4190 matches found
Vulnerabilities fixed in Siemens Scalance and Ruggedcom
Siemens has fixed vulnerabilities in Scalance and Ruggedcom products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Access to sensitive data Siemens has...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Dynamics Business Central Control. A malicious party could potentially exploit it to execute arbitrary code under the privileges of the application on the underlying operating system. Microsoft has made updates available that fix the described vulnerability...
Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus
IBM has fixed vulnerabilities in the web interface of Tivoli Netcool/OMNIbus. An authenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visi...
Vulnerability fixed in OpenVPN
A vulnerability has been fixed in OpenVPN. The vulnerability allows a malicious party in a Man-in-the-Middle position to be able to bypass certificate-based authentication. To do so the malicious party must generate its own server certificate containing containing the hostname as it appears in th...
Vulnerability discovered in TLS implementations
Researchers have discovered a vulnerability in the way TLS traffic is processed. The vulnerability has been named ALPACA and is caused by the fact that IP addresses and port numbers are not authenticated by TLS. A malicious party with a Man-in-the-Middle position can therefore encrypt network...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution Use...
Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus
Vulnerabilities have been fixed in IBM Tivoli Netcool/OMNIbus. The vulnerabilities allow a malicious person to conduct attacks execute attacks that result in the following categories of damage: Server-Side Request Forgery SSRF. Cross-Site Scripting XSS. Denial-of-Service DoS Remote code execution...
Vulnerability fixed in Umbraco CMS
A vulnerability has been fixed in Umbraco CMS. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website. send. Umbraco has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Infoblox NIOS
A vulnerability has been fixed in Infoblox Network Identity Operating System NIOS. The vulnerability allows a malicious person with elevated privileges to cause a denial-of-service. Infoblox has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Broadcom Symantec products
Broadcom has fixed vulnerabilities in Symantec products. The vulnerabilities allow a malicious party to cause a denial-of-service and to obtain sensitive data obtain. Broadcom has been sparse in making information available regarding the vulnerabilities. Broadcom has released updates to address t...
Vulnerability fixed in Xterm
The developers of Xterm have fixed a vulnerability. The vulnerability can be exploited by an unauthenticated malicious person at a remote user to cause a Denial-of-Service, or possibly executing arbitrary code with the privileges of the process. -= SUSE =- SUSE has made updates available to fix t...
Vulnerabilities fixed in Synology DiskStation Manager
Vulnerabilities have been fixed in Synology DiskStation Manager. An authenticated malicious person can exploit the vulnerabilities to obtain sensitive information and system data, as well as to execute arbitrary code under the privileges of the user. Synology has released updates to fix the...
Vulnerability fixed in Cisco Email Security Appliance and Web Security Appliance
Cisco has fixed a vulnerability in the integration of Advanced Malware Protection AMP for Endpoints in Cisco Email Security Appliance and Cisco Web Security Appliance. The vulnerability involves improper validation of TLS certificates. A malicious party could, as a result, via a Man-in-the-Middle...
Vulnerability fixed in Cisco AnyConnect Secure Mobility Client
Cisco has fixed a vulnerability in AnyConnect Secure Mobility Client. A local malicious agent could potentially exploit it to execute arbitrary code under SYSTEM privileges. Only clients on which the VPN Posture HostScan Module is installed are vulnerable. Cisco has released updates to fix the...
Vulnerability fixed in VMware Workspace ONE UEM
VMware has fixed a vulnerability in Workspace ONE UEM console. An unauthenticated remote malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack could result in the execution of arbitrary script code in the browser used to visit the...
Vulnerability fixed in IBM Integration Bus
A vulnerability has been fixed in IBM Integration Bus. A malicious party could potentially exploit the vulnerability in the Javascript lodash module potentially exploit it to execute arbitrary commands on the underlying system. IBM has released updates to fix the vulnerability. For more...
Vulnerability fixed in polkit
A vulnerability has been fixed in polkit, an integral part of several Linux distributions. A local malicious person could gain root privileges by exploiting this vulnerability on the vulnerable system. GitHub has published more information about this vulnerability. For more information see:...
Vulnerability fixed in Rockwell Automation FactoryTalk
A vulnerability has been fixed in Rockwell Automation FactoryTalk Services Platform. The vulnerability allows an authenticated remote malicious person able to assume the same rights as a locally logged on user. Rockwell Automation has released updates and mitigating measures released to address t...
Vulnerabilities fixed in IBM Spectrum Protect Server
Vulnerabilities have been fixed in IBM DB2 as used in IBM Spectrum Protect. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to system data T...
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Spoofing Increased user privileges -= SUSE =- SUSE has made updates available to address the...
Vulnerabilities fixed in Microsoft applications
Microsoft has fixed vulnerabilities in 3D Viewer, Paint 3D and Intune Management Extension. A malicious party could potentially exploit the vulnerabilities in 3D Viewer and Paint 3D potentially exploit them to gain access to sensitive data or to execute arbitrary code. To do this, the malicious...
Vulnerability fixed in Cisco products
Cisco has fixed a vulnerability in the following products: Cisco Adaptive Security Appliance ASA Cisco Content Security Management Appliance SMA Cisco Email Security Appliance ESA Cisco Firepower Threat Defense FTD. Cisco FXOS Cisco Web Security Appliance WSA The vulnerability potentially allows ...
Vulnerability fixed in NetApp Clustered Data ONTAP
NetApp has fixed a vulnerability in Clustered Data ONTAP. A remote malicious party could potentially exploit it to cause a denial-of-service. Few substantive details about the vulnerability publicly available made available. NetApp has released updates to fix the vulnerability in Clustered Data...
Vulnerability fixed in DHCP
A vulnerability has been fixed in DHCP. The vulnerability allows a remote malicious party to cause a denial-of-service. cause. ISC has released updates to fix the vulnerability. More information can be found on the page below: https://kb.isc.org/docs/cve-2021-25217 -= Ubuntu =- Canonical has made...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities allow a malicious person possibly unauthenticated and remote to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...
Vulnerability fixed in Apache Cassandra
A vulnerability has been found in Apache Cassandra. The vulnerability allows a local malicious person to obtain to obtain sensitive information. Apache categorizes this vulnerability according to the CVSSv3 method with a score of 5.9. Apache has released updates to fix the vulnerability. More...
Vulnerability fixed in Redis
A vulnerability in Redis has been fixed. The vulnerability allows a local malicious agent to cause a denial-of-service cause, potentially executing arbitrary code under rights of the application as a result. Redis developers categorize this vulnerability according to the CVSSv3 method with a scor...
Vulnerability fixed in Huawei S5700 switch series
Huawei has fixed a vulnerability in its S5700 switch series. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a Denial-of-Service. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...
Legal vulnerabilities fixed in RedHat AMQ Streams
Red Hat has fixed vulnerabilities in AMQ Stream 1.6.4. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access via path-traversal to potentially sensitive data. -= Red Hat =- Red Hat has made updates available for Red Hat AMQ Stream. U can install these...
Vulnerability fixed in Graphviz
Graphviz developers have fixed a vulnerability. A malicious party could exploit the vulnerability to execute arbitrary code with the rights of the calling process. The malicious party needs to submit a rogue file to Graphviz to do this. to Graphviz. If Graphviz is used in a web environment, this...
Vulnerabilities fixed in Google Chrome for desktop
Vulnerabilities have been fixed in Google Chrome for desktop. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data As usual, Google makes few...
Vulnerability fixed in Foxit products
A vulnerability has been fixed in Foxit products. The vulnerability allows an unauthenticated remote malicious person able to cause a denial-of-service with potentially the execution of arbitrary code under user privileges. The malicious party to do this must induce the victim to open a rogue fil...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit them to cause a denial-of-service or execute arbitrary execute arbitrary code with the privileges of the logged-in user. The vulnerability with CVE attribute CVE-2021-29951...
Vulnerabilities fixed in Redis
Two vulnerabilities have been fixed in Redis. A malicious person could potentially exploit the vulnerability to cause a denial-of-service cause or potentially execute arbitrary code with the privileges of the application. Redis has released updates to fix the vulnerabilities. For more information...
Vulnerabilities fixed in Exim
Vulnerabilities have been fixed in Exim. Collectively, these vulnerabilities named "21nails." The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Remote code executio...
Vulnerabilities fixed in Cisco ASA and FTD
Vulnerabilities have been fixed in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service or execute arbitrary commands execute in the underlying operating system with the privilege...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. The vulnerability allows a malicious person to execute arbitrary code in the context of the browser if it manages to get the user to visit a rogue page to visit a vulnerable Drupal site. Drupal has released updates to fix the vulnerability. For more...
Vulnerability fixed in DB2
IBM has fixed a vulnerability in DB2 including DB2 Connect Server. Because of incorrect file permissions, a local malicious party is able to manipulate arbitrary files and gain access to system data and sensitive data. IBM has released updates to fix the vulnerability in DB2. For more information...
Vulnerabilities fixed in macOS
Apple has fixed a large number of vulnerabilities in Apple macOS Big Sur 11, Catalina 10.15 and Mojave 10.14. A malicious person can exploit the vulnerabilities to cause the following categories of damage cause: Circumvention of security measure. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Apple iOS and iPadOS
The vulnerabilities enable a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root rights Remote code execution User rights Spoofing Accessing sensitive data Access to system data...
Vulnerability fixed in Oracle SQL developer
A vulnerability has been fixed in Oracle SQL Developer. The vulnerability allows an unauthenticated remote malicious person able to access and manipulate sensitive data. data to be manipulated. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerability fixed in SonicWall Email Security
SonicWall has fixed a vulnerability in Email Security. A authenticated malicious party can exploit the vulnerability to be able to read arbitrary files on the vulnerable system. SonicWall has released updates to fix the vulnerability in Email Security on Premise and Hosted v10.0.9. For more...
Vulnerabilities fixed in Oracle VirtualBox
Vulnerabilities have been fixed in Oracle Virtualization. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to sensitive...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the rights of the application or cause a denial-of-service. To do this, the malicious party must induce the victim to visit a malicious...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java. The vulnerabilities allow an unauthenticated remote malicious person to obtain system data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------|...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Actively exploited vulnerability found in Pulse Connect Secure
A vulnerability has been found in Pulse Connect Secure. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Pulse Connect Secure system. The vulnerability has a CVSS3.1 score of 10. Pulse Secure...
Vulnerabilities fixed in QEMU
Several vulnerabilities have been fixed in QEMU. A malicious person can exploit the vulnerabilities to cause a denial-of-service cause, both in the guest system and the host system. Also a malicious party could potentially access memory that is allocated to guest systems other than his own. -= SU...
Vulnerability fixed in DELL PowerEdge and X-series
DELL has fixed a vulnerability in the firmware of their PowerEdge and X-series systems. Weak encryption allowed an unauthenticated malicious person to obtain the login credentials of another user and thereby gain elevated privileges. DELL has released updates to fix the vulnerability in PowerEdge...
Vulnerability fixed in Cisco AnyConnect Secure Mobility Client
A vulnerability in the IPC channel of Cisco AnyConnect Secure Mobility Client, an authenticated, local attacker can cause a Denial-of-Service DoS exploit on an affected device. To exploit this security vulnerability, the attacker must have have valid login credentials on the device. Cisco has...