4190 matches found
Vulnerabilities fixed in Docker
Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...
Vulnerabilities fixed in Oracle Linux
Vulnerabilities have been fixed in the Oracle Linux kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Oracle has released updates t...
Vulnerability fixed in Mozilla Firefox
Mozilla has fixed a vulnerability in Firefox and Firefox ESR. A remote malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the application's permissions. For now, there are few substantive details about the vulnerability...
Vulnerability fixed in PHP
A vulnerability has been fixed in PHP. The vulnerability allows an authenticated remote malicious party capable of causing a denial-of-service attack. PHP developers have released updates to fix the vulnerability. More information can be found at the page below:...
Serious vulnerability fixed in SonicWall SMA100 Series
A vulnerability has been fixed in the SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to obtain login credentials to the system by executing an SQL injection. SonicWall has released updates to fix the vulnerability. fix. More information can be...
Vulnerability fixed in Libgcrypt
A vulnerability has been fixed in Libgcrypt. The vulnerability allows a remote malicious person to execute arbitrary code execute under the user's privileges. The developers of GnuPG have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerability fixed in Linux kernel
A vulnerability has been fixed in the Linux kernel. A malicious party can exploit the vulnerability to obtain sensitive information via a "path traversal" attack that allows security measures can be bypassed. The vulnerability can only be exploited when the target system provides a file system to...
Vulnerabilities fixed in Mozilla Firefox ESR
Mozilla has fixed several vulnerabilities in Firefox ESR. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed several vulnerabilities in Firefox. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitive...
Vulnerabilities fixed in Mozilla Thunderbird
Mozilla has fixed several vulnerabilities in Thunderbird. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system...
Vulnerability fixed in IBM WebSphere Application Server
A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows a malicious party to obtain sensitive information and to potentially cause a denial-of-service cause. The attack on this vulnerability is known as an External Entity Injection XXE attack in which rogue co...
Vulnerabilities fixed in OpenShift Container Platform
Red Hat has fixed multiple vulnerabilities in OpenShift Container Platform. A remote malicious party can exploit the exploit the vulnerabilities to gain access to sensitive information. Red Hat has released updates to fix the vulnerabilities in OpenShift Container Platform 3.11.374. For more...
Vulnerability fixed in IBM Integration Bus
A vulnerability has been fixed in IBM Integration Bus. The vulnerability allows a remote malicious party to cause a Denial-of-Service or execute arbitrary code under the user's privileges. IBM has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...
Vulnerability fixed in Red Hat kernel
A vulnerability has been fixed in the Red Hat kernel. The vulnerability allows a local malicious agent to cause a denial-of-service and to modify data. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in NetApp products
A vulnerability has been fixed in NetApp products. The vulnerability allows a malicious party to obtain sensitive data obtain sensitive data. NetApp has released updates to fix the vulnerability. More information can be found on the page below:...
DNSpooq vulnerabilities fixed in dnsmasq
The developers of dnsmasq have fixed vulnerabilities in the dnsmasq application. Dnsmasq is widely used open source software for caching and forwarding DNS traffic. Although the DNS functionality is widely supported, dnsmasq is designed specifically for modest networks. Dnsmasq is commonly found,...
Vulnerability fixed in Atlassian Crucible
A vulnerability has been fixed in Atlassian Crucible. The vulnerability allows a malicious party to obtain system data obtain. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/CRUC-8496...
Vulnerability fixed in Ubuntu kernel
Canonical has fixed a vulnerability in the Ubuntu kernel. The vulnerability allows an authenticated remote malicious party to opportunity to obtain sensitive information and to manipulate data manipulate. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS...
Vulnerability fixed in Cacti
A vulnerability has been fixed in Cacti. The vulnerability allows a remote malicious person the ability to launch an SQL-Injection attack execute. Cacti has released updates to fix the vulnerability. More information can be found on the page below: https://github.com/Cacti/cacti/issues/4022...
Vulnerability fixed in Microsoft Edge
There is a vulnerability in Microsoft Edge. The vulnerability allows a malicious party to execute arbitrary execute arbitrary code with user privileges. The vulnerability arises by improper handling of objects in memory. Microsoft has made updates available that fix the described vulnerabilities...
Vulnerability fixed in Microsoft Malware Protection Engine
Microsoft has fixed a vulnerability in Microsoft System Center Operations Manager. A remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code with user privileges or to access gain access to, and manipulate, sensitive information. Microso...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious party to access sensitive data gain access to sensitive data and to cause a denial-of-service. One of the vulnerabilities allows a remote attacker to obtain API access tokens. GitLab rates this vulnerability as "high...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure As usual, Google reveals little information regarding the details of the...
Vulnerability fixed in ImageMagick
A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges, when using the "convert" program to convert a specially prepared file to convert it to a PDF file. ImageMagick has released updates to fix the vulnerability. fix. For more informatio...
Serious vulnerability fixed in Mozilla Firefox
A serious vulnerability has been fixed in Mozilla Firefox. A malicious party, by modifying a COOKIE-ECHO chunk in an SCTP package potentially cause a use-after-free. Mozilla indicates that it is likely, with enough effort, that this vulnerability could lead to the execution of arbitrary code...
Vulnerabilities fixed in Asterisk
New versions of Asterisk have been released, in which two vulnerabilities have been fixed. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Asterisk has released updates to address the vulnerabilities. fixes. For more information, see:...
Vulnerability found in Kubernetes
A vulnerability has been found in Kubernetes that allows a malicious person capable of performing a man-in-the-middle attack on the traffic within a cluster. By advertising an external IP address or by claiming a load balancer IP, traffic can be redirected to the attacker. However, the malicious...
Vulnerability fixed in IBM Tivoli Netcool Impact
A vulnerability has been fixed in IBM Tivoli Netcool Impact. A malicious party can exploit the vulnerability to circumvent bypass security measures and obtain sensitive data via phishing. sensitive data. IBM has released updates to fix the vulnerability in Tivoli Netcool Impact 7.1.0.20. For more...
Vulnerability fixed in Apple MacOS Server
A vulnerability has been fixed in Apple MacOS Server. The vulnerability potentially allows a remote malicious party to perform execute a cross-site scripting attack or the ability to exploit an open-redirect vulnerability to be exploited. Apple has released updates to fix the vulnerability. More...
Vulnerability fixed in Apple Safari
A vulnerability has been fixed in Apple Safari. The vulnerability potentially allows a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to get the user to visit a rogue page. Apple has released updates to fix the vulnerability. More...
Actively exploited vulnerabilities fixed in SolarWinds Orion
SolarWinds reports active misuse of SolarWinds Orion. Through a still unknown method, a version of Orion was distributed between March and June 2020 distributed, which appears to contain a Trojan. It concerns the versions 2019.4 HF 5 through 2020.2.1. The manipulated versions are abused by...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed several vulnerabilities in Microsoft Exchange Server. An authenticated remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code execute arbitrary code or to obtain sensitive information. For each of the vulnerabilities included in this...
Vulnerabilities fixed in HP-UX PHP
Vulnerabilities have been fixed in HP-UX PHP. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data HP categorizes these vulnerabilities according to the...
Vulnerability fixed in Nessus
Nessus uses third-party software to provide underlying functionality. One of the third-party components jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Tenable has made updates available for Nessus to fix the vulnerability. More...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...
Vulnerability fixed in Thunderbird
When reading status codes from the SMTP server, Thunderbird an integer to a position on the stack that is is intended to contain only one byte. Depending on the processor architecture and the stack layout, this leads to corruption of the stack that could potentially be abused. Mozilla has release...
Vulnerabilities fixed in NetApp products
Several NetApp products contain FasterXML jackson-databind. FasterXML jackson-databind versions 2.x prior to 2.9.10.4 are susceptible to vulnerabilities that, when successfully exploited, can lead to disclosure of sensitive information, addition or modification of data, or denial of service DoS...
Issues fixed in FortiOS
Fortinet has fixed multiple vulnerabilities in Fortinet products. The vulnerabilities allow a malicious person to execute attacks that potentially lead to: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data FortiNet has released updates to address the...
Vulnerabilities fixed in MariaDB
Vulnerabilities have been fixed in MariaDB. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data The vulnerabilities marked CVE-2020-13249 and CVE-2020-15180 have CVSSv3...
Vulnerability fixed in Netapp products
A vulnerability has been fixed in Jackson databind, used by several Netapp products. The vulnerability allows a malicious party to execute arbitrary code under the user's privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to...
Vulnerabilities fixed in Zimbra
Vulnerabilities have been fixed in JQuery as used by Zimbra. A malicious party could exploit the vulnerabilities to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Few substantive details...
Vulnerability fixed in Citrix Hypervisor
A vulnerability has been fixed in Citrix Hypervisor. The vulnerability allows a malicious party capable of running code with elevated privileges on a guest VM able to execute execute arbitrary code with elevated privileges on the host. This vulnerability can only be exploited if a host...
Vulnerabilities fixed in libexif
Several vulnerabilities have been fixed in libexif. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party must use the vulnerable application to have rogue image da...
Vulnerabilities fixed in Joomla!
Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Security measure circumvention SQL Injection Accessing sensitive data Accessing system data Joomla! provides...
Vulnerabilities in VMware products
There is a vulnerability in a number of VMware products. The vulnerability allows a malicious person with access to the administrative configurator on port 8443 and valid admin credentials for this remote configurator to execute arbitrary commands with elevated privileges to execute arbitrary...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal core. Drupal core does not handle some file names correctly. As a result, it is possible for files to be misinterpreted and executed under the wrong MIME type or executed as PHP. This applies to a number of configurations; which ones these are is not...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2 and Db2 Connect Server. A local, authenticated malicious agent could potentially exploit the vulnerability to execute arbitrary code under root or SYSTEM privileges. IBM has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in OpenLDAP
Several vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated malicious person with network access to the OpenLDAP server is able to cause a denial-of-service on the OpenLDAP service. Exploit code is publicly available for both vulnerabilities. The operation of...
Legal vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure. Remote code execution Us...