4189 matches found
Vulnerability fixed in IBM WebSphere Application Server
A vulnerability has been fixed in IBM WebSphere Application Server. A remote malicious party could, by exploiting this vulnerability to gain elevated privileges within the application server. This vulnerability is only exploitable when using SAML Web Inbound Trust Association Interceptor TAI. IBM...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights To do this, the malicious party must induce the victim to...
Vulnerabilities fixed in Apache
Apache has released version 2.4.48 of the Apache Web server. In this version a number of vulnerabilities have been fixed, which can be exploited by an unauthenticated remote malicious person could be exploited to cause a denial-of-service. A vulnerability has also been fixed, which can be exploit...
Vulnerabilities fixed in Mozilla Thunderbird
Mozilla has fixed vulnerabilities in Thunderbird. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code execute with the application's permissions. Mozilla has released updates to fix the vulnerabilities in Thunderbird 78.11...
Vulnerability fixed in Linux kernel
A vulnerability has been fixed in the Linux kernel. A local, authenticated malicious person can, by exploiting this vulnerability to gain root privileges on the vulnerable system. -= Fedora =- Fedora has made updates available for Fedora 33 and 34. You can install these updates using the command...
Vulnerabilities fixed in the Linux kernel
Vulnerabilities have been fixed in the linux kernel. The vulnerabilities allow a local malicious agent to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Increased user privileges -= Ubuntu =...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code...
Vulnerability fixed in Confluence
A vulnerability has been fixed in JIRA. The vulnerability allows a local malicious agent the ability to execute arbitrary code execute under application privileges. JIRA has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Wordpress
Wordpress has fixed two vulnerabilities in the standard included PHPMailer module. A remote malicious party can exploit the exploit the vulnerabilities to execute arbitrary code under the application's permissions, potentially gaining access gain access to sensitive information within the scope o...
Vulnerabilities fixed in AWStats
Vulnerabilities have been fixed in AWStats. An unauthenticated malicious party could exploit the vulnerabilities to perform a path traversal attack that could gain access to arbitrary files. In doing so, the vulnerabilities can only exploited only to read key/value pairs that can be parsed by...
Vulnerabilities fixed in Xerox WorkCentre
Vulnerabilities have been fixed in Xerox WorkCentre. The vulnerabilities allow a remote malicious person to execute arbitrary code. There are no known CVE numbers for these vulnerabilities. Xerox has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in Microsoft Internet Explorer
Microsoft has fixed a vulnerability in Internet Explorer. A malicious person could exploit the vulnerability to execute arbitrary code in the context of the browser. The malicious needs to entice the user to visit a web page which contains the malicious code. Microsoft has made updates available...
Vulnerabilities fixed in MariaDB
Vulnerabilities have been fixed in MariaDB. An authenticated malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. MariaDB has released updates to fix the vulnerabilities in 10.2.38 and 10.3.29. For more information, see:...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. An unauthenticated remote malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. For this vulnerabilit...
Vulnerability fixed in x.org
A vulnerability has been fixed in X.org. A malicious person could exploit the vulnerability to appropriate elevated privileges within the X server and thus potentially execute arbitrary code with application privileges. Under usual circumstances, an X server runs with limited permissions. -= Debi...
Vulnerability fixed in NetApp products
Several NetApp products include Lodash. Lodash versions up to and including 4.17.15 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information, the addition or modification of data, or Denial of Service DoS. NetApp has released update...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the permissions of the application or gain access to sensitive data in the context of the application. To do so, the malicious party...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the rights of the application. To do this, the malicious party needs to victim to visit a rogue Web page. Google has indicated that for...
Vulnerability fixed in dnsmasq
A vulnerability has been fixed in dnsmasq.The vulnerability allows a malicious party the ability to perform a DNS Cache Poisoning attack execute on a dnsmasq server. dnsmasq has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6441063...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 12 and 15. fixes in SUSE...
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in SUSE kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Live...
Vulnerabilities fixed in xen
Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in SU...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL.The vulnerabilities allow a remote malicious person the ability to obtain sensitive information obtain. To do so, the malicious party must induce the victim to visit a server under the control of the malicious party. -= Debian =- Debian has made updates to...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...
Vulnerability fixed in SpamAssassin
The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...
Vulnerabilities fixed in Xerox ColorQube systems
Xerox has fixed vulnerabilities in ColorQube systems. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to provide access to the file system. No details have been made available about the latter vulnerability made available, nor has a CVE attribute be...
Vulnerabilities fixed in IBM DB2
IBM has fixed two vulnerabilities in DB2. A local malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the underlying system with root privileges. To do this, however, the malicious party must have local access to the vulnerable system. IBM...
Vulnerability fixed in Squid
Squid's developers have fixed a vulnerability. A authenticated user can exploit the vulnerability via an HTTP-Request Smuggling attack to still gain access gain access to services and websites that should be shielded. Squid has released updates to fix the vulnerability in Squid v 4.14 and 5.0.5...
Vulnerability fixed in Websphere Application Server
IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to gain access to sensitive data via Directory Traversal to gain access to sensitive data. IBM has released updates to fix the vulnerability in Websphere Application Server. For more...
Vulnerabilities fixed in Oracle Enterprise Linux
Oracle has fixed vulnerabilities in Oracle Enterprise Linux. The vulnerabilities allow a local, authenticated malicious agent to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Code execution at the kernel level Increased user privileges -= Oracle ...
Vulnerabilitiesj fixed in Xerox AltaLink systems
Xerox has fixed vulnerabilities in AltaLink systems. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code on the system, circumvent a security measure bypass a security measure or gain access to sensitive data. No CVE ID of the vulnerabilities has been disclosed...
Vulnerability fixed in Apple products
The WebKit module contains code that allows a Web browser to be realized. The WebKit module is found in several Apple products. Apple has fixed a vulnerability in the WebKit module. fixed. The vulnerability allows a remote malicious person to able to cause a denial-of-service with potentially the...
Vulnerability fixed in wpa_supplicant
A vulnerability has been fixed in wpasupplicant when it is configured for P2P Wi-Fi Direct support. A malicious person within Wi-Fi range could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with root privileges. w1.fi has released updates to fix t...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data As usual, Google...
Vulnerability fixed in Jenkins
A vulnerability has been fixed in Jenkins. The vulnerability allows an authenticated malicious person to obtain elevated privileges. obtain. Jenkins has released updates to fix the vulnerability. More information can be found on the page below: https://www.jenkins.io/security/advisory/2021-02-19/...
Vulnerability fixed in OpenLDAP
A vulnerability has been fixed in OpenLDAP. The vulnerability allows an unauthenticated remote malicious party to cause a denial-of-service attack. The developers of OpenLDAP have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerability fixed in IBM WebSphere Application Server
IBM WebSphere Application Server can let an attacker remotely access folders access folders. An attacker can send a specially crafted URL request with "dot-dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in IBM WebSphere Application Server
Vulnerabilities have been fixed in IBM WebSphere. The vulnerabilities with reference CVE-2020-2773, CVE-2020-14781 and CVE-2020-14782 have been previously described in the security advisories with attribute NCSC-2020-0279 and NCSC-2020-0856. The vulnerability with attribute CVE-2020-27221 allows ...
Vulnerabilities fixed in PostgreSQL
Several vulnerabilities have been fixed in PostgreSQL. A malicious person with limited privileges could potentially exploit them to gain access to data stored in a PostgreSQL database. Developers have released updates to fix the vulnerabilities fixes in PostgreSQL 13.2, 12.6, 11.11, 10.16, 9.6.21...
Vulnerabilities fixed in Docker
Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...
Vulnerability fixed in PEAR
A vulnerability has been fixed in PEAR ArchiveTar. A malicious party could potentially exploit the vulnerability to run execute arbitrary PHP code under the privileges of the application. To do this, the malicious party must create a rogue .tar-, .tar.gz, .bz2, or .tlz file to be processed by the...
Vulnerabilities fixed in OpenSUSE Linux kernel
Several vulnerabilities have been fixed in the Linux kernel as used by openSUSE. The vulnerabilities allow a local, authenticated malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution at the kernel level Access to sensiti...
Vulnerability fixed in IBM Integration Bus
IBM has fixed a vulnerability in the node.js component of Integration Bus. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. IBM has released updates to fix the vulnerability in Integration Bus V10.0.0.23. For more information, see:...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed several vulnerabilities in Firefox. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitive...
Vulnerability fixed in Jenkins
A vulnerability has been fixed in Jenkins. A malicious party can exploit the vulnerability to obtain information from the system, potentially bypassing existing security measures. bypassing existing security measures. This vulnerability arose in the most recent version of Jenkins when the...
Vulnerability fixed in NetApp products
A vulnerability has been fixed in NetApp products. The vulnerability allows a malicious party to obtain sensitive data obtain sensitive data. NetApp has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Red Hat kernel
A vulnerability has been fixed in the Red Hat kernel. The vulnerability allows a local malicious agent to cause a denial-of-service and to modify data. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Serious vulnerability fixed in Mozilla Firefox
A serious vulnerability has been fixed in Mozilla Firefox. A malicious party, by modifying a COOKIE-ECHO chunk in an SCTP package potentially cause a use-after-free. Mozilla indicates that it is likely, with enough effort, that this vulnerability could lead to the execution of arbitrary code...