4190 matches found
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been fixed in Red Hat OpenShift Container Platform. The vulnerability allows a malicious party to cause a Denial-of-Service by offering specially prepared ed25519 SSH keys. Red Hat has made updates available for Red Hat OpenShift Container Platform . You can install these...
Vulnerability fixed in IBM WebSphere Application Server
A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows an unauthenticated malicious person remotely capable of executing arbitrary code on the system. IBM indicates that to exploit this vulnerability, an undocumented change must be made by the administrator o...
Vulnerability fixed in Avaya IP Office Manager
A vulnerability has been fixed in Avaya IP Office Manager. The vulnerability allows an unauthenticated malicious person with access to the network to obtain sensitive data. Avaya has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in PostgreSQL jdbc driver
A vulnerability has been fixed in the PostgreSQL jdbc driver for Java. The so-called XML external-entity vulnerability XXE allows a locally authenticated malicious person to execute arbitrary code execute arbitrary code under database privileges. -= Red Hat =- Red Hat has made updates available f...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. Little little substantive information made publicly available. It is possible that a malicious party could exploit the vulnerabilities to execute arbitrary code with user privileges or for causing a denial-of-service on the Web browser. Google h...
Vulnerabilities fixed in ClamAV
Vulnerabilities have been fixed in ClamAV. The vulnerabilities allow a malicious person to cause a denial-of-service cause. ClamAV has released updates to fix the vulnerabilities. More information can be found on the pages below: https://blog.clamav.net/2020/07...
Vulnerability fixed in Squid
A vulnerability has been fixed in Squid. The vulnerability allows a malicious party to bypass a security measure. Incomplete input validation makes it possible for a malicious person to possible to perform a Request Smuggling or Poisoning attack on the HTTP cache execute. The vulnerability with...
Vulnerability fixed in ntpd
A vulnerability has been fixed in the ntp client daemon. The vulnerability allows an unauthenticated remote malicious person able to perform a denial-of-service attack. The developers of ntpd have released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerabilities fixed in DPDK
Vulnerabilities have been fixed in the Dataplane Development Kit DPDK. The vulnerabilities allow a local malicious party to cause a denial-of-service, possibly resulting in the execution of arbitrary code under user privileges as a result. DPDK is a technology that handles the transport of data...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service or to execute arbitrary code with the permissions of the user under which the Samba server is running. More information about the vulnerabilities can be found on th...
Vulnerability fixed in Mailman
A vulnerability has been fixed in Debian for Mailman. The vulnerability allows a remote malicious person to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. -= Debian =- Debian has made...
Vulnerability fixed in Linux kernel
SUSE has fixed a vulnerability in SUSE Kernel. The vulnerability causes in certain cases IPv6 traffic to be is not encrypted over an IPsec tunnel. A malicious party could potentially be able to retrieve sensitive data as a result. -= SUSE =- SUSE has made updates available to fix the vulnerabilit...
Vulnerabilities fixed in binutils
Vulnerabilities have been fixed in binutils. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Ubuntu classifies all vulnerabilities...
Vulnerability fixed in Libssh
Fedora has fixed a vulnerability in Libssh. The vulnerability allows a remote malicious party to perform a Denial-of-Service DoS exploit. -= Fedora =- Fedora has made updates available for Fedora 31. You can install these updates by using the command 'dnf' or 'yum'. More information about these...
Vulnerability fixed in Ruby JSON gem
A vulnerability has been fixed in the JSON gem that is provided by default included in the Ruby installation. The vulnerability allows a malicious party to perform attacks that can lead to the following categories of damage: Manipulation of data. Remote code execution User rights Ruby has release...
Vulnerabilities in Qt 5 libraries
Vulnerabilities have been fixed in the Qt 5 software library. The vulnerabilities allow a locally authenticated malicious agent to able to establish a denial-of-service and execute arbitrary code execute arbitrary code under user privileges. -= Ubuntu =- Canonical has made updates available for...
Vulnerabilities fixed in Samba
Samba's developers have fixed three vulnerabilities. The vulnerabilities allow a malicious party to access gain access to system data, potentially gain elevated privileges or cause a denial-of-service. Samba has released updates to fix the vulnerabilities in Samba server v4.0 and 4.9. For more...
Vulnerability fixed in libssh
A vulnerability has been fixed in libssh. The vulnerability allows a remote malicious person to execute arbitrary code execute arbitrary code under the user's privileges. libssh has made updates available to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerability fixed in Grafana
Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. The vulnerability is located in the HTTP API. Grafana Labs has made updates available to fix the vulnerability fix. More information can b...
Vulnerability fixed in libSSH2
A vulnerability has been fixed in libSSH2. The vulnerability can lead to the release of sensitive information or a denial-of-service. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE 12. You can install these custom packages using 'YaST'. You can also download the...
Vulnerabilities fixed in IBM Websphere Application Server
Vulnerabilities have been fixed in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty.The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Server Side Request Forgery SSRF. Access to sensitive data IBM has releas...
Vulnerability fixed in Mozilla Thunderbird
Mozilla has fixed a vulnerability in Thunderbird. Due to an flaw in the processing of email messages in the local cache, the encrypted data, such as the subject line, from email messages could be included in other email messages. When the user replies to such such an infected email message, for...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...
Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway
Citrix has fixed vulnerabilities in Netscaler ADC and Netscaler Gateway. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. The vulnerability with attribute CVE-2023-6548 is located in the...
Vulnerabilities fixed in Cacti
The developers of Cacti have fixed several vulnerabilities in Cacti. A malicious party can exploit the vulnerabilities to execute attacks that can result in the following categories of damage: SQL Injection Cross-Site Scripting XSS Remote code execution User rights Remote code execution...
Vulnerability fixed in ProFTPd
A vulnerability has been fixed in ProFTPd. The vulnerability allows an authenticated remote malicious person to perform a denial-of-service DoS via a specially prepared command to cause a denial-of-service DoS cause. The developers of ProFTP have released updates to fix the vulnerability. For mor...
Vulnerability fixed in OpenSSH
A vulnerability has been fixed in OpenSSH. A malicious party could potentially use a Man-in-the-Middle attack to weaken the connection between a client and server and thus gain access to the data transmitted over this connection. This Man-in-the-Middle attack has been given the name "Terrapin...
Vulnerabilities fixed in Foxit PDF Reader and PDF Editor
Foxit has fixed vulnerabilities in PDF Reader and PDF Editor formerly PhantomPDF. A malicious party could exploit them to cause a denial-of-service, execute arbitrary execute arbitrary code with the victim's privileges or to access gain access to sensitive data in the victim's context. Successful...
Vulnerabilities fixed in GIMP
Vulnerabilities have been fixed in GIMP. A malicious person could vulnerabilities to execute arbitrary code with victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. The developers of...
Vulnerabilities fixed in PostgreSQL
Vulnerabilities have been fixed in PostgreSQL. A malicious person could exploit the vulnerabilities to gain access to system data, cause a denial-of-service, or to execute arbitrary code with application privileges. The vulnerabilities have also been fixed in PostgreSQL 11 11.22. This are, howeve...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Spoofi...
Vulnerabilities in Best Practical RT fixed
Vulnerabilities have been fixed in Best Practical Request Tracker RT. The vulnerabilities allow an unauthenticated malicious person able to impersonate an RT user and to download specific email attachments to download. Best Practical has released updates to fix the vulnerabilities fixes in RT. Fo...
Vulnerabilities fixed in Apache HTTP Server
Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch an attack that could result in a denial-of-service DoS attack. Apache has released updates to fix the vulnerabilities in Apache HTTP Server 2.4.x. For more information, see:...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data...
Vulnerabilities fixed in IBM DB2
IBM has fixed vulnerabilities in DB2. A malicious party can exploit the exploit the vulnerabilities to execute arbitrary code with application privileges, perform a denial-of-service DoS or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2. For more...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to circumvent a security measure circumvention or to grant himself elevated privileges and possibly execute code execute code with higher privileges than the user. Successful exploitation requires the...
Vulnerability fixed in Adobe Acrobat and Acrobat Reader
Adobe has fixed a vulnerability in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. It is possible that by executing code, access can be gained to sensitive data in the victim's context. Successful exploitation requires...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to circumvent security measures bypass security measures, execute arbitrary code in the context of the browser, or to gain access to sensitive data in the context of the browser. Google reports having...
Zeroday vulnerability fixed in Google Chrome
Google has fixed a Zeroday vulnerability in Chrome. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code on the underlying operating system with permissions from the victim. If the victim's privileges are high enough are high enough, this allows the...
Vulnerabilities fixed in Cacti
The developers of Cacti have fixed vulnerabilities in several modules of Cacti. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User righ...
Vulnerabilities fixed in Mozilla firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...
Vulnerability fixed in Intel processors
A vulnerability has been fixed in the microcode of several Intel processors1. The vulnerability has been named "Downfall" and allows a local, authenticated malicious person to manipulate the operation of memory optimization. This allows the malicious party to gain access to memory locations...
Vulnerability fixed in AMD processors
A vulnerability has been fixed in the microcode of AMD processors. The vulnerability has been named "Inception" and enables a local, authenticated malicious person to manipulate the operation of the Predictive Algorithms, which could circumvent measures in place to prevent unauthorized instructio...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code...
Vulnerabilities fixed in Paessler PRTG
Paessler has fixed vulnerabilities in PRTG Network Monitoring. An authenticated malicious party could exploit the vulnerabilities to bypass a security measure, or perform a Cross-Site-Request-Forgery CSRF, and thereby potentially execute arbitrary execute arbitrary code and gain access to sensiti...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to circumvent a security measure circumvention, execute code with user privileges or access gain access to sensitive data in the context of the browser. To do this, the malicious party must trick the...
Vulnerability fixed in Adobe ColdFusion
Adobe has fixed a vulnerability in ColdFusion. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with permissions from the application using ColdFusion. Due to the nature of such applications, it cannot be be ruled out that this would allow the...
Vulnerability fixed in Asterisk
Asterisk developers have fixed a vulnerability in Asterisk VOIP. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. Asterisk has released updates to fix the vulnerability in all supported versions of Asterisk. For more information, see:...