102 could potentially exploit the vulnerability to manipulate system memory, execute arbitrary code and gain access to system data. Siemens has released updates to fix the...
Vulnerability fixed in SonicWall Network Security Manager
A vulnerability has been fixed in the SonicWall Network Security Manager. The vulnerability allows an authenticated malicious person remotely capable of injecting OS commands by sending a specially-prepared HTTP request. SonicWall has released updates to fix the vulnerability. fix. More informati...