4207 matches found
Vulnerability fixed in Linux kernel
A local malicious party can, by exploiting a buffer overflow vulnerability in the Linux kernel, gain elevated privileges acquire, execute arbitrary code or cause a denial of service cause a denial of service on the vulnerable system. -= Red Hat =- Red Hat has made updates available for...
Vulnerabilities fixed in McAfee Agent
Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially allow a malicious party to obtain elevated privileges to obtain or execute arbitrary code with the privileges of the application. McAfee has made updates available to address the vulnerabilities. fixes. For more...
Vulnerabilities fixed in Cisco StarOS Software
Cisco has fixed vulnerabilities in StarOS, the operating system of a series of Aggregation Services Routers ASR. Because the debug mode was misconfigured, a remote malicious party may be able to access sensitive information and may be able to execute arbitrary code under the root privileges of th...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a remote malicious person to execute arbitrary code to execute under the application's permissions. Google typically does not release details about the vulnerabilities but marks the vulnerability with attribut...
Vulnerability fixed in ClamAV
A vulnerability has been fixed in ClamAV. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause by having a rogue file opened by the parser in the application. The clamscan --gen-json function must be enabled. -= ClamAV =- Cisco has released updates to f...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in the following Oracle E-Business Suite products: Configurator Time and Labor iStore Trade Management Partner Management Installed Base Sourcing Project Costing The vulnerabilities enable a malicious person to carry out attacks execute attacks that result in the...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise CS SA Integration Pack The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in Oracle Virtualization
Oracle has fixed vulnerabilities in VM VirtualBox. A malicious party needs local access rights to exploit the vulnerabilities. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------| |...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in the following products: Enterprise Manager Base Platform Application Testing Suite APM - Application Performance Management Enterprise Manager Ops Center The vulnerabilities potentially enable a malicious party to execute attacks that result in the following...
Vulnerability fixed in Oracle Health Sciences Applications
Oracle has fixed a vulnerability in the following products: Thesaurus Management System Clinical Health Sciences Clinical Development Analytics Argus Safety Argus Insight Argus Analytics Health Sciences InForm CRF Submit Argus Mart ------------------.------.------------------------------------- |...
Vulnerability fixed in Oracle JD Edwards EnterpriseOne Tools
Oracle has fixed a vulnerability in JD Edwards EnterpriseOne Tools. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------| | CVE-2021-23337 | 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |...
Vulnerabilities fixed in Oracle Communications Applications
Oracle has fixed vulnerabilities in the following Oracle Communications Applications products: Communications Billing and Revenue Management Communications Offline Mediation Controller Communications Design Studio Communications Network Integrity Communications Unified Inventory Management...
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in the following Oracle Financial Services Applications products: Financial Services Analytical Applications Infrastructure FLEXCUBE Investor Servicing FLEXCUBE Private Banking Banking Platform Financial Services Behavior Detection Platform Financial Services...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Oracle Fusion Middleware products: Fusion Middleware HTTP Server Fusion Middleware MapViewer BI Publisher formerly XML Publisher BAM Business Activity Monitoring WebCenter Portal Business Intelligence Enterprise Edition Data Integrator WebLogic...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed vulnerabilities in the following products: Communications Services Gatekeeper Communications Service Broker Communications Session Border Controller Enterprise Session Border Controller Enterprise Communications Broker Communications Operations Monitor Communications Interactive...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following Oracle Database Server products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX Engineered Systems Utilities The vulnerabilities allow a malicious person to carry out attacks execute attac...
Vulnerabilities fixed in Oracle Systems
Oracle has fixed vulnerabilities in the following products: Solaris Operating System Sun ZFS Storage Appliance Kit AK Software Sun ZFS Storage Application Integration Engineering Software Fujitsu SPARC Servers Firmware The vulnerability with CVE attribute CVE-2021-2351 allows for an unauthorized...
Vulnerabilities fixed in Oracle Essbase
Oracle has fixed vulnerabilities in the following products: Hyperion Essbase Hyperion Essbase Administration Services The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...
Vulnerability fixed in Oracle Java SE and GraalVM Enterprise Edition
Oracle has fixed vulnerabilities in the following products: Java SE JDK and JRE GraalVM Enterprise Edition The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of...
Vulnerabilities fixed in Oracle Supply Chain
Oracle has fixed vulnerabilities in the following products: Demantra Demand Management Agile Engineering Data Management Agile PLM MCAD Connector Agile PLM Framework Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite Rapid Planning Product Lifecycle Analytics The...
Vulnerabilities fixed in Oracle Siebel CRM
Oracle has fixed vulnerabilities in the Siebel UI Framework product. ------------------.------.------------------------------------- | CVE-ID | CVSS | Vector |. |------------------|------|-------------------------------------| | CVE-2021-2351 | 8.3 | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | |...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following products: MySQL Workbench MySQL Server MySQL Cluster MySQL Connectors The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...
Vulnerabilities fixed in Oracle Construction and Engineering
Oracle has fixed vulnerabilities in the following products: Primavera P6 Enterprise Project Portfolio Management Primavera P6 Professional Project Management Primavera Portfolio Management Primavera Data Warehouse Primavera Analytics Primavera Unifier Instantis EnterpriseTrack Primavera Gateway T...
Vulnerabilities fixed in Expat
Developers have fixed vulnerabilities in Expat. The vulnerabilities allow a remote malicious person to perform a Denial-of-Service. To do this, the malicious party must send an XML tag with an overflow of attributes to the vulnerable XML server send or trigger an integer overflow on various...
Vulnerability fixed in Zoho ManageEngine Desktop Central
Zoho has fixed a vulnerability in ManageEngine Desktop Central. Desktop Central is a solution used by administrators to remotely manage devices within an organization. manage. The vulnerability makes it possible for a malicious person to bypass authentication and execute arbitrary code under the...
Vulnerabilities fixed in Gitlab
Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Spoofing Accessing sensitive data O...
Vulnerabilities fixed in Schneider Electric products
Schneider Electric has fixed vulnerabilities in Modicon products. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service or gain access to sensitive data. Schneider Electric has released updates to address the vulnerabilities. fixes. For more information,...
Vulnerabilities fixed in Ghostscript
Vulnerabilities have been fixed in Ghostscript. A malicious person could potentially exploit the vulnerability to cause a denial-of-service cause. To do this, a specially prepared PostScript file to be processed by the Ghostscript instance. Because Ghostscript is commonly used on print servers in...
Vulnerabilities fixed Juniper Junos OS
Juniper has fixed several vulnerabilities in Junos OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Increased user privileges Because these are...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Increased user privileges Cisco has released updates to fix the...
Vulnerabilities fixed in Citrix Hypervisor
Several security issues have been fixed in Citrix Hypervisor, which may cause the host to crash or become un responsive. Citrix has released updates to fix the vulnerabilities. More information can be found on the page below: https://support.citrix.com/article/CTX335432...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in several of its products. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Increased user...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing...
Vulnerability fixed in Siemens SIPROTEC systems
Siemens has fixed a vulnerability in SIPROTEC 5 systems. The vulnerability allows an unauthenticated malicious person to read information from the system. The vulnerability is located in the Web component of systems based on CPU variants CP050, CP100 and CP300. To exploit the vulnerability, the...
Vulnerability fixed in Microsoft Developer Tools
Microsoft has fixed a vulnerability in the .NET Framework. A malicious person with access to the network can exploit the vulnerability potentially exploit it to launch a denial-of-service attack. .NET Framework: |----------------|------|-------------------------------------| | CVE ID | CVSS |...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Access to sensitive data SAP has released updates to address...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Microsoft Dynamics. The vulnerabilities allow a malicious party to launch a Cross-Site Scripting attack and the malicious party can then impersonate then impersonate another user. Microsoft Dynamics:...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow an authenticated malicious person with access to the victim's network is able to execute arbitrary code. Overview of fixed vulnerabilities: |----------------|------|-------------------------------------| |...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Microsoft Office. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Access to sensitive data Increased user privileges The...
Vulnerabilities fixed in WordPress
WordPress developers have fixed several vulnerabilities fixed. A remote malicious party could remotely exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack and perform SQL Injection. WordPress developers have released updates to fix the...
Vulnerability fixed in IBM AIX
IBM has fixed a vulnerability in AIX. A local malicious party can, through manipulation of the mount command execute arbitrary code, possibly with elevated privileges up to root privileges. IBM has released updates to fix the vulnerability in AIX v 7.1 and 7.2. For more information, see:...
Vulnerability fixed in H2 Database Console
A vulnerability has been found in the Console component of H2 Database. This vulnerability allows a local malicious person to to execute arbitrary code under application privileges. Researchers at JFrog found this vulnerability during additional research on Java vulnerabilities following Log4j. S...
Vulnerabilities fixed in SonicOS
SonicWall has fixed two vulnerabilities in SonicOS. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code execute arbitrary code on the underlying system with the privileges of the logged-in user. To accomplish this, the...
Vulnerability fixed in Roundcube Webmail
A vulnerability has been fixed in Roundcube Webmail. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the user opens a rogue e-mail. Roundcube has released...
Rootkit found in HPE iLO environments
Security researchers at AmnPardaz have published an investigation published about a rootkit found in HPE iLO systems. The malware, called "iLOBleed," was used, among other things, to to wipe a system's hard drives. Because the iLO subsystem has exceptionally high privileges, compromising it means...
Vulnerability fixed in Atlassian Jira
A vulnerability has been fixed in Atlassian Jira Server and Jira Data Center. A malicious party could exploit the vulnerability to performing a Cross-Site Scripting XSS attack. A such attack can result in the execution of arbitrary script code in the browser used to visit the application. To do...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made few technical...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges This update also fixes vulnerabilities...
Vulnerabilities fixed in HCL Technologies Digital Experience
A Server Side Request Forgery SSRF vulnerability has been fixed in HCL Technologies Digital Experience formerly known as IBM WebSphere Portal. The vulnerability potentially allows a malicious person able to gain access to systems that they initially should not have access to. The researchers who...