4190 matches found
Vulnerability fixed in Linux kernel
A vulnerability has been fixed in the Linux kernel. A local, authenticated malicious person can, by exploiting this vulnerability to gain root privileges on the vulnerable system. -= Fedora =- Fedora has made updates available for Fedora 33 and 34. You can install these updates using the command...
Vulnerability fixed in cURL
A vulnerability has been fixed in cURL. A malicious person at remote user could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party needs to entice a victim to execute a cURL request towar...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. The vulnerability is located in CKEditor and can be exploited by a malicious person abused to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application visited...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a remote malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Accessing...
Vulnerabilities fixed in the Linux kernel
Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a local malicious agent to obtain elevated privileges or cause a denial-of-service cause. Fedora has released updates to fix the vulnerabilities. More information can be found on the page below:...
Hiding vulnerabilities in python3
Vulnerabilities have been fixed in python3. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights -= Red Hat =- Red Hat has made updates available...
Vulnerabilities fixed in Wordpress
Wordpress has fixed two vulnerabilities in the standard included PHPMailer module. A remote malicious party can exploit the exploit the vulnerabilities to execute arbitrary code under the application's permissions, potentially gaining access gain access to sensitive information within the scope o...
Vulnerabilities fixed in Squid
Vulnerabilities have been fixed in Squid. The vulnerabilities allow a remote malicious person to perform attacks that lead to a denial-of-service. The developers of Squid categorize these vulnerabilities according to the CVSSv3 method with a highest score of 8.8. The developers of Squid have...
Vulnerabilities fixed in libxml2
Several vulnerabilities have been fixed in libxml2. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service in an application that uses of this library by submitting a rogue XML file for processing. submit. -= SUSE =- SUSE has made updates available to fix the...
Vulnerability fixed in Apple products
Vulnerabilities have been fixed in several Apple products. The vulnerabilities potentially allow a remote malicious person to able to execute arbitrary code in the context of the application if he manages to get the user to visit a rogue page visit. The vulnerabilities with CVE characteristics...
Vulnerabilities fixed in Sophos UTM
Several vulnerabilities have been fixed in Sophos UTM. A malicious party could potentially exploit these vulnerabilities to cause a Denial-of-Service or execute arbitrary code with the application's permissions. Sophos has released updates to fix the vulnerabilities in UTM 9.706. For more...
Vulnerabilities fixed in GitLab CE and EE
GitLab has fixed several vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive da...
Vulnerabilities fixed in BIND
ISC has fixed vulnerabilities in BIND. The vulnerabilities can be be exploited by a remote malicious person to cause a denial-of-service or, in limited circumstances, executing arbitrary code under the privileges of named. Execution of arbitrary code is not possible with the default configuration...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...
Vulnerabilities fixed in the Linux kernel
Fedora has fixed vulnerabilities in the Linux kernel and associated tooling. A malicious person could exploit them to cause a denial-of-service, or gain access to information in kernel memory. -= Fedora =- Fedora has made updates available for Fedora 32 and 33. You can install these updates using...
Vulnerability fixed in OpenVPN
A vulnerability has been fixed in OpenVPN. A malicious party could exploit the vulnerability to bypass authentication on an OpenVPN server configured to use "deferred authentication." Also, the malicious party can gain access gain access to information about the VPN settings. See the page below f...
Vulnerability fixed in IBM WebSphere
IBM has fixed a vulnerability in WebSphere Application Server. A remote malicious person could exploit the vulnerability to obtain sensitive information or cause a denial-of-service DoS. To do this, the malicious party must attach a rogue XML file to the WebSphere Application Server. offer. IBM h...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. An unauthenticated remote malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. For this vulnerabilit...
Vulnerability fixed in IBM WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. It involves an XML External Entity Injection XXE vulnerability. An unauthenticated remote malicious person could potentially exploit the vulnerability to gain access to sensitive data. In addition, the vulnerability could be exploited...
Vulnerability fixed in NetApp products
Several NetApp products include Lodash. Lodash versions up to and including 4.17.15 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information, the addition or modification of data, or Denial of Service DoS. NetApp has released update...
Vulnerabilities fixed in GitLab CE and EE
GitLab has fixed two vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities could be exploited by a malicious person with rights to upload files could be exploited to execute arbitrary code with permissions from the GitLab Service. A CVE ID is not yet known for on...
Vulnerabilities fixed in SonicWall Email Security
Vulnerabilities have been fixed in SonicWall Email Security. The vulnerabilities allow a local malicious person to obtain elevated permissions and to execute arbitrary code under the user's privileges. SonicWall has released updates to address the vulnerabilities. fixes. More information can be...
Vulnerability fixed in WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6441433...
Vulnerabilities fixed in MediaWiki
Vulnerabilities have been fixed in MediaWiki. One vulnerability makes it impossible for a blocked user to reset the security token reset. This is problematic when the security token falls into wrong hands. The other two vulnerabilities involve a so-called Cross-Site Scripting XSS. MediaWiki has...
Vulnerabilities fixed in xen
Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in SU...
Vulnerability fixed in netmask
Netmask is a widely used component in various open source projects. This component contains a vulnerability. By incorrectly processing ipv4 addresses, attacks such as server-side request forgery SSRF, remote file inclusion RFI and local file inclusion LFI are made possible. The makers of Netmask...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...
Vulnerabilities fixed in VMware vRealize Operations
VMware has fixed two vulnerabilities in vRealize Operations, vRealize Suite Lifecycle Manager and Cloud Foundation. A unauthenticated malicious party can exploit the vulnerability with attribute CVE-2021-21975 to gain access to authentication credentials of administrators. The vulnerability with...
Vulnerability fixed in OpenAM
A vulnerability has been fixed in OpenAM. The vulnerability allows an unauthenticated remote malicious person to use of an LDAP injection attack to obtain sensitive information. Updates have been released to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in SpamAssassin
The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...
Vulnerabilities fixed in XStream
Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights Access to sensitive data The...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...
Vulnerability fixed in GitLab
GitLab developers have fixed a serious vulnerability fixed in GitLab Community Edition and Enterprise Edition. The vulnerability allows an authenticated malicious person to execute arbitrary code on the server. A CVE ID has been requested for this vulnerability but has not yet been assigned. GitL...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in the kernel of Red Hat Enterprise Linux 7. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution User...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...
Vulnerabilities fixed in NetBSD
The developers of NetBSD have fixed a number of vulnerabilities fixed in NetBSD's IP stack. Because packet IDs are not randomly are not randomly generated by default, a malicious party can predict the IP traffic. predict, allowing the malicious party to launch a man-in-the-middle attack to obtain...
Vulnerabilities fixed in Red Hat OpenShift Virtualization
Red Hat has released updates to address multiple vulnerabilities fixes in OpenShift Virtualization. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities in OpenShift Virtualization. For more...
Vulnerability fixed in Squid
Squid's developers have fixed a vulnerability. A authenticated user can exploit the vulnerability via an HTTP-Request Smuggling attack to still gain access gain access to services and websites that should be shielded. Squid has released updates to fix the vulnerability in Squid v 4.14 and 5.0.5...
Vulnerability fixed in GNU git
GNU has fixed a vulnerability in git. A malicious person could exploit the vulnerability to create a rogue repository from which scripts are automatically executed upon check out. This allows the malicious party to execute arbitrary code with permissions of git on the vulnerable system. GNU has...
Vulnerability fixed in QEMU
A vulnerability has been fixed in QEMU. The vulnerability allows potentially allow a local malicious person from a guest system to execute arbitrary code on the host system under root permissions. Exploiting the vulnerability is no easy task. -= Red Hat =- Red Hat has made updates available for R...
Vulnerability fixed in Xerox products
A vulnerability has been fixed in Xerox Phaser, WorkCentre and VersaLink. The vulnerability allows a malicious person to execute arbitrary code under the user's privileges. Xerox did not release any substantive details about this vulnerability. No CVE attribute has been assigned to this...
Vulnerabilities fixed in Salt
Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing authentication Bypassing security measur...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing Accessin...
Vulnerabilities fixed in Ruby on Rails
Vulnerabilities have been fixed in Ruby on Rails. The vulnerabilities allow a malicious party to cause a denial-of-service cause and redirect a user to a rogue web page. The Ruby on Rails developers have released updates to fix the vulnerabilities. More information can be found on the pages below...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in the Jira Server for Slack plugin. An authenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code on the Jira server. No CVE number has yet been disclosed for the vulnerability. disclosed. Jira installations tha...
Vulnerabilities fixed in PHP
Several vulnerabilities have been fixed in PHP. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data -= Debian =- Debian has made updat...
Vulnerabilities fixed in XEN
The developers of XEN have fixed a number of vulnerabilities. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service on the guest system and possibly even the entire virtualization environment. Also, a malicious person could possibly gain access to sensitive...
Vulnerability fixed in Foxit Reader and Foxit PhantomPDF
Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the privileges of the logged-in user. Foxit has released updates to fix the vulnerabilities. For more...
Multiple vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...
Vulnerability fixed in Apache Subversion (SVN)
Apache has fixed a vulnerability in Subversion SVN. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. Apache categorizes this vulnerability according to the CVSSv3 method with a score of 7.5. Apache has released updates to fix the...