4190 matches found
Vulnerability fixed in redis
A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...
Vulnerability fixed in Brocade Fabric OS
A vulnerability has been fixed in Brocade Fabric OS. There is at least one account with hardcoded credentials where the administrator is not forced to change the password by default. adjust. With the new versions of Fabric OS, this is now mandatory. Cisco has released updates to fix the...
Vulnerabilities fixed in DiskStation Manager (DSM)
Vulnerabilities have been fixed in DiskStation Manager. The vulnerabilities allow a remote malicious person to inject arbitrary web script or HTML. Synology has released updates to fix the vulnerabilities in DSM. For more information, see: https://www.synology.com/en-global/security/advisory...
Vulnerability fixed in ABB OPC Server for AC 800M
ABB has fixed a vulnerability in OPC Server for AC 800M systems. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to execute arbitrary code. Few substantive details about the vulnerability made publicly available. ABB has released update...
Vulnerabilities fixed in Dell PowerEdge
Intel has fixed vulnerabilities in chipset firmware as used by Dell PowerEdge servers. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges. The vulnerability with reference CVE-2021-33068 allows an authenticated remote malicious party additionally...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the vulnerabilit...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed several vulnerabilities in Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service, execute arbitrary code with user privileges, or to gain access to sensitive data within the scope of the application. The malicious party must to d...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in the Kestrel Web Server and Visual Studio Code. The vulnerabilities allow a malicious party to execute arbitrary code or cause a denial-of-service cause. The Denial-of-Service vulnerability with reference CVE-2022-21986 is located in the Kestrel web server. This...
Vulnerability discovered in NetApp Clustered Data ONTAP
NetApp has discovered a vulnerability in Clustered Data ONTAP. The vulnerability is located in the version of the provided tool Expat and allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a Denial-of-Service. NetApp has not released any updates a...
Vulnerability fixed in Zimbra
A vulnerability has been fixed in Zimbra. An unauthenticated malicious party could exploit the vulnerability to perform a reflected cross-site scripting attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Within Zimbra,...
Vulnerability fixed in Cisco Web Security Appliance
A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an authenticated malicious person with access to the management interface is able to obtain sensitive data, such as passwords, by viewing the HTML code returned by the interface. Cisco has released updates to...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made little technical...
Vulnerability fixed in XStream
A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.19 to fix the vulnerability. More information can be found on...
Vulnerability fixed in Tenable Nessus
A vulnerability has been fixed in Tenable Nessus. Nessus makes uses Underscore.js, a JavaScript library. Developers of Underscore have fixed the vulnerability with reference CVE-2021-23358 fixed. This vulnerability allows an authenticated remote malicious person to execute arbitrary code by...
Vulnerabilities fixed in Autodesk Inventor
Vulnerabilities have been fixed in Autodesk Inventor. The vulnerabilities potentially allow a malicious party to execute code execute code under the application's permissions. The malicious party must entice a victim to open a rogue file to do so. open. Autodesk has released updates to address th...
Vulnerability fixed in McAfee Data Loss Prevention
A vulnerability has been fixed in McAfee Data Loss Prevention DLP. The vulnerability potentially allows a malicious party to execute code on the ePolicy Orchestrator-sever ePO. The malicious party must have access to the DLP database on the ePO server. Through a blind-SQL injection, it is possibl...
Vulnerabilities fixed in node.js
Vulnerabilities have been fixed in node.js 12, 14 and 16. Due to a flaw in certificate handling, a remote malicious party could remotely could potentially manipulate traffic to an application running on node.js manipulate traffic to gain access to sensitive data. -= Fedora =- Fedora has made...
Vulnerabilities fixed in Cisco StarOS Software
Cisco has fixed vulnerabilities in StarOS, the operating system of a series of Aggregation Services Routers ASR. Because the debug mode was misconfigured, a remote malicious party may be able to access sensitive information and may be able to execute arbitrary code under the root privileges of th...
Vulnerabilities fixed in McAfee Agent
Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially allow a malicious party to obtain elevated privileges to obtain or execute arbitrary code with the privileges of the application. McAfee has made updates available to address the vulnerabilities. fixes. For more...
Vulnerability fixed in Oracle JD Edwards EnterpriseOne Tools
Oracle has fixed a vulnerability in JD Edwards EnterpriseOne Tools. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------| | CVE-2021-23337 | 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |...
Vulnerability fixed in Oracle Java SE and GraalVM Enterprise Edition
Oracle has fixed vulnerabilities in the following products: Java SE JDK and JRE GraalVM Enterprise Edition The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise CS SA Integration Pack The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in Ghostscript
Vulnerabilities have been fixed in Ghostscript. A malicious person could potentially exploit the vulnerability to cause a denial-of-service cause. To do this, a specially prepared PostScript file to be processed by the Ghostscript instance. Because Ghostscript is commonly used on print servers in...
Vulnerability fixed in Siemens SIPROTEC systems
Siemens has fixed a vulnerability in SIPROTEC 5 systems. The vulnerability allows an unauthenticated malicious person to read information from the system. The vulnerability is located in the Web component of systems based on CPU variants CP050, CP100 and CP300. To exploit the vulnerability, the...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow an authenticated malicious person with access to the victim's network is able to execute arbitrary code. Overview of fixed vulnerabilities: |----------------|------|-------------------------------------| |...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made few technical...
Rootkit found in HPE iLO environments
Security researchers at AmnPardaz have published an investigation published about a rootkit found in HPE iLO systems. The malware, called "iLOBleed," was used, among other things, to to wipe a system's hard drives. Because the iLO subsystem has exceptionally high privileges, compromising it means...
Availability issue fixed in Microsoft Exchange
Due to a bug in the on-premises Microsoft Exchange Server 2016 and 2019, email may not have been sent out anymore. At this time, there is no reason to believe that incoming email has not been accepted. The accepted emails just could not be delivered. The problem could have occurred because of the...
Vulnerability fixed in Moxa MGate systems
Moxa has fixed a vulnerability in the MGate 5109 and MGate 5101-PBM-MN protocol gateway systems. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. Abuse is possible by continuously sending specially prepared network traffic, causing the gatewa...
Vulnerabilities fixed in Emerson DeltaV
Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the exploit the vulnerabilities to execute with elevated privileg...
Vulnerabilities fixed in Apache httpd
Apache has fixed two vulnerabilities in HTTP Server. The vulnerability with attribute CVE-2021-44224 is present when HTTP Server is configured as a forward proxy. The vulnerability allows a remote malicious person to cause a denial-of-service cause or potentially perform a cross-site request...
Vulnerabilities fixed in Microsoft Edge (Chromium)
Microsoft has fixed vulnerabilities in Edge Chromium-based. An unauthenticated malicious person can remotely exploit the vulnerabilities to remote exploit to execute arbitrary code in the scope of the browser. To do this, the malicious party must entice the victim to open a rogue Web page...
Vulnerability fixed in Cisco Web Security Appliance
A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. The Cisco Web Security Appliance can crash due to a large number of HTTP requests, manual actions may be necessar...
Vulnerability fixed in Dell Powerpath Management Appliance
Dell has fixed a vulnerability in the Powerpath Management Appliance. A locally authenticated malicious person could exploit the vulnerability to give himself admin rights and thereby executing arbitrary code on the vulnerable system. By using a default, hardcoded, password, the malicious party c...
Vulnerabilities fixed in IBM Spectrum Control
IBM has fixed vulnerabilities in software bundled at Spectrum Control. These include previously fixed vulnerabilities in underlying products and libraries such as node.js, OpenSSL and Websphere Liberty. Previous security advisories have been published. A malicious party can exploit the...
Vulnerability fixed in Fortinet products
A vulnerability has been fixed in FortiSandbox, FortiWeb, FortiADC and FortiMail. A malicious party in possession of the password store could potentially gain access to encrypted data. Fortinet has released updates to address the vulnerability. fix. For more information, see:...
Vulnerability fixed in Ngnix
F5 has fixed a vulnerability in NGINX. The vulnerability makes it possible to perform a denial-of-service attack by sending corrupt json data. The vulnerability is specifically in the JSON parser of the ModSecurity WAF module of NGINX Plus. F5 has made updates available to fix the vulnerability...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges The...
Vulnerability fixed in VxWorks
A vulnerability has been fixed in Wind River VxWorks 6.9 and 7. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by sending a specially prepared network packet to the IKE service. Wind River has released updates to fix the vulnerability fix in VxWorks. Fo...
Vulnerabilities fixed in Zoom products
Two vulnerabilities have been fixed in various Zoom products, including the Zoom Client for Meetings. A malicious party could vulnerabilities potentially exploit them to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights...
Vulnerabilities fixed in Red Hat Virtualization
Vulnerabilities have been fixed in Red Hat Virtualization for Red Hat Enterprise Linux 8. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges The...
Fixed vulnerabilities in the BIOS belonging to Intel processors
Intel has fixed two vulnerabilities in the BIOS code of the Pentium, Celeron, Xeon and Core processors. A malicious person with physical access and the authentication to access the BIOS could potentially exploit the vulnerabilities to grant himself elevated privileges and thus potentially execute...
Vulnerabilities fixed in IBM Security SiteProtector System
IBM has fixed two vulnerabilities in SiteProtector. A malicious party can exploit the vulnerabilities to execute arbitrary execute arbitrary JavaScript code in the Web interface to potentially gain access to system data or sensitive data, such as credentials. To do this, the malicious party must...
Vulnerability fixed in Ubuntu
Canonical has fixed a vulnerability in Ubuntu. The vulnerability is located in AccountsService. A local malicious party can, by exploiting this vulnerability, gain gain elevated privileges on the vulnerable system. Canonical has made updates available for Ubuntu 20.04 LTS, 21.04 and 21.10 to fix...
Vulnerabilities fixed in Citrix ADC, Gateway and SD-WAN WANOP Edition
Citrix has fixed two vulnerabilities in Citrix Application Delivery Controller ADC, Citrix Gateway and Citrix SD-WAN WANOP Edition. The vulnerabilities allow a remote malicious party to able to cause a denial-of-service DoS. The vulnerability with reference CVE-2021-22955 is located in Citrix ADC...
Vulnerability fixed in Cisco Small Business Series Switches
Cisco has fixed a vulnerability in several Small Business Series Switches. The vulnerability allows an unauthenticated malicious person with access to the management interface to obtain obtain administrator privileges. Successful exploitation requires a man-in-the-middle position between the...
Vulnerabilities fixed in Redis
Vulnerabilities have been fixed in Redis. The vulnerabilities allow an unauthenticated malicious person potentially able to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access to...
Vulnerability fixed in Cisco Prime Infrastructure
A vulnerability has been fixed in Cisco Prime Infrastructure. The vulnerability is known as a so-called Stored-Cross-Site Scripting and allows a malicious party to execute execute malicious code in the victim's Web browser. Cisco has released updates to fix the vulnerability. More information can...
Vulnerability fixed in Cisco Email Security Appliance (ESA)
A vulnerability has been fixed in Cisco Email Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. In order to vulnerability, a malicious party must send a rogue e-mail to the appliance. Due to insufficient inp...
Vulnerabilities fixed in Python
Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...