4190 matches found
Vulnerability fixed in IBM Integration Bus
IBM has fixed a vulnerability in the node.js component of Integration Bus. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. IBM has released updates to fix the vulnerability in Integration Bus V10.0.0.23. For more information, see:...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...
Vulnerability fixed in Jenkins
A vulnerability has been fixed in Jenkins. A malicious party can exploit the vulnerability to obtain information from the system, potentially bypassing existing security measures. bypassing existing security measures. This vulnerability arose in the most recent version of Jenkins when the...
Serious vulnerability fixed in Mozilla Firefox
A serious vulnerability has been fixed in Mozilla Firefox. A malicious party, by modifying a COOKIE-ECHO chunk in an SCTP package potentially cause a use-after-free. Mozilla indicates that it is likely, with enough effort, that this vulnerability could lead to the execution of arbitrary code...
Vulnerability fixed in Grafana Enterprise
Several vulnerabilities have been fixed in Grafana. A malicious party could potentially exploit the vulnerabilities to bypassing authentication when Security Assertion Markup Language SAML is used as the authentication method. In addition the vulnerabilities could potentially be exploited for oth...
Vulnerabilities fixed in X11 server
Vulnerabilities have been fixed in X11 server. The vulnerabilities potentially allow a malicious party to access system data and to gain elevated privileges gain. -= Oracle =- Oracle has made updates available for Oracle Linux 7. You can install these updates using the command 'yum'. More...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing system data GNU has released updates to fix the vulnerabilities. More...
Vulnerabilities fixed in Xerox AltaLink
Vulnerabilities have been fixed in Xerox AltaLink. The vulnerabilities allow a malicious party to perform a Denial-of-Service DoS exploit. Xerox has released updates to fix the vulnerabilities in Xerox AltaLink products and has released installation and update instructions released. For more...
Vulnerability in CakePHP fixed
The makers of CakePHP have fixed a vulnerability with version 4.0.10 fixed. The security fixes fix a vulnerability in the CsrfProtectionMiddleware that allowed parameters for overwrite method CSRF checks without additional POST data bypassed. CakePHP developers have issued updates to fix the...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed several vulnerabilities in Microsoft Exchange Server. An authenticated remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code execute arbitrary code or to obtain sensitive information. For each of the vulnerabilities included in this...
Vulnerabilities fixed in Zimbra
Vulnerabilities have been fixed in JQuery as used by Zimbra. A malicious party could exploit the vulnerabilities to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Few substantive details...
Vulnerabilities fixed in Joomla!
Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Security measure circumvention SQL Injection Accessing sensitive data Accessing system data Joomla! provides...
Vulnerability fixed in Node.js
A vulnerability has been fixed in Node.js. The vulnerability allows a malicious party potentially capable of causing a denial-of-service cause. To do this, the malicious party must be able to send a DNS request for a rogue domain. Only applications that allow a malicious party to send DNS request...
Vulnerability fixed in Kerberos
A vulnerability has been fixed in MIT Kerberos. A malicious person can exploit the vulnerability to cause a denial-of-service cause. The vulnerability is in the way ASN.1 data is is processed, which can create an infinite loop that causes a crash in the Kerberos process. -= Debian =- Debian has...
Vulnerabilities fixed in Red Hat kernel
Red Hat has fixed vulnerabilities in its kernel. The vulnerabilities allow a locally authenticated malicious agent to the opportunity to cause a denial-of-service and obtain obtain system data. The vulnerability with attribute CVE-2020-12351 is a regression vulnerability of the vulnerability with...
Vulnerability fixed in FreeType
A vulnerability has been fixed in FreeType. The vulnerability allows a remote malicious person to execute arbitrary code execute under the user's privileges. FreeType has released an update to fix the vulnerability. fix. More information can be found on the pages below:...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in Xen. The vulnerabilities allow a malicious party the ability to cause a denial-of-service or to obtain elevated privileges. Xen has released updates to fix the vulnerabilities. More information can be found on the pages below: x86 PV guest INVLPG-like flushes ma...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. The vulnerabilities potentially allow a remote malicious person to able to perform a denial-of-service attack or to execute arbitrary execute arbitrary code under the user's privileges. As usual, Google has made little substantive information...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in the Red Hat kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= Red Hat =- Red Hat has made updates...
Vulnerability fixed in Adobe Flash Player
Adobe has fixed a vulnerability in Adobe Flash Player. A malicious party could potentially exploit the vulnerability to execute arbitrary code under user privileges. There few substantive details about the vulnerability have been made publicly made available. Adobe has released updates to fix the...
Vulnerabilities fixed in BIND
Several vulnerabilities have been fixed in BIND. A unauthenticated remote malicious person could potentially exploit them to cause a denial-of-service of the DNS service. cause. To do this, rogue network traffic should be sent to the BIND server. -= SUSE =- SUSE has made updates available to fix...
Vulnerabilities fixed in Thunderbird
Vulnerabilities have been fixed in Thunderbird. The vulnerabilities allow a remote malicious person to execute arbitrary code execute with user privileges and spoof the origin of downloads. spoofing. Mozilla has released updates to fix the vulnerabilities. More information can be found on the pag...
Vulnerabilities fixed in libxml2
Vulnerabilities have been fixed in libxml2. The vulnerabilities allow a malicious party to perform a denial-of-service DoS execution. The developers of libxml12 categorize these vulnerabilities according to the CVSSv3 method with a highest score of 7.5. FreeBSD has released updates to fix the...
Vulnerability fixed in Websphere Application Server
A vulnerability has been fixed in Websphere Application Server. The vulnerability allows a remote malicious person using a so-called XML-External-Entity-Injection attack to obtain obtain system data. IBM has released updates to fix the vulnerability. More information can be found on the page belo...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Possible Code execution User rights Access to system data Google has made littl...
Vulnerabilities fixed in Drupal
Vulnerabilities have been fixed in Drupal. The vulnerabilities allow a malicious person to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Accessing sensitive data The vulnerability with attribute CVE-2020-13668...
Vulnerabilities fixed in Ansible
Vulnerabilities have been fixed in Ansible. The vulnerabilities allow a malicious party to gain access to sensitive and system data. Ansible has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-1736:...
Vulnerability fixed in Chrome
Google has released a new version of Chrome. At this time not all details are known and Google only names one specific vulnerability which they themselves rate as "High. This concerns a Heap buffer overflow vulnerability, which could potentially be be exploited by a malicious party to execute...
Vulnerabilities fixed in SNMP
Debian has fixed vulnerabilities in SNMP. The vulnerabilities allow a locally authenticated malicious person to obtain elevated privileges. -= Debian =- Debian has made updates to net-snmp available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages install...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities among other things allow an unauthenticated remote malicious person to remotely capable of causing a denial of service. Python has released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerabilities fixed in IBM Spectrum Protect
Vulnerabilities have been fixed in IBM Spectrum Protect. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges IBM has released updates to fix t...
Vulnerabilities fixed in cURL
GNU has fixed vulnerabilities in cURL. The vulnerabilities allow a remote malicious person to obtain sensitive to obtain data and to potentially corrupt a file. GNU has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-8169:...
Vulnerability fixed in Drupal
Drupal has fixed a vulnerability in the Form API of the Drupal Core. The vulnerability allows a remote malicious party to able to perform a Cross-Site Request Forgery attack XSRF. A successful attack could thereby lead to consequential damage such as the obtaining sensitive data from a domain to...
Vulnerability fixed in Grafana
A vulnerability has been fixed in Grafana. The vulnerability allows a remote malicious person the ability to execute arbitrary code execute arbitrary code in the victim's browser. The malicious party must entice the victim to follow a rogue hyper-link to do so. Grafana has released updates to fix...
Vulnerabilities fixed in qemu
Vulnerabilities have been fixed in QEMU. The vulnerabilities allow a malicious party the ability to cause a denial-of-service and potentially execute arbitrary code under privileges of the application. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS, 18.04 LTS, 19.10 and...
Vulnerabilities fixed in BIND
BIND has fixed several vulnerabilities that could allow a malicious potentially capable of causing a denial-of-service DoS cause. A DoS attack exploiting the vulnerability with attribute CVE-2020-8617, targets DNS clients. The vulnerability with attribute CVE-2020-8616 involves a new method for...
Vulnerabilities fixed in Nagios XI
Nagios has fixed vulnerabilities in Nagios XI. A malicious party could exploit the vulnerabilities to circumvent a circumvention of a security measure, to perform an SQL injection execute or for a cross-site scripting attack. Such attacks can lead to execution of arbitrary code and access to syst...
Vulnerability fixed in dmidump
A vulnerability has been fixed in dmidump. A malicious party can exploit the vulnerability to overwrite arbitrary files and overwrite and thus grant himself elevated privileges, or execute arbitrary code with root privileges. A researcher has published a writeup with working Proof-of-Concept code...
Vulnerabilities fixed in Squid
Vulnerabilities have been fixed in Squid. The vulnerabilities allow a malicious party the ability to access sensitive data obtain or cause a denial-of-service. The developers of Squid have released an update to fix the vulnerability with reference CVE-2022-41317. For more information, see:...
Vulnerabilities fixed in Apple products
Two different vulnerabilities have been fixed by Apple. The vulnerability with CVE attribute CVE-2022-22675 allows a malicious person able to execute arbitrary code with kernel privileges. This vulnerability has been fixed in macOS, iOS and iPadOS. The second vulnerability, CVE-2022-22674, allows...