4192 matches found
Vulnerabilities fixed in node.js
Vulnerabilities have been fixed in node.js. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data For the vulnerability with attribute CVE-2021-44906,...
Vulnerability fixed in Cisco Catalyst
A vulnerability has been fixed in Cisco Catalyst. The vulnerability is located in the IOS XE software. The vulnerability allows a locally authenticated malicious person to obtain elevated permissions and execute arbitrary code with these elevated privileges. Cisco has released updates to fix the...
Vulnerabilities fixed in SonicOS
Vulnerabilities have been fixed in SonicOS. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to gain access to system data. SonicWall has issued updates to fix the vulnerabilities in SonicOS. For more information, see below:...
Vulnerability fixed in SonicWall Global VPN Client
A vulnerability has been fixed in the Global VPN Client from SonicWall. This vulnerability allows a local malicious person with elevated privileges to execute arbitrary code on the system. SonicWall has released updates to fix the vulnerability. fix. For more information, see the link below:...
Vulnerability fixed in dnsmasq
A vulnerability has been fixed in dnsmasq.The vulnerability allows an unauthenticated remote malicious agent potentially capable of to cause a denial-of-service. -= openSUSE =- The developers of openSUSE have made updates available to fix the vulnerability in openSUSE Leap 15.3. You can install...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in Java SE JDK/JRE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...
Vulnerability found in 7zip for Windows
A vulnerability has been found in 7zip for Windows. This vulnerability allows a malicious person to obtain elevated privileges obtain and execute commands with these privileges. This can be accomplished by moving a file with a .7z extension to "Contents" within the "Help" menu. Within the 7z.dll ...
Vulnerabilities fixed in IBM Db, Db2 on OpenShift and Cloud Pak for Data
Several vulnerabilities have been fixed in IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data. These vulnerabilities allow an attacker to execute arbitrary code execute arbitrary code or cause a denial-of-service DoS. For the vulnerabilities with attributes CVE-2021-33196 an...
Vulnerability fixed in Grafana
A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...
Vulnerability fixed in libarchive
The developers of libarchive have fixed a vulnerability. The vulnerability allows a remote malicious party to view sensitive data or cause a denial-of-service DoS cause. To do so, the malicious party must induce a victim to install open a malicious and compressed file with an application that use...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Use...
Vulnerabilities fixed in Mozilla Firefox and Firefox ESR
Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remot...
Vulnerability fixed in Rapid7 Nexpose
A vulnerability has been fixed in Nexpose, the scanning tool from Rapid7. The vulnerability potentially allows a malicious party to to gain access to sensitive information via SQL injection. Rapid7 has made updates available to fix the vulnerability. fix. For more information, see:...
Vulnerability fixed in Arista EOS switches
Arista has fixed a vulnerability in switches running on the EOS platform. The vulnerability is in the way VXLAN access rules are processed on the IP4 stack. Because this does not the access rule can be dropped in certain circumstances, allowing network traffic to pass unauthorized. Not all switch...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A malicious party could exploit the vulnerabilities to bypass security measures, execute arbitrary code on the underlying system, or gain access to sensitive information. However, the malicious party must have prior...
Vulnerability fixed in OpenBSD slaacd
A vulnerability has been fixed in OpenBSD slaacd. This is a service for IPv6 stateless address autoconfiguration SLAAC. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party needs to send a specially prepared router advertisement...
Vulnerability fixed in IrfanView
A vulnerability has been fixed in IrfanView. The vulnerability allows a malicious party to cause a denial-of-service of the application or possibly under user privileges to cause execute arbitrary code. To do this, the malicious party needs to victim to open a rogue TIFF file. The developer has...
Vulnerabilities fixed in McAfee ePolicy Orchestrator
McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to sensitive dat...
Vulnerabilities fixed in MISP
Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Remote code execution User Rights The developers of MISP have released a new versi...
Vulnerability fixed in libxml2
A vulnerability has been fixed in libxml2. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The developers of libxml2 have released an update to fix the vulnerability: https://gitlab.gnome.org/GNOME/libxml2/-/commit...
Vulnerabilities fixed in Drupal
Vulnerabilities have been fixed in CKEditor as used by Drupal. The vulnerability with reference CVE-2022-24728 can be exploited to perform a cross-site scripting attack. The vulnerability with attribute CVE-2022-24729 allows a malicious additionally able to cause a denial-of-service that is limit...
Vulnerability fixed in OpenSSL
A vulnerability has been fixed in OpenSSL. The vulnerability allows an unauthenticated malicious person to cause a denial-of-service. To do so, the malicious party must offer a specially crafted certificate to the system that of OpenSSL. The vulnerability is caused by the "BNmodsqrt" function. Th...
Vulnerability fixed in Tibco JasperReports
A path-traversal vulnerability has been fixed in TIBCO JasperReports. TIBCO indicates that the vulnerability could theoretically could theoretically be used to obtain sensitive data obtain sensitive data from the system on which the JasperReports server is hosted. TIBCO has released updates to fi...
Vulnerabilities fixed in Yokogawa CENTUM VP
Vulnerabilities have been fixed in Yokogawa CENTUM VP. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerability fixed in F-Secure products
A vulnerability has been fixed in the F-Secure Support tool, which is is used in Business Suite and consumer products. A authenticated malicious person could potentially exploit it to execute arbitrary code under higher privileges. F-Secure has made available an update that fixes the described...
Vulnerability fixed in Mitel MiCollab and MiVoice Business Express
A vulnerability has been fixed in Mitel MiCollab and MiVoice Business Express. The vulnerability allows an unauthenticated remote malicious party to perform attacks that lead to the following categories of damage Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Th...
Vulnerabilities fixed in Microsoft Office
Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in Microsoft Defender
Microsoft has fixed vulnerabilities in Defender. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, be able to impersonate another user and execute arbitrary code in the context of a user. In order to exploit the vulnerabilities, the malicious party nee...
Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations
A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...
Vulnerability fixed in Liferay portal
A vulnerability has been fixed in Liferay Portal. The vulnerability potentially allows a remote malicious party to perform execute a Cross-Site Request Forgery XSRF attack. Liferay has made updates available to fix the vulnerability. fix. For more information, see:...
Vulnerabilities fixed in Trend Micro Server Protect
Trend Micro has fixed multiple vulnerabilities in Server Protect. The vulnerability with reference CVE-2022-25329 allows a remote malicious person to misuse a hardcoded password in order to perform administrative actions. perform. The other vulnerabilities allow an authenticated malicious person...
Vulnerability fixed in redis
A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...
Vulnerability fixed in Brocade Fabric OS
A vulnerability has been fixed in Brocade Fabric OS. There is at least one account with hardcoded credentials where the administrator is not forced to change the password by default. adjust. With the new versions of Fabric OS, this is now mandatory. Cisco has released updates to fix the...
Vulnerabilities fixed in DiskStation Manager (DSM)
Vulnerabilities have been fixed in DiskStation Manager. The vulnerabilities allow a remote malicious person to inject arbitrary web script or HTML. Synology has released updates to fix the vulnerabilities in DSM. For more information, see: https://www.synology.com/en-global/security/advisory...
Vulnerability fixed in ABB OPC Server for AC 800M
ABB has fixed a vulnerability in OPC Server for AC 800M systems. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to execute arbitrary code. Few substantive details about the vulnerability made publicly available. ABB has released update...
Vulnerabilities fixed in Red Hat OpenShift
Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A flaw in the input sanitization allowed a malicious person to potentially execute arbitrary commands at the OS level by uploading uploading a rogue image. To do this, the malicious party must have prior authorization to modif...
Vulnerabilities fixed in Dell PowerEdge
Intel has fixed vulnerabilities in chipset firmware as used by Dell PowerEdge servers. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges. The vulnerability with reference CVE-2021-33068 allows an authenticated remote malicious party additionally...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed several vulnerabilities in Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service, execute arbitrary code with user privileges, or to gain access to sensitive data within the scope of the application. The malicious party must to d...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the vulnerabilit...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in the Kestrel Web Server and Visual Studio Code. The vulnerabilities allow a malicious party to execute arbitrary code or cause a denial-of-service cause. The Denial-of-Service vulnerability with reference CVE-2022-21986 is located in the Kestrel web server. This...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows an authenticated malicious person to to execute arbitrary code. To exploit the vulnerability exploit the vulnerability, high privileges are required. Microsoft Dynamics:...
Vulnerability discovered in NetApp Clustered Data ONTAP
NetApp has discovered a vulnerability in Clustered Data ONTAP. The vulnerability is located in the version of the provided tool Expat and allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a Denial-of-Service. NetApp has not released any updates a...
Vulnerability fixed in Zimbra
A vulnerability has been fixed in Zimbra. An unauthenticated malicious party could exploit the vulnerability to perform a reflected cross-site scripting attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Within Zimbra,...
Vulnerability fixed in Cisco Web Security Appliance
A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an authenticated malicious person with access to the management interface is able to obtain sensitive data, such as passwords, by viewing the HTML code returned by the interface. Cisco has released updates to...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made little technical...
Vulnerability fixed in XStream
A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.19 to fix the vulnerability. More information can be found on...
Vulnerability fixed in Tenable Nessus
A vulnerability has been fixed in Tenable Nessus. Nessus makes uses Underscore.js, a JavaScript library. Developers of Underscore have fixed the vulnerability with reference CVE-2021-23358 fixed. This vulnerability allows an authenticated remote malicious person to execute arbitrary code by...
Vulnerabilities fixed in Autodesk Inventor
Vulnerabilities have been fixed in Autodesk Inventor. The vulnerabilities potentially allow a malicious party to execute code execute code under the application's permissions. The malicious party must entice a victim to open a rogue file to do so. open. Autodesk has released updates to address th...
Vulnerability found in Xerox printers
A researcher has found a vulnerability in VersaLink printers from Xerox. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. In order to exploit the vulnerability, the attacker must obtain a TIFF document with incomplete image directory...
Vulnerabilities fixed in node.js
Vulnerabilities have been fixed in node.js 12, 14 and 16. Due to a flaw in certificate handling, a remote malicious party could remotely could potentially manipulate traffic to an application running on node.js manipulate traffic to gain access to sensitive data. -= Fedora =- Fedora has made...