Vulnerabilities fixed in Schneider Electric products

Schneider Electric has fixed vulnerabilities in Modicon products. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service or gain access to sensitive data. Schneider Electric has released updates to address the vulnerabilities. fixes. For more information,...

Vulnerabilities fixed in Ghostscript

Vulnerabilities have been fixed in Ghostscript. A malicious person could potentially exploit the vulnerability to cause a denial-of-service cause. To do this, a specially prepared PostScript file to be processed by the Ghostscript instance. Because Ghostscript is commonly used on print servers in...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Increased user privileges Cisco has released updates to fix the...

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing...

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in several of its products. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Increased user...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Microsoft Dynamics. The vulnerabilities allow a malicious party to launch a Cross-Site Scripting attack and the malicious party can then impersonate then impersonate another user. Microsoft Dynamics:...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Microsoft Office. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Access to sensitive data Increased user privileges The...

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow an authenticated malicious person with access to the victim's network is able to execute arbitrary code. Overview of fixed vulnerabilities: |----------------|------|-------------------------------------| |...

Vulnerability fixed in Siemens SIPROTEC systems

Siemens has fixed a vulnerability in SIPROTEC 5 systems. The vulnerability allows an unauthenticated malicious person to read information from the system. The vulnerability is located in the Web component of systems based on CPU variants CP050, CP100 and CP300. To exploit the vulnerability, the...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Access to sensitive data SAP has released updates to address...

Vulnerability fixed in Microsoft Developer Tools

Microsoft has fixed a vulnerability in the .NET Framework. A malicious person with access to the network can exploit the vulnerability potentially exploit it to launch a denial-of-service attack. .NET Framework: |----------------|------|-------------------------------------| | CVE ID | CVSS |...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights...

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. A remote malicious party could remotely exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack and perform SQL Injection. WordPress developers have released updates to fix the...

Vulnerability fixed in IBM AIX

IBM has fixed a vulnerability in AIX. A local malicious party can, through manipulation of the mount command execute arbitrary code, possibly with elevated privileges up to root privileges. IBM has released updates to fix the vulnerability in AIX v 7.1 and 7.2. For more information, see:...

Vulnerability fixed in H2 Database Console

A vulnerability has been found in the Console component of H2 Database. This vulnerability allows a local malicious person to to execute arbitrary code under application privileges. Researchers at JFrog found this vulnerability during additional research on Java vulnerabilities following Log4j. S...

Vulnerability fixed in Roundcube Webmail

A vulnerability has been fixed in Roundcube Webmail. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the user opens a rogue e-mail. Roundcube has released...

Vulnerabilities fixed in SonicOS

SonicWall has fixed two vulnerabilities in SonicOS. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code execute arbitrary code on the underlying system with the privileges of the logged-in user. To accomplish this, the...

Vulnerability fixed in Atlassian Jira

A vulnerability has been fixed in Atlassian Jira Server and Jira Data Center. A malicious party could exploit the vulnerability to performing a Cross-Site Scripting XSS attack. A such attack can result in the execution of arbitrary script code in the browser used to visit the application. To do...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made few technical...

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges This update also fixes vulnerabilities...

Rootkit found in HPE iLO environments

Security researchers at AmnPardaz have published an investigation published about a rootkit found in HPE iLO systems. The malware, called "iLOBleed," was used, among other things, to to wipe a system's hard drives. Because the iLO subsystem has exceptionally high privileges, compromising it means...

Vulnerabilities fixed in HCL Technologies Digital Experience

A Server Side Request Forgery SSRF vulnerability has been fixed in HCL Technologies Digital Experience formerly known as IBM WebSphere Portal. The vulnerability potentially allows a malicious person able to gain access to systems that they initially should not have access to. The researchers who...

Availability issue fixed in Microsoft Exchange

Due to a bug in the on-premises Microsoft Exchange Server 2016 and 2019, email may not have been sent out anymore. At this time, there is no reason to believe that incoming email has not been accepted. The accepted emails just could not be delivered. The problem could have occurred because of the...

Vulnerability fixed in Moxa MGate systems

Moxa has fixed a vulnerability in the MGate 5109 and MGate 5101-PBM-MN protocol gateway systems. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. Abuse is possible by continuously sending specially prepared network traffic, causing the gatewa...

Vulnerability fixed in Apache Log4j

A vulnerability has been fixed in Apache Log4j. The vulnerability with reference CVE-2021-44832 allows a malicious person to execute execute arbitrary code. To exploit the vulnerability an attacker must have the ability to modify a configuration file modify a configuration file that the vulnerabl...

Vulnerabilities fixed in NetBSD

Vulnerabilities have been fixed in NetBSD's IP stack. Because the randomizer for IP packet ID is not turned on by default, and the randomizer is not random enough when it is enabled, a malicious party can analyze the IP traffic and possibly gain access to sensitive data via a man-in-the-middle...

Vulnerability found in Moxa MGate

A vulnerability has been found in Moxa MGate. The vulnerability allows an unauthenticated remote malicious person to obtain obtain sensitive data. The vulnerable Moxa MGate series have vulnerable firmware that makes it possible for an attacker to intercept the traffic and then decrypt the login...

Vulnerabilities fixed in PostgreSQL

Vulnerabilities have been fixed in PostgreSQL. An authenticated malicious person could exploit the vulnerabilities to cause a denial-of-service. In addition, an unauthenticated malicious person with a man-in-the-middle position can exploit the vulnerabilities potentially exploit the vulnerabiliti...

Vulnerabilities fixed in Emerson DeltaV

Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the exploit the vulnerabilities to execute with elevated privileg...

Vulnerability fixed in SonicWall SMA100 series

A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to access some management APIs in order to view meta-data of configurations. SonicWall has released updates to fix the vulnerability. fix. More information can be...

Vulnerabilities fixed in SolarWinds Orion

SolarWinds has fixed vulnerabilities in Orion. The vulnerabilities marked CVE-2021-35234 and CVE-2021-35248 allow an authenticated malicious person to gain access to user data, including hashed passwords and information about salts used. In addition, a malicious person with alert management...

Vulnerability fixed in Apache Solr for Windows

Apache has fixed vulnerabilities in Solr for Windows. The vulnerability allows a malicious party to access sensitive data, impersonate another user or potentially execute arbitrary code. Apache has released updates to fix the vulnerability in Solr 8.11.1. For more information, see:...

Vulnerabilities fixed in VMware products

VMware has fixed vulnerabilities in the following products: VMware Cloud Foundation VMware Identity Manager vIDM VMware Workspace ONE Access Access VMware vRealize Automation vRA VMware vRealize Suite Lifecycle Manager A remote malicious party could potentially exploit them to bypass two-factor...

Vulnerabilities fixed in Apache httpd

Apache has fixed two vulnerabilities in HTTP Server. The vulnerability with attribute CVE-2021-44224 is present when HTTP Server is configured as a forward proxy. The vulnerability allows a remote malicious person to cause a denial-of-service cause or potentially perform a cross-site request...

Vulnerabilities fixed in Dell EMC iDRAC

Dell EMC has fixed vulnerabilities in iDRAC8 and iDRAC9.The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access to system...

Vulnerability fixed in VMware Workspace ONE UEM

VMware has fixed a vulnerability in Workspace ONE UEM. A unauthenticated malicious person could exploit this vulnerability to perform a same-site request forgery SSRF attack and thereby gain access to sensitive data. For successful exploitation requires network access to the Workspace ONE UEM...

Vulnerability fixed in DBeaver

A vulnerability has been fixed in DBeaver. The vulnerability allows a local malicious agent to obtain sensitive data. This is possible because the loading of external XML entities is not properly is not properly captured. For this vulnerability Proof-of-Concept code is available. DBeaver's...

Vulnerabilities fixed in JBoss Enterprise Application Platform

Red Hat has fixed vulnerabilities in JBoss Enterprise Application Platform. A remote malicious person could vulnerabilities potentially exploit them to cause a denial-of-service or to gain access to sensitive data. Red Hat has released updates to fix the vulnerabilities in JBoss Enterprise...

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. The vulnerabilities potentially allow a malicious party to view non-public wiki content or modify the content of a wiki. MediaWiki has released updates to address the vulnerabilities. fix. More information can be found on the page below:...

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in several of its products. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Increased user privileges Adobe...

Vulnerabilities fixed in Apple Safari

Apple has fixed vulnerabilities in Safari. A malicious person at remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code under application privileges. Apple has few substantive details about the vulnerabilities publicly made available. Apple has...

Vulnerabilities fixed in X.Org X Server

Vulnerabilities have been fixed in X.Org X Server. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code or obtain elevated privileges. When using X Forwarding over SSH, the vulnerabilities may also be remotely exploitable. -=...

Vulnerabilities fixed in Schneider Electric products

Schneider Electric has fixed vulnerabilities in its PowerLogic and Modicon products. The vulnerabilities allow an unauthenticated malicious person to cause a denial-of-service or gain access to sensitive data. To do so, rogue network traffic must be sent to the vulnerable device be sent. Schneide...

Vulnerabilities fixed in Red Hat OpenShift Logging

Red Hat has fixed vulnerabilities in OpenShift Logging. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...

Vulnerability fixed in SIMATIC eaSie PCS7

Siemens has fixed a vulnerability in SIMATIC eaSie PCS7. A authenticated malicious party can exploit the vulnerability to access arbitrary files via path-traversal on the vulnerable system. The download function in which the vulnerability is not activated by default. Siemens has released updates ...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...

Vulnerability fixed in WIBU Codemeter Runtime

WIBU Systems has fixed a vulnerability in WIBU Codemeter Runtime. A local, authenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause, or manipulate data. The vulnerability can be exploited by creating a symbolic link using...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer tools. A local malicious person could exploit the vulnerabilities to execute arbitrary code, or to impersonate a user other than himself. The tables below list the vulnerabilities that have been fixed by Microsoft. Visual Studio Code:...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the user's privileges. Google has made few substantive details available about these vulnerabilities. Google has indicated that for the vulnerability...