4189 matches found
Vulnerability fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere
A vulnerability has been fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA. The vulnerability allows an authenticated remote malicious party to execute system commands. No CVE attribute is currently available for this vulnerability. available. Aveva has released updates to fix the...
Vulnerability fixed in FortiClient
A vulnerability has been fixed in FortiClient. The vulnerability allows a malicious person with access to the system to execute or delete files with admin rights. The vulnerability is located in the FortiClient MSI installer. Fortinet has released updates to fix the vulnerability. More informatio...
Vulnerabilities fixed in the Linux kernel
Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= Debian =- Debian has made updates to...
Vulnerability fixed in Cisco Catalyst
A vulnerability has been fixed in Cisco Catalyst. The vulnerability is located in the IOS XE software. The vulnerability allows a locally authenticated malicious person to obtain elevated permissions and execute arbitrary code with these elevated privileges. Cisco has released updates to fix the...
Vulnerabilities fixed in IBM QRadar
Vulnerabilities have been fixed in IBM QRadar. The vulnerabilities have mostly been described previously in Linux kernel security advisories. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS...
Vulnerabilities fixed in FreeRADIUS
Two vulnerabilities have been fixed in FreeRADIUS. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive data obtain. To cause the denial-of-service, the malicious party must possess a system in the FreeRADIUS "circle of trust." The developers of FreeRADI...
Vulnerabilities fixed in MISP
Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights For these vulnerabilities, at the time of...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in Java SE JDK/JRE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...
Vulnerabilities fixed in the Linux kernel
Several vulnerabilities have been fixed in the Linux kernel. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to system data Increased user privileges -=...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code under the browser's permissions. As usual, Google has not made additional information made available about the fixed vulnerability. Google indicates tha...
Vulnerabilities fixed in IBM Db, Db2 on OpenShift and Cloud Pak for Data
Several vulnerabilities have been fixed in IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data. These vulnerabilities allow an attacker to execute arbitrary code execute arbitrary code or cause a denial-of-service DoS. For the vulnerabilities with attributes CVE-2021-33196 an...
Vulnerability fixed in HAProxy
A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...
Vulnerabilities fixed in Ruby
Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Ruby developers have released updates to address the vulnerabilities. More information can be foun...
Vulnerability fixed in libarchive
The developers of libarchive have fixed a vulnerability. The vulnerability allows a remote malicious party to view sensitive data or cause a denial-of-service DoS cause. To do so, the malicious party must induce a victim to install open a malicious and compressed file with an application that use...
Vulnerability fixed in Arista EOS switches
Arista has fixed a vulnerability in switches running on the EOS platform. The vulnerability is in the way VXLAN access rules are processed on the IP4 stack. Because this does not the access rule can be dropped in certain circumstances, allowing network traffic to pass unauthorized. Not all switch...
Vulnerability fixed in OpenBSD slaacd
A vulnerability has been fixed in OpenBSD slaacd. This is a service for IPv6 stateless address autoconfiguration SLAAC. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party needs to send a specially prepared router advertisement...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A malicious party could exploit the vulnerabilities to bypass security measures, execute arbitrary code on the underlying system, or gain access to sensitive information. However, the malicious party must have prior...
Vulnerabilities fixed in Adobe Acrobat
Adobe has fixed vulnerabilities in Acrobat. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...
Vulnerability fixed in OpenVPN
A vulnerability has been fixed in OpenVPN. A malicious person who has a user's partial credentials can exploit the exploit the vulnerability to bypass authentication. Only systems that use multiple external authentication plug-ins are vulnerable. OpenVPN has released updates to fix the...
Vulnerability fixed in libxml2
A vulnerability has been fixed in libxml2. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The developers of libxml2 have released an update to fix the vulnerability: https://gitlab.gnome.org/GNOME/libxml2/-/commit...
Vulnerabilities fixed in Drupal
Vulnerabilities have been fixed in CKEditor as used by Drupal. The vulnerability with reference CVE-2022-24728 can be exploited to perform a cross-site scripting attack. The vulnerability with attribute CVE-2022-24729 allows a malicious additionally able to cause a denial-of-service that is limit...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data Increased user privileges Python...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google has made little to no information made available about the fixed vulnerabilities. Google has released...
Vulnerabilities fixed in Apache HTTP Server
Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service or potentially execute arbitrary code. The vulnerability with attribute CVE-2022-22720 additionally enables an HTTP request...
Vulnerabilities fixed in APC UPS systems
Vulnerabilities have been fixed in Uninterruptible Power Supply UPS systems from APC. APC is part of Schneider Electric. These UPS systems are widely used in situations where up-time is very important. The vulnerabilities with reference CVE-2022-22805 and CVE-2022-22806 allow a remote malicious...
Vulnerabilities fixed in Firefox
Vulnerabilities have been fixed in Firefox. The vulnerabilities allow a remote malicious person to execute arbitrary code execute arbitrary code under the user's privileges; also, the vulnerability with reference CVE-2022-26486 the ability to break out of the sandbox of the browser. According to...
Vulnerabilities fixed in Asterisk
Vulnerabilities have been fixed in the Asterisk framework. The vulnerabilities potentially allow a malicious party to cause a denial-of-service or execute arbitrary code. Asterisk indicates that proof-of-concept code is in circulation from these vulnerabilities. Asterisk has made updates availabl...
Vulnerabilities fixed in IBM AIX kernel and Java SDK
Vulnerabilities have been fixed in IBM AIX versions 7.1-7.3. The vulnerabilities in the kernel with attributes CVE-2021-38994 and CVE-2021-38995 allow a malicious person to perform perform denial-of-service DoS attacks from a user with low privileges. This is caused by user input that is...
Vulnerabilities fixed in Ubuntu Linux kernel
Vulnerabilities have been fixed in the Ubuntu Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data...
Vulnerabilities fixed in Schneider Electric Modicon M241/M251
Schneider Electric has fixed vulnerabilities in the CODESYS web server and gateway components of Modicon M241 and M251 controllers. An unauthenticated remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the...
Vulnerabilities fixed in Red Hat OpenShift
Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A flaw in the input sanitization allowed a malicious person to potentially execute arbitrary commands at the OS level by uploading uploading a rogue image. To do this, the malicious party must have prior authorization to modif...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows an authenticated malicious person to to execute arbitrary code. To exploit the vulnerability exploit the vulnerability, high privileges are required. Microsoft Dynamics:...
Vulnerability fixed in Zimbra
A vulnerability has been fixed in Zimbra. An unauthenticated malicious party could exploit the vulnerability to perform a reflected cross-site scripting attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Within Zimbra,...
Vulnerability discovered in NetApp Clustered Data ONTAP
NetApp has discovered a vulnerability in Clustered Data ONTAP. The vulnerability is located in the version of the provided tool Expat and allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a Denial-of-Service. NetApp has not released any updates a...
Vulnerability fixed in PostgreSQL JDBC Driver
A vulnerability has been fixed in the PostgreSQL JDBC Driver. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code. The developers of the PostgreSQL JDBC Driver have released updates released updates to fix the vulnerability. More information can be...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made little technical...
Vulnerability found in Xerox printers
A researcher has found a vulnerability in VersaLink printers from Xerox. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. In order to exploit the vulnerability, the attacker must obtain a TIFF document with incomplete image directory...
Vulnerabilities fixed in Drupal core
Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a remote malicious person to execute arbitrary code to execute under the application's permissions. Google typically does not release details about the vulnerabilities but marks the vulnerability with attribut...
Vulnerability fixed in ClamAV
A vulnerability has been fixed in ClamAV. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause by having a rogue file opened by the parser in the application. The clamscan --gen-json function must be enabled. -= ClamAV =- Cisco has released updates to f...
Vulnerabilities fixed in Ghostscript
Vulnerabilities have been fixed in Ghostscript. A malicious person could potentially exploit the vulnerability to cause a denial-of-service cause. To do this, a specially prepared PostScript file to be processed by the Ghostscript instance. Because Ghostscript is commonly used on print servers in...
Vulnerability fixed in IBM AIX
IBM has fixed a vulnerability in AIX. A local malicious party can, through manipulation of the mount command execute arbitrary code, possibly with elevated privileges up to root privileges. IBM has released updates to fix the vulnerability in AIX v 7.1 and 7.2. For more information, see:...
Vulnerability fixed in Atlassian Jira
A vulnerability has been fixed in Atlassian Jira Server and Jira Data Center. A malicious party could exploit the vulnerability to performing a Cross-Site Scripting XSS attack. A such attack can result in the execution of arbitrary script code in the browser used to visit the application. To do...
Rootkit found in HPE iLO environments
Security researchers at AmnPardaz have published an investigation published about a rootkit found in HPE iLO systems. The malware, called "iLOBleed," was used, among other things, to to wipe a system's hard drives. Because the iLO subsystem has exceptionally high privileges, compromising it means...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made few technical...
Vulnerability fixed in Moxa MGate systems
Moxa has fixed a vulnerability in the MGate 5109 and MGate 5101-PBM-MN protocol gateway systems. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. Abuse is possible by continuously sending specially prepared network traffic, causing the gatewa...
Vulnerabilities fixed in X.Org X Server
Vulnerabilities have been fixed in X.Org X Server. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code or obtain elevated privileges. When using X Forwarding over SSH, the vulnerabilities may also be remotely exploitable. -=...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the user's privileges. Google has made few substantive details available about these vulnerabilities. Google has indicated that for the vulnerability...
Vulnerabilities fixed in IBM Spectrum Control
IBM has fixed vulnerabilities in software bundled at Spectrum Control. These include previously fixed vulnerabilities in underlying products and libraries such as node.js, OpenSSL and Websphere Liberty. Previous security advisories have been published. A malicious party can exploit the...
Vulnerability fixed in Dell Powerpath Management Appliance
Dell has fixed a vulnerability in the Powerpath Management Appliance. A locally authenticated malicious person could exploit the vulnerability to give himself admin rights and thereby executing arbitrary code on the vulnerable system. By using a default, hardcoded, password, the malicious party c...