4190 matches found
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed several vulnerabilities in Microsoft Office and Microsoft SharePoint. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges...
Vulnerabilities fixed in IBM MQ
An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated malicious agent to obtain sensitive information and cause the initiation of a denial-of-service DoS IBM has released updates to fix the vulnerability. More information can be found on the page...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure The vulnerability with attribute CVE-2020-1971 can only be exploited be exploited...
Vulnerabilities fixed in Dovecot
A malicious party could exploit the vulnerabilities to cause a denial-of-service and to read e-mail from other users. Dovecot has released updates to fix the vulnerabilities. For more information, see the following pages: CVE-2020-24386:...
Vulnerabilities fixed in Huawei CloudEngine switches
Huawei has fixed multiple vulnerabilities in several CloudEngine switches. A remote malicious party could potentially exploit these vulnerabilities potentially exploit them to cause a denial-of-service DoS. In addition, a local malicious party that already in possession of elevated privileges can...
Vulnerability fixed in Zyxel products
Due to the lack of input string cleanup in the CGI program "chgexppwd", a malicious party can inject commands inject. Zyxel has released updates to fix the vulnerability. For more information see: https://www.zyxel.com/support /Zyxel-security-advisory-for-command-injection-vulnerability-of-f...
Vulnerabilities fixed in Treck TCP/IP
Vulnerabilities have been fixed in the low-level TCP/IP stack of fabriant Treck Inc. The vulnerabilities allow a malicious person to able to perform attacks that potentially lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Acces...
Vulnerabilities fixed in WebKitGTK
Vulnerabilities have been fixed in WebKitGTK. The vulnerabilities allow a malicious person to execute arbitrary code execute under the user's privileges. The malicious party must victim to open a rogue page to exploit these vulnerabilities to be exploited. The developers of WebKitGTK have release...
Vulnerability fixed in Atlassian Crucible
A vulnerability has been fixed in Atlassian Crucible. The vulnerability allows a malicious party to perform a denial-of-service attack. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse...
Vulnerabilities fixed in MediaWiki
The developers of MediaWiki have fixed a number of vulnerabilities fixed in the latest software update. A malicious party could potentially exploit the vulnerabilities potentially exploit them to gain access to sensitive data, because in certain circumstances user data may end up in accessible...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service Manipulation of data Access to sensitive data Red Hat has released updates to address the...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed several vulnerabilities in Firefox. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing sensitive data T...
Vulnerabilities fixed in Cisco Jabber Desktop and Mobile Client
Vulnerabilities have been fixed in Cisco Jabber Desktop and Mobile Client. The vulnerabilities allow a remote malicious person to able to perform attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive dat...
Vulnerability fixed in NetApp
Netapp Snap Creator Framework includes Apache Tomcat. Apache Tomcat versions 8.5.1 through 8.5.59, 9.0.0.M5 through 9.0.39, and 10.0.0-M1 through 10.0.0-M9 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information. Netapp has release...
Vulnerability fixed in OpenSSL
A vulnerability has been fixed in OpenSSL. When a remote malicious party manages to provide a rogue certificate and a rogue certificate-revocation-list manages to offer them to an ssl server or ssl client, a denial-of-service can be caused by doing so. OpenSSL has released updates to fix the...
Vulnerabilities fixed in Schneider Electric equipment
Vulnerabilities have been fixed in Schneider Electric devices. The vulnerabilities allow an unauthorized malicious person at remotely capable of causing a denial-of-service and obtaining obtain sensitive data. Schneider Electric has released updates to fix the vulnerability. fix. More information...
Multiple vulnerabilities fixed in IBM Aspera
IBM has fixed several vulnerabilities in the Aspera Suite. The vulnerabilities are in the underlying OpenSSL, cURL libcurl and FasterXML jackson databind software. A malicious party could potentially exploit the vulnerabilities to bypassing security measures, accessing sensitive data and from bei...
WIBU CodeMeter vulnerabilities fixed
Wibu-Systems has fixed vulnerabilities in CodeMeter. Successful exploitation of these vulnerabilities could allow a malicious person to modify and forge a license file, create a denial-of-service condition, potentially execute remote code execute, read heap data, and disrupt the normal operation ...
Vulnerability fixed in DNS implementations
Researchers have discovered a vulnerability in a number of DNS implementations. The researchers have named the vulnerability SAD DNS, an acronymmm for Side-channel AttackeD DNS. This vulnerability has since been given CVE attribute CVE-2020-25705. The vulnerability allows a malicious party to rou...
Vulnerability fixed in JBoss Wildfly
A vulnerability has been fixed in Wildfly. The vulnerability allows a malicious person with access to the log data of the Wildfly instance to be able to obtain clear-text stored passwords. obtain. Red Hat has released updates to fix the vulnerability in Wildfly. More information can be found on t...
Vulnerabilities fixed in Trend Micro products
Vulnerabilities have been fixed in Trend Micro Internet Security and Anti-Virus+ Security. The vulnerabilities allow a local malicious party potentially able to obtain elevated privileges by inserting rogue DLL files. Trend Micro has released updates to address the vulnerabilities. fixes. More...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2, Db2 Connect Server and Db2 Accessories Suite. An authenticated malicious person with access to the system could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. IBM has released updates to fix the vulnerability. For...
Vulnerability fixed in tcpdump
A vulnerability has been fixed in tcpdump. The vulnerability allows a remote malicious person to cause a denial-of-service cause. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE Linux Enterprise Module for Basesystem 15-SP1 & 15-SP2. You can install these custom...
Vulnerability fixed in F5 BIG-IP
F5 Networks has fixed a vulnerability in a limited number of BIG-IP platforms. The vulnerability allows a malicious party with network access to the vulnerable system may be able to retrieve TCP sequence numbers used in previous, independent TCP connections. These sequence numbers can be used by...
Vulnerabilities fixed in Cisco Webex and Cisco Webex Server
Vulnerabilities have been fixed in Cisco Webex Meetings and Cisco Webex Meetings Server. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Remote code execution User Rights...
Vulnerabilities fixed in Cisco Security Manager
Cisco has fixed multiple vulnerabilities in Cisco Security Manager. An unauthenticated remote malicious person could potentially exploit the vulnerabilities potentially exploit them to execute arbitrary code execute under SYSTEM privileges or to gain access to certain user credentials. For the...
Vulnerabilities fixed in Micro Focus ArcSight Logger
Vulnerabilities have been fixed in Micro Focus ArcSight Logger. The vulnerabilities allow a remote malicious person to execute arbitrary code under the user's privileges. Micro Focus has released updates to address the vulnerabilities. fixes. More information can be found on the page below:...
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing system data...
Vulnerabilities in processors fixed
Researchers have found vulnerabilities in several processors. The vulnerabilities marked CVE-2020-8694 and CVE-2020-8695 have been named Platypus, an acronym for Power Leakage Attacks: Targeting Your Protected User Secrets. The vulnerabilities allow a local malicious person to obtain obtain...
Vulnerabilities fixed in Chrome
Google has released a new version of Chrome that fixes two vulnerabilities are fixed. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code with the victim's privileges. Google reports being aware that the vulnerabilities are in limited extent being exploited ...
Vulnerabilities fixed in PAN OS
Palo Alto has fixed several vulnerabilities in PAN OS. The most serious vulnerability, with attribute CVE-2020-2050, is rated by Palo Alto rated with a CVSS score of 8.2 and is located in the GlobalProtect SSL VPN component. An unauthenticated malicious party can remotely exploit this vulnerabili...
Vulnerability fixed in Cisco IOS XR
Due to a vulnerability in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, an unauthenticated remote malicious agent to cause a denial-of-service DoS on an affected device. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For more information, see:...
Vulnerabilities fixed in OSIsoft PI Vision
OSIsoft has fixed two vulnerabilities in PI Vision. The vulnerabilities can be exploited by a malicious party to perform a Cross-Site-Scripting XSS attack or to obtain system information. The XSS attack requires the malicious party to have write permissions in PI ProcessBook files. OSIsoft has...
Vulnerabilities identified in Siemens S7 products
Vulnerabilities have been identified in Siemens S7 products. The vulnerabilities enable a remote malicious person to to cause a denial-of-service and to circumvent a security measure circumvention. Siemens categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 5....
Vulnerability fixed in Cisco IP phone
Due to a vulnerability in the TCP packet processing functionality of Cisco IP Phones allows an unauthenticated remote malicious agent to remotely cause the phone to stop responding to incoming calls, disconnects connected calls, or unexpectedly reloads. Cisco has made an update available to fix t...
Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client
Cisco has fixed vulnerabilities in AnyConnect Secure Mobility Client. The vulnerabilities allow a locally authenticated malicious party to execute arbitrary code under the victim's privileges and to obtain sensitive information obtain. For the vulnerability with attribute CVE-2020-5336, Cisco...
Multiple vulnerabilities in Cisco Webex products
Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Cisco has made updates available to address the vulnerabilities. fixes. More information...
Vulnerability fixed in Fortimail
A vulnerability has been fixed in Fortimail. An unauthenticated remote malicious party could potentially obtain sensitive software version information by reading a JavaScript file to be read. Fortinet has made updates available to fix the vulnerability fix in FortiMail. For more information see:...
Several vulnerabilities fixed in Google Chrome
Google has released a new version of Chrome. This new version fixes a number of vulnerabilities that allow a malicious can launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Increased user privileges Google mentions having...
Vulnerabilities fixed in QNAP QTS
Vulnerabilities have been fixed in QNAP-QTS, Music-Station and Photo-Station. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to system data QNAP has...
Vulnerabilities fixed in MariaDB
Vulnerabilities have been fixed in MariaDB. The vulnerabilities allow a malicious person to perform a denial-of-service execution. In the case of the vulnerability with attribute CVE-2020-13249, it also involves an attack from the network. -= Ubuntu =- Canonical has made updates available for...
Vulnerability fixed in Red Hat OpenShift
Red Hat has fixed a vulnerability in OpenShift. The vulnerability allows a malicious owner of a pod to possible to bypass a security measure in the restricted Context Constraints Object to bypass. This enables the malicious person to enabled to send custom network packets. Red Hat scales this...
Vulnerabilities fixed in Oracle Solaris
Oracle has fixed several vulnerabilities in Solaris. By exploiting the vulnerabilities, an unauthorized malicious person can gain remote access to the system. It also allows local users bypass security measures or cause a denial-of-service. Oracle has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in the following Oracle Hyperion products: Hyperion Analytic Provider Services Hyperion BI+ Hyperion Essbase Hyperion Infrastructure Technology Hyperion Planning Hyperion Lifecycle Management The vulnerabilities allow an unauthenticated malicious person with netwo...
Vulnerability fixed in Adobe Premiere
Adobe has fixed a vulnerability in Premiere. The vulnerability allows a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in After Effects. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in libvirt
Vulnerabilities have been fixed in libvirt. The vulnerabilities allow a local malicious person to obtain elevated privileges obtain or perform a denial-of-service attack. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix the vulnerability in SUSE 15. You can...
Vulnerability fixed in Juniper Junos OS for PTX and QFX
Juniper Networks has fixed a vulnerability in Junos OS for the PTX and QTX platforms. An unauthenticated malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service attack. To do this, rogue network traffic should be sent to the vulnerable device. Only...
Vulnerability fixed in Rapid7 Nexpose
Rapid7 has fixed a vulnerability in Nexpose. The vulnerability potentially allows a local malicious person to perform a SQL injection attack that could access gain access to sensitive data or manipulate data. Rapid7 has released updates to fix the vulnerability in Nexpose 6.6.49. For more...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in IBM MQ. A local, authenticated malicious party could potentially exploit it to gain access to log files containing information about the system. IBM has released updates to fix the vulnerability. For more information, see:...