4190 matches found
Vulnerability fixed in VMware vRealize Business for Cloud
VMware has fixed a vulnerability in virtual appliances of vRealize Business for Cloud. An unauthenticated remote malicious agent could remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code. To do so, the malicious party must maliciously send network...
Vulnerabilities fixed in Red Hat OpenShift
Red Hat has fixed vulnerabilities in OpenShift Container Platform. A malicious party could potentially exploit them to obtain elevated privileges on the vulnerable system or to cause a denial-of-service. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can...
Vulnerability fixed in OTRS
A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to send a rogue email message that must then be sent by the OTRS application to process. OTRS has released...
Vulnerability fixed in Citrix Cloud Connector
Citrix has discovered a vulnerability in the Cloud Connector client application. When the client is installed using command line parameters, these parameters are stored in readable text in the installation log file. These parameters may contain sensitive data, which a malicious person with access...
Vulnerability fixed in Xerox AltaLink systems
Xerox has fixed a vulnerability in AltaLink systems. A remote malicious person could exploit the vulnerability to conduct execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to access the system. No CVE vulnerability h...
Vulnerability fixed in Red Hat Enterprise Linux
Red Hat has fixed a vulnerability in the Public Key Infrastructure PKI Core package. A component of this package writes out the administrator password during installation to a log file that is unjustifiably readable by any local user. A local malicious person with knowledge of the location of thi...
Vulnerability fixed in Redis
A vulnerability has been fixed in Redis. A malicious person at remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code under application privileges. The vulnerability is caused by an integer overflow that can be triggered via the command "STRALGO LCS" c...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab Community Edition and GitLab Enterprise Edition. The vulnerabilities allow a remote malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights...
Vulnerability fixed in WhatsApp
A vulnerability has been fixed in the Android versions of WhatsApp and WhatsApp Business. It involves a path-traversal vulnerability which could potentially be exploited remotely to overwrite files used by WhatsApp. There few substantive details of the vulnerability have been made publicly...
Vulnerability fixed in Squid
A vulnerability has been fixed in Squid. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause cause a denial-of-service. To do this, a rogue HTTP response message should be sent to the Squid service. The developers have released updates to fix the...
Vulnerabilities fixed in XWiki
Vulnerabilities have been fixed in XWiki. The vulnerabilities allow an authenticated malicious person to execute scripts without having the necessary permissions to do so. In addition, a malicious person with inactive account could bypass a security measure that allows access to the account to be...
Vulnerability fixed in SonicWall Network Security Manager
A vulnerability has been fixed in the SonicWall Network Security Manager. The vulnerability allows an authenticated malicious person remotely capable of injecting OS commands by sending a specially-prepared HTTP request. SonicWall has released updates to fix the vulnerability. fix. More informati...
Vulnerabilities verhopen in IBM WebSphere Appliction Server
IBM has fixed a vulnerability in WebSphere Application Server Java Batch. A malicious party could potentially exploit it to cause a denial-of-service or to gaining access to sensitive data. To do so, the malicious party induces the server to process a rogue XML file. processing. IBM has released...
Vulnerability fixed in Salt
A vulnerability has been fixed in Salt. A malicious person could vulnerability potentially exploit it to execute execute arbitrary code. To do this, the malicious party must have the ability to place a rogue file on a Salt monitored device. This file should then be passed through the Snapper modu...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been fixed in runc, a component of Red Hat OpenShift Container Platform. The vulnerability allows a malicious user under certain circumstances to themselves, through a rogue container image, to gain access to the host's file system. For more information about the vulnerability...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. The vulnerabilities allow a malicious person possibly unauthenticated and remote able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Circumvention of security measure Remote code executi...
Vulnerability fixed in QNAP QTS
QNAP has fixed a vulnerability in the QTS operating system. The vulnerability allows a local malicious person to perform a so-called path-traversal attack. In the event of a successful attack, a malicious party can compromise the integrity of files. QNAP has released updates to fix the...
Vulnerability found in Mozilla Firefox
Researchers have found a vulnerability in Mozilla Firefox. The vulnerability allows a remote malicious person to execute arbitrary JavaScript code in the context of the web browser. To exploit this vulnerability, a malicious person to induce the victim to visit a rogue server. visit. Then, the...
Vulnerabilities fixed in QEMU and libvirt
Vulnerabilities have been fixed in QEMU and libvirt. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges -= Red Hat =- Red Hat...
Vulnerabilities fixed in Adobe products
Adobe has fixed several vulnerabilities in After Effects, Creative Cloud, Illustrator, InDesign and Media Encoder. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access...
Vulnerabilities fixed in Adobe products
Adobe has released security updates for Adobe Acrobat Reader and Adobe Acrobat DC for Windows and macOS. These updates fix multiple critical and important vulnerabilities. Successful misuse can lead to execution of arbitrary code in the context of the current user, obtaining elevated privileges...
Vulnerabilities fixed in Microsoft Exchange
Vulnerabilities have been fixed in Microsoft Exchange. A malicious party could exploit the vulnerabilities to execute arbitrary code under the application's privileges, or possibly impersonate possibly impersonate another user. For the vulnerability with attribute CVE-2021-31207, Proof-of-Concept...
Vulnerability found in Dell firmware update driver
A vulnerability has been fixed in the Dell dbutil23.sys driver for Windows systems. This driver has been installed by default on all Dell laptop and desktop systems since 2009. A local malicious person could, by exploiting this vulnerability to gain SYSTEM privileges on the vulnerable system. For...
Vulnerability fixed in Snort
Cisco has fixed a vulnerability in Snort. A unauthenticated remote malicious agent could potentially exploit it to bypass a configured policy for HTTP traffic bypassing. As a result, rogue traffic might be not be properly processed by Snort. Cisco has released updates to fix the vulnerability in...
Vulnerabilities fixed in Apple Safari
Vulnerabilities have been fixed in Apple Safari. The vulnerabilities potentially allow a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to induce the user to visit a rogue page. Also, a malicious party in this way can cause the syst...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Aruba has fixed multiple vulnerabilities in ClearPass Policy Manager. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java. The vulnerabilities allow an unauthenticated remote malicious person to obtain system data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------|...
Vulnerability fixed in Oracle SQL developer
A vulnerability has been fixed in Oracle SQL Developer. The vulnerability allows an unauthenticated remote malicious person able to access and manipulate sensitive data. data to be manipulated. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR and Thunderbird. The vulnerabilities can be exploited by a malicious be exploited to cause a denial-of-service, access gain access to data in the context of the application, or to potentially execute arbitrary code with application...
Vulnerabilities fixed in Node.js
Several vulnerabilities have been fixed in Node.js. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. In addition, the vulnerabilities could be exploited to perform a prototype pollution attack. Depending on the Node.js application, this could...
Vulnerabilities fixed in WordPress
WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform an XML External Entity XXE attack. This vulnerability is located in the way uploaded MP3 files are processed ...
Vulnerabilities fixed in McAfee Endpoint Security
Due to cleartext transfer of sensitive information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers that use DNS use, a remote attacker can view ENS requests and responses from GTI via DNS. McAfee has released...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed several vulnerabilities in BIG-IP. A unauthenticated malicious party could potentially exploit them to cause a denial-of-service. F5 has released updates to fix the vulnerabilities. For more information, see: CVE-2021-22975: https://support.f5.com/csp/article/K21971977 CVE-2021-22977...
Vulnerability fixed in Mendix
The latest updates to Mendix fix a vulnerability that allows malicious authorized users can increase their privileges increase their privileges. Remove the authority to manage user roles for non-administrator roles to mitigate this security vulnerability for non-administrator users as a mitigatin...
Vulnerability fixed in Forcepoint Web Security
A vulnerability has been fixed in Forcepoint Web Security. A malicious party can exploit the vulnerability to launch an XML External Entity Injection XXE attack when processing of XML data. An external attacker could exploit it to obtain sensitive information. Forcepoint has released updates to...
Vulnerabilities found in Cisco Unified Communications Manager
Vulnerabilities have been found in Cisco Unified Communications Manager. The vulnerabilities allow a malicious party to manipulate data and obtain sensitive information. Cisco has not yet released updates to address the vulnerabilities. fix. More information can be found on the pages below:...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in Red Hat kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Increased user privileges -= Red Hat...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed several vulnerabilities in Jira. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure Accessing sensitive data Accessing...
Vulnerabilities fixed in Citrix Hypervisor (Xen)
Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a local malicious person with elevated permissions on a guest system able to cause the host system to crash. Citrix has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in LDB
Several vulnerabilities have been fixed in LDB. LDB is an embedded database in line with LDAP and is used among other things by SAMBA. An unauthenticated remote malicious party could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service on LDB cause. This...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to cause a denial-of-service or to obtain system data obtain. To do so, the malicious party must induce the victim to to visit a rogue website. Google has released updates to fix the vulnerabilities...
Vulnerabilities fixed in McAfee ePolicy Orchestrator
McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privilege...
Vulnerability fixed in Micro Focus products
A vulnerability has been fixed in several Micro Focus products. A malicious party could, by exploiting this vulnerability obtain the permissions with which the Operations Agent is is running on the vulnerable system. For Linux and Windows, these are root and SYSTEM users, respectively. Too little...
Vulnerabilities fixed in Red Hat Certificate System
Several vulnerabilities have been fixed in Red Hat Certificate System. A malicious party can exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Red Hat has made...
Vulnerability fixed in Adobe ColdFusion
Adobe has released updates to fix a vulnerability in ColdFusion. A malicious party could potentially exploit it to execute arbitrary code under the privileges of the application. Very limited details are currently available about the vulnerability. Adobe has released updates to fix the...
Vulnerabilities fixed in Tivoli Netcool/OMNIbus
IBM Tivoli Netcool / OMNIbusGUI is vulnerable to stored cross-site scripting XSS. This security vulnerability CVE-2021-20336 allows users insert arbitrary JavaScript code into the Web interface, thereby altering the intended functionality, potentially lead to the release of login credentials with...
Vulnerabilities fixed in the Ubuntu kernel
Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights -= Ubuntu =- Canonical...
Vulnerabilities fixed in Schneider Electric PowerLogic
Schneider Electric has fixed vulnerabilities in a number of PowerLogic products. An unauthenticated malicious person at remote could potentially exploit the vulnerabilities to cause a denial-of-service or to execute arbitrary code. Schneider Electric has released updates to address the...
Vulnerabilities fixed in F5 BIG-IQ
F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...