4189 matches found
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...
Vulnerabilities fixed in Zabbix
SUSE has fixed vulnerabilities in its Zabbix packages. The vulnerabilities relate to an incorrectly implemented mechanism that protects against cross-site request forgery CSRF attacks and on insecure password hashing. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE...
Vulnerabilities fixed in VMware vRealize Operations
VMware has fixed two vulnerabilities in vRealize Operations, vRealize Suite Lifecycle Manager and Cloud Foundation. A unauthenticated malicious party can exploit the vulnerability with attribute CVE-2021-21975 to gain access to authentication credentials of administrators. The vulnerability with...
Vulnerability fixed in OpenAM
A vulnerability has been fixed in OpenAM. The vulnerability allows an unauthenticated remote malicious person to use of an LDAP injection attack to obtain sensitive information. Updates have been released to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in SpamAssassin
The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...
Vulnerability fixed in Apple iOS and iPadOS
A vulnerability has been fixed in Apple iOS and Apple iPadOS. The vulnerability is located in the WebKit component and is referred to as Universal Cross-site Scripting UXSS. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under browser privileges. The...
Vulnerabilities fixed in XStream
Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights Access to sensitive data The...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...
Vulnerability found in ProFTPd
A vulnerability has been found in ProFTPd. An unauthenticated malicious party can remotely exploit the vulnerability to cause a denial-of-service attack. No CVE ID issued. ProFTP has not yet released updates to address the vulnerability. fix in ProFTPd...
Vulnerability fixed in GitLab
GitLab developers have fixed a serious vulnerability fixed in GitLab Community Edition and Enterprise Edition. The vulnerability allows an authenticated malicious person to execute arbitrary code on the server. A CVE ID has been requested for this vulnerability but has not yet been assigned. GitL...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in the kernel of Red Hat Enterprise Linux 7. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution User...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...
Vulnerabilities fixed in NetBSD
The developers of NetBSD have fixed a number of vulnerabilities fixed in NetBSD's IP stack. Because packet IDs are not randomly are not randomly generated by default, a malicious party can predict the IP traffic. predict, allowing the malicious party to launch a man-in-the-middle attack to obtain...
Vulnerabilities fixed in Red Hat OpenShift Virtualization
Red Hat has released updates to address multiple vulnerabilities fixes in OpenShift Virtualization. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities in OpenShift Virtualization. For more...
Vulnerability fixed in GNU git
GNU has fixed a vulnerability in git. A malicious person could exploit the vulnerability to create a rogue repository from which scripts are automatically executed upon check out. This allows the malicious party to execute arbitrary code with permissions of git on the vulnerable system. GNU has...
Vulnerability fixed in Squid
Squid's developers have fixed a vulnerability. A authenticated user can exploit the vulnerability via an HTTP-Request Smuggling attack to still gain access gain access to services and websites that should be shielded. Squid has released updates to fix the vulnerability in Squid v 4.14 and 5.0.5...
Vulnerabilities fixed in Oracle Enterprise Linux
Oracle has fixed vulnerabilities in Oracle Enterprise Linux. The vulnerabilities allow a local, authenticated malicious agent to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Code execution at the kernel level Increased user privileges -= Oracle ...
Vulnerability fixed in QEMU
A vulnerability has been fixed in QEMU. The vulnerability allows potentially allow a local malicious person from a guest system to execute arbitrary code on the host system under root permissions. Exploiting the vulnerability is no easy task. -= Red Hat =- Red Hat has made updates available for R...
Vulnerability fixed in Xerox products
A vulnerability has been fixed in Xerox Phaser, WorkCentre and VersaLink. The vulnerability allows a malicious person to execute arbitrary code under the user's privileges. Xerox did not release any substantive details about this vulnerability. No CVE attribute has been assigned to this...
Vulnerability fixed in OpenSSH
A vulnerability has been fixed in OpenSSH. The vulnerability allows a malicious party with access to the SSH agent socket to cause a Denial-of-Service and potentially execute arbitrary code. execute. No CVE attribute has been reserved for this vulnerability yet. The developers of OpenSSH have...
Vulnerabilities fixed in Veritas Backup Exec
Veritas has fixed three vulnerabilities in Veritas Backup Exec. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to execute commands under SYSTEM privileges on systems on which a Veritas Backup Exec Agent is installed. In addition, the vulnerabilities can be...
Vulnerability fixed in Redis
A vulnerability has been fixed in Redis. A malicious party could vulnerability potentially exploit it to cause a denial-of-service cause or execute arbitrary code under privileges of the Redis application. Only Redis installations with a bulk input size significantly higher than 512MB are...
Vulnerabilities fixed in Salt
Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing authentication Bypassing security measur...
Vulnerability fixed in NetApp products
A vulnerability has been fixed in NetApp products. The vulnerability allows an unauthenticated remote malicious person able to use a so-called man-in-the-middle attack to obtain to obtain sensitive data. Exploiting this vulnerability requires expertise. NetApp has released updates to fix the...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing Accessin...
Vulnerabilities fixed in Ruby on Rails
Vulnerabilities have been fixed in Ruby on Rails. The vulnerabilities allow a malicious party to cause a denial-of-service cause and redirect a user to a rogue web page. The Ruby on Rails developers have released updates to fix the vulnerabilities. More information can be found on the pages below...
Vulnerability fixed in Atlassian Jira
A vulnerability has been fixed in Jira. The vulnerability allows unauthenticated a malicious person to gain access to system data Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/JRASERVER-72014...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Python developers have indicated that the vulnerability with...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in the Jira Server for Slack plugin. An authenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code on the Jira server. No CVE number has yet been disclosed for the vulnerability. disclosed. Jira installations tha...
Vulnerabilities fixed in PHP
Several vulnerabilities have been fixed in PHP. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data -= Debian =- Debian has made updat...
Vulnerabilities fixed in XEN
The developers of XEN have fixed a number of vulnerabilities. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service on the guest system and possibly even the entire virtualization environment. Also, a malicious person could possibly gain access to sensitive...
Vulnerability fixed in Foxit Reader and Foxit PhantomPDF
Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the privileges of the logged-in user. Foxit has released updates to fix the vulnerabilities. For more...
Multiple vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...
Vulnerability fixed in Apache Subversion (SVN)
Apache has fixed a vulnerability in Subversion SVN. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. Apache categorizes this vulnerability according to the CVSSv3 method with a score of 7.5. Apache has released updates to fix the...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data No CVE numbers have yet been...
Vulnerability fixed in IBM WebSphere Application Server
IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. An external attacker can exploit this security vulnerability to obtain obtain sensitive information. IBM has released updates to fix the vulnerability. For more information, see...
Vulnerabilities fixed in Xerox WorkCentre
Xerox has fixed several vulnerabilities in WorkCentre. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is...
Vulnerability fixed in the Ubuntu kernel
A vulnerability has been fixed in Ubuntu's kernel. The vulnerability allows a local malicious person to run programs run as administrator, execute arbitrary code as root or cause a denial-of-service. Canonical has released updates to fix the vulnerability. fix. More information can be found on th...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed two vulnerabilities in Exchange Server. A malicious party can exploit the vulnerabilities to impersonate impersonate another user. Microsoft Exchange Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in Apache ActiveMQ
A vulnerability has been found in Apache ActiveMQ. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Apache has released updates to f...
Vulnerability fixed in PEAR
A vulnerability has been fixed in PEAR ArchiveTar. A malicious party could potentially exploit the vulnerability to run execute arbitrary PHP code under the privileges of the application. To do this, the malicious party must create a rogue .tar-, .tar.gz, .bz2, or .tlz file to be processed by the...
Vulnerabilities fixed in Docker
Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...
Vulnerabilities fixed in Oracle Linux
Vulnerabilities have been fixed in the Oracle Linux kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Oracle has released updates t...
Vulnerabilities fixed in NetApp Active IQ
NetApp has fixed several vulnerabilities in Active IQ. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data NetApp has...
Vulnerability fixed in Mozilla Firefox
Mozilla has fixed a vulnerability in Firefox and Firefox ESR. A remote malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the application's permissions. For now, there are few substantive details about the vulnerability...
Vulnerability fixed in PHP
A vulnerability has been fixed in PHP. The vulnerability allows an authenticated remote malicious party capable of causing a denial-of-service attack. PHP developers have released updates to fix the vulnerability. More information can be found at the page below:...
Serious vulnerability fixed in SonicWall SMA100 Series
A vulnerability has been fixed in the SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to obtain login credentials to the system by executing an SQL injection. SonicWall has released updates to fix the vulnerability. fix. More information can be...
Vulnerability found in Adobe ColdFusion
A vulnerability has been found in Adobe ColdFusion. Due to an error in the permissions structure, a local malicious agent can place a specially prepared DLL file to execute arbitrary code under SYSTEM privileges. For more information, see the page below: https://www.kb.cert.org/vuls/id/125331 At...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to execute arbitrary code. execute. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6408626...
Vulnerability fixed in Libgcrypt
A vulnerability has been fixed in Libgcrypt. The vulnerability allows a remote malicious person to execute arbitrary code execute under the user's privileges. The developers of GnuPG have released updates to fix the vulnerability. More information can be found at the page below:...