4190 matches found
Vulnerabilities fixed in Oracle Linux
Vulnerabilities have been fixed in Oracle Linux. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges Oracle has released updates to fix the vulnerabilities. More...
Vulnerabilities fixed in Ghostscript
Vulnerabilities have been fixed in Ghostscript. The vulnerabilities allow a malicious party to cause a denial-of-service cause and to execute arbitrary code under the privileges of the user. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS and 18.04 LTS to fix the...
Fixed an issue in Citrix ADC and Citrix Gateway
Citrix has fixed an issue in ADC and Gateway which can lead to denial-of-service attacks. A malicious party could potentially potentially misuse DTLS to cause a Denial-of-Service. Abuse can only occur when DTLS is enabled. Citrix reports that limited scale attacks are currently being reported whi...
Vulnerability fixed in QNAP QTS
QNAP has fixed a vulnerability in QTS. A malicious party could potentially exploit the vulnerability to inject arbitrary commands into applications. QNAP has released updates to fix the vulnerability in QTS 4.5.1.1495 build 20201123. For more information, see:...
Vulnerability fixed in HPE Systems Insight Manager
A vulnerability has been fixed in HPE Systems Insight Manager. A malicious party could potentially exploit the vulnerability to execute arbitrary code under elevated privileges. The vulnerability is located in optional features called "Federated Search" and "Federated CMS Configuration." The...
Vulnerabilities fixed in Apple iOS and iPadOS
Vulnerabilities have been fixed in Apple iOS and iPadOS. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data App...
Vulnerability fixed in Adobe Acrobat and Reader
Adobe has fixed a vulnerability in Adobe Acrobat and Reader. The vulnerability allows a malicious party to obtain sensitive obtain information from the victim's context. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Foxit Reader and Foxit PhantomPDF
Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Foxit has released...
Vulnerabilities fixed in Microsoft Browsers
There are several vulnerabilities in Microsoft Edge. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code with user privileges. Also, the malicious impersonate another user. Microsoft Edge: |----------------|------|-------------------------------------| | CVE I...
Vulnerability fixed in MISP
CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS and thereby potentially execute arbitrary code in the context of the browser. CIRCL has released updates to fix th...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. A malicious party could potentially exploit the vulnerability to execute arbitrary PHP code execute under the application's permissions. To do so, the malicious party needs to upload a rogue .tar, .tar.gz, .bz2, or .tlz file uploaded to the Drupal server...
Vulnerabilities fixed in PHPMyAdmin
Ubuntu has fixed several vulnerabilities in the phpmyadmin package. The vulnerabilities allow an unauthenticated malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS SQL Injection Access to...
Vulnerability fixed in Red Hat JBoss Enterprise Application Platform
A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. The vulnerability allows a malicious party to able to execute an SQL injection and thereby obtain sensitive data to obtain sensitive data. Red Hat has released updates to fix the vulnerability. More information can b...
Vulnerabilities fixed in VMware ESXi, Workstation and Fusion
VMWare has fixed two vulnerabilities in VMWare Workstation, ESXi and Fusion. A malicious person with authorization in a virtual environment could exploit the vulnerabilities to break out of the virtual environment and execute arbitrary code with the permissions of the virtualization process on th...
Vulnerability fixed in Bitdefender update server
A vulnerability in Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools allows an unauthorized malicious party to bypass internal measures and communicate with hosts on the network. Bitdefender has released an update. For more information, see:...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. A malicious party could exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such attack can lead to the execution of arbitrary script code in the browser used to visit the application. Microsoft...
Vulnerabilities fixed in Apple macOS
Apple has fixed three 0-day vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the execution of arbitrary code. Apple reports that on a very limited scale abuse is being observed of these vulnerabilities. No PoC or exploit code publicly...
Multiple vulnerabilities fixed in F5 BIG-IP products
F5 has fixed several vulnerabilities in BIG-IP. Malicious remotely can exploit the vulnerabilities to cause a Denial-of-Service or perform Cross-Site-Scripting attacks. Authenticated malicious actors can exploit some of the vulnerabilities exploit them to bypass security measures and gain access...
Vulnerability fixed in Grafana
The vulnerability is known as a so-called Cross-Site Scripting. The vulnerability allows a remote malicious person to able to execute arbitrary code in the browser of the victim. Grafana Labs has released updates to fix the vulnerability. fix. More information can be found on the pages below:...
Vulnerabilities fixed in IBM Security Directory Server
Vulnerabilities have been fixed in IBM Security Directory Server. The vulnerabilities allow a malicious party to access system data. IBM has released updates to fix the vulnerabilities. More information can be found on the page below: https://www.ibm.com/support/pages/node/6356607...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in BIG-IP. The vulnerabilities allow a remote malicious party to cause a denial-of-service and to cause a security measure to be circumvention. F5 has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-5933:...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious person to gain access to system data and to cause a denial-of-service. Samba has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Trend Micro Antivirus for Mac
Trend Micro has fixed vulnerabilities in Antivirus for Mac. The vulnerabilities allow a locally authenticated malicious agent to able to cause a denial-of-service or to obtain system data obtain. Trend Micro categorizes these vulnerabilities according to the CVSSv3 method with a highest score of...
Vulnerability fixed in management console for 3PAR systems
HP has fixed a vulnerability in the StoreServ Management Console SSMC. SSMC is the Web-based management application for 3PAR StoreServ systems but can also be used to manage other storage systems. The vulnerability allows a malicious remotely able to bypass authentication. HP rates this...
Vulnerabilities fixed in VMware Horizon Server and Client
Vulnerabilities have been fixed in VMware Horizon Server and Client. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. VMware has released updates to fix the vulnerabilities. More information can be found on the page below...
Vulnerability fixed in ElasticSearch
A vulnerability has been fixed in ElasticSearch. The vulnerability allows a malicious person to obtain system data. This is only possible if Document or Field Level security is used. Elastic classifies this vulnerability with a CvSS score of 3.1. Elastic has released updates to fix the...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Adobe Photoshop. The vulnerability allows a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Oracle Siebel CRM
Oracle has fixed vulnerabilities in the following Oracle Siebel CRM products: Siebel Apps - Marketing Siebel UI Framework The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable application may be able to execute attacks that result in the following...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in the following Oracle PeopleSoft products: PeopleSoft Enterprise HCM Global Payroll Core PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise SCM eSupplier Connection The vulnerabilities allow an unauthenticated malicious person with network access to the...
Vulnerability fixed in Windows
Microsoft has fixed a vulnerability in the Windows Codecs Library. Users who had installed the HEVC codec from the Microsoft Store had installed it were vulnerable to the execution of arbitrary code by a remote malicious person. The malicious party to do this must induce the victim to play a rogu...
Vulnerability fixed in Visual Studio
Microsoft has fixed a vulnerability in Visual Studio. The vulnerability allows a remote malicious person to execute arbitrary code under user privileges. The malicious party must do this by inducing the victim to clone a rogue repository and then open a package.json here. Microsoft has released...
Vulnerability fixed in containerd
A vulnerability has been fixed in containerd, which is used by Docker and Kubernetes, among others. A malicious party could vulnerability potentially exploit it to gain access to login credentials to an internal or external image registry. To do so the malicious party must induce the user to pull...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2 and Db2 Connect. A unauthenticated remote malicious party can exploit the vulnerability potentially exploit it to cause a denial-of-service. IBM has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in JIRA
Atlassian has fixed a vulnerability in JIRA. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Atlassian has released updates to fi...
Vulnerabilities fixed in IBM Security Access Manager
IBM has fixed multiple vulnerabilities in IBM Security Access Manager. A malicious party could potentially exploit the vulnerabilities to obtain information about the system. Little substantive information about the vulnerabilities has been made publicly available. IBM has released updates to fix...
Vulnerabilities fixed in Cisco StarOS for ASR 5000 Series routers
Cisco has fixed multiple vulnerabilities in StarOS for ASR 5000 Series routers. A local malicious person with limited administrator privileges could potentially exploit the vulnerabilities to execute arbitrary code under root privileges. Cisco has released updates to fix the vulnerabilities in...
Vulnerabilities fixed in Red Hat ipa
Vulnerabilities have been fixed in Red Hat ipa. The vulnerabilities allow an unauthenticated malicious person to execute arbitrary code on the victim's browser. To do this, the malicious party must trick the victim into following a rogue hyper-link to follow. In addition, the vulnerabilities enab...
Vulnerability fixed in Trend Micro OfficeScan
A vulnerability has been fixed in Trend Micro OfficeScan. The vulnerability allows a malicious party to obtain elevated permissions and execute arbitrary code under the user's privileges. Trend Micro has released updates to fix the vulnerability. fix. More information can be found on the page...
Vulnerabilities fixed in Firefox and Firefox ESR
Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Spoofing Mozilla has...
Vulnerabilities fixed in VirtualBox
Vulnerabilities have been fixed in Oracle VirtualBox. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Code execution Administrator/Root privileges Access to sensitive data...
Vulnerabilities fixed in IP stack of various SIEMENS products
Siemens has fixed two vulnerabilities in the Linux IP stack of various industrial products. An unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service cause. The malicious party must have access to the production network. It is good practice not to have suc...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. An authentication check was missing in SAP Solution Manager. The vulnerabilities in SAP BusinessObjects Business Intelligence Platform were not explained further. SAP has released updates to fix the vulnerabilities. More information can be found on...
Vulnerability discovered in several Siemens products
Researchers have revealed that several Industrial products from Siemens are vulnerable to the so-called "CrossTalk" vulnerability in Intel Processors. A local malicious person with the rights to install software can exploit the vulnerability to gain access gain access to sensitive data. To do so,...
Vulnerability fixed in Microsoft SQL Server Reporting Services
There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to incorrect validation of attachments to reports. If successfully exploited, the vulnerability enables an authenticated malicious person able to add unauthoriz...
Vulnerability fixed in OpenSUSE
SUSE has made available an update to fix a vulnerability in the Linux kernel. The vulnerability allows a locally authenticated malicious person able to obtain elevated user privileges to obtain. See "Possible fixes" for more information. The developers of OpenSUSE have made updates available to f...
Vulnerabilities fixed in SAP Netweaver
SAP has fixed several vulnerabilities in SAP NetWeaver. These vulnerabilities allow malicious actors to remotely launch a Cross Site Scripting attack, or Server Side Request Forgery to execute execute. SAP has released updates to fix these vulnerabilities. For more information see:...
Vulnerability fixed in GnuTLS
A vulnerability has been fixed in GnuTLS. The vulnerability allows a remote malicious person who has access to a TLS server that the victim is connected to is able to cause a denial-of-service attack. To exploit the vulnerability the TLS connection must meet specific conditions. The developers of...
Vulnerabilities fixed in FreeBSD
The developers of FreeBSD have fixed several vulnerabilities fixed in several network modules used by FreeBSD. used. A malicious party on the local network could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the...
Vulnerability fixed in Atlassian Jira
Vulnerable versions of Atlassian Jira Server and Data Center allow a remote malicious person to enumerate project keys via a vulnerability in the /browse.PROJECTKEY endpoint. Atlassian has made version 8.12.0 of Jira available. More information can be found on the following page:...
Vulnerability fixed in Trend Micro OfficeScan
Trend Micro has fixed a vulnerability in OfficeScan. The vulnerability allows a malicious party to obtain elevated privileges obtain and to execute arbitrary code. Trend Micro categorizes this vulnerability according to the CVSSv3 method with a score of 7.8. Trend Micro has released updates to fi...