Vulnerabilities fixed in Cisco Small Business 220 Series Switches

Cisco has fixed vulnerabilities in Small Business 220 Series Switches. An unauthenticated malicious person on the local network of the switch could potentially exploit the vulnerabilities to execute arbitrary code or cause a denial-of-service DoS. Only switches on which Link Layer Discovery...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Remote code execution User rights Spoofing Access to sensitive data Increased user privileges The tables...

Vulnerabilities fixed in IBM MQ for HPE NonStop Server

Vulnerabilities have been fixed in IBM MQ used in the HPE NonStop Server. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges IBM has released updates to f...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...

Vulnerabilities fixed in Microsoft Edge (Chromium)

Microsoft has fixed vulnerabilities in Edge Chromium-based. An unauthenticated malicious person can remotely exploit the vulnerabilities to remote exploit to execute arbitrary code in the scope of the browser. To do this, the malicious party must entice the victim to open a rogue Web page...

Vulnerability fixed in Cisco Web Security Appliance

A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. The Cisco Web Security Appliance can crash due to a large number of HTTP requests, manual actions may be necessar...

Vulnerabilities fixed in GitLab Runner

Vulnerabilities have been fixed in GitLab Runner. A authenticated malicious party could potentially exploit them to cause a denial-of-service or to gain access to system data. GitLab developers have released updates to address the vulnerabilities in GitLab Runner 14.3.4, 14.4.2 and 14.5.2. For mo...

Vulnerabilities fixed in Grafana

Grafana Labs has fixed two vulnerabilities in Grafana. The vulnerabilities allow an authenticated malicious person to to gain access to sensitive data. This data is limited to arbitrary .md and .csv files. Obtaining unauthorized access to csv files requires it is necessary that the resource...

Vulnerabilities fixed in IBM i2 Analysts Notebook

IBM has fixed vulnerabilities in i2 Analysts' Notebook. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges within the application. IBM has released updates to fix the vulnerabilities in i2 Analysts' Notebook 9.3.1. For more information, see:...

Multiple vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed vulnerabilities in Spectrum Protect and software bundled with Spectrum Protect. The bundled software covers previously fixed vulnerabilities in underlying products and libraries such as Golang, DB2, Node.js, PostgreSQL, OpenSSH, OpenSSH and others. Previous security advisories...

Vulnerabilities fixed in Autodesk products

Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities potentially allow a malicious person to execute code under the application's permissions. To exploit requires a malicious party to trick a user into opening a rogue file open. The vulnerabilities are in two modules...

Vulnerability fixed in Dell Powerpath Management Appliance

Dell has fixed a vulnerability in the Powerpath Management Appliance. A locally authenticated malicious person could exploit the vulnerability to give himself admin rights and thereby executing arbitrary code on the vulnerable system. By using a default, hardcoded, password, the malicious party c...

Vulnerabilities fixed in Atlassian Jira Server

Atlassian has fixed two vulnerabilities in Jira Server. A authenticated malicious person could exploit the vulnerabilities to give themselves elevated privileges, gain access to sensitive data and manipulate that data. The vulnerability is in access control, which allows accounts that have been...

Vulnerability fixed in Apache Log4j2

A serious vulnerability has been fixed in Apache Log4j, a java log tool used by many Web applications and services. The vulnerability makes it possible for an unauthenticated remote malicious person to execute arbitrary code with the permissions of the Web server. Because Web servers generally ru...

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in software bundled at Spectrum Control. These include previously fixed vulnerabilities in underlying products and libraries such as node.js, OpenSSL and Websphere Liberty. Previous security advisories have been published. A malicious party can exploit the...

Vulnerability fixed in SonicWall Global VPN Client

A vulnerability has been fixed in SonicWall Global VPN Client. The vulnerability is in the handling of specific DLL files. A local malicious party can exploit the vulnerability to execute arbitrary code. SonicWall has released updates to fix the vulnerability fix in Global VPN Client 4.10.7. More...

Vulnerabilities fixed in IBM DB2

Vulnerabilities have been fixed in IBM DB2. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user privileges IBM has released updates to fix the...

Vulnerabilities fixed in Fortinet FortiClient EMS and FortiClient Windows

Several vulnerabilities have been fixed in Fortinet products. These include Fortinet FortiClient EMS and FortiClient Windows. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of...

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. An unauthenticated remote malicious agent could cause a Denial-of-Service exploit. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6524674...

Vulnerabilities fixed in Bentley View and Microstation

Bentley Systems has fixed several vulnerabilities in Bentley View and Microstation. A malicious party could potentially exploit them to cause a denial-of-service, or to execute arbitrary code with the victim's privileges. The malicious party does not need prior authentication, but must entice the...

Vulnerabilities fixed in Fortinet FortiWeb

Several vulnerabilities have been fixed in Fortinet FortiWeb. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User...

Vulnerability fixed in Fortinet products

A vulnerability has been fixed in FortiSandbox, FortiWeb, FortiADC and FortiMail. A malicious party in possession of the password store could potentially gain access to encrypted data. Fortinet has released updates to address the vulnerability. fix. For more information, see:...

Vulnerabilities fixed in SonicWall SMA100 series

Vulnerabilities have been fixed in SonicWall SMA100. The vulnerabilities with the attribute CVE-2021-20038 and CVE-2021-20045 have received a CVSSv3 score of 9.8 and 9.4 and allow an unauthenticated remote malicious person potentially able to execute code execute code on the system. The...

Vulnerabilities fixed in FortiOS

Vulnerabilities have been fixed in FortiOS and FortiGate. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution User Rights Acces...

Vulnerability fixed in Huawei CloudEngine

Huawei has fixed a vulnerability in their CloudEngine series of switches. An unauthenticated malicious person on the same network can exploit the vulnerability to cause a denial-of-service cause. Huawei has released updates to fix the vulnerability in CloudEngine. For more information, see:...

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana. The vulnerability with the attribute CVE-2021-43798 concerns a path-traversal vulnerability that allows an unauthenticated remote malicious person to potentially be able to gain access to sensitive data. On Twitter and elsewhere and others, exploits are...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. The vulnerabilities potentially allow a remote malicious person to able to execute arbitrary code with the privileges of the application. Google has made few technical details about the vulnerabilities made publicly available. Google has released...

Vulnerability fixed in Ngnix

F5 has fixed a vulnerability in NGINX. The vulnerability makes it possible to perform a denial-of-service attack by sending corrupt json data. The vulnerability is specifically in the JSON parser of the ModSecurity WAF module of NGINX Plus. F5 has made updates available to fix the vulnerability...

Vulnerability fixed in Dell Wyse Device Agent

A vulnerability has been fixed in Dell Wyse Device Agent version 14.5.4.1 and below. A local authenticated user with low privileges could potentially exploit this security vulnerability and gain access to sensitive information. Dell has released updates to fix the vulnerability in Wyse Device...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab CE/EE. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges Gitlab has made updates available to address the...

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges The...

Vulnerabilities fixed in IBM Cognos Analytics

IBM has fixed a large number of vulnerabilities in underlying software provided with Cognos Analytics. The vulnerabilities were previously fixed and released by the vendors in question previously fixed and released. IBM has in this update bundled the affected vulnerabilities for Cognos. A malicio...

Vulnerability fixed in Zoho ManageEngine Desktop Central

Zoho has fixed a vulnerability in ManageEngine Desktop Central. Desktop Central is a solution used by administrators to remotely manage devices within an organization. manage. The vulnerability makes it possible for a malicious person to bypass authentication and execute arbitrary code. It is goo...

Vulnerability fixed in GNU Mailman

The developers of GNU Mailman have fixed a vulnerability in GNU Mailman. The vulnerability could be exploited by a malicious person abused to perform a Cross-Site Request Forgery XSRF on the administrator page. The developers have released updates to fix the vulnerability fix in GNU Mailman 2.1.3...

Vulnerability fixed in Zoho ManageEngine ADSelfService Plus

Zoho ManageEngine has fixed a vulnerability in ADSelfService Plus. ADSelfService Plus is a self-service password management and single-sign-on solution. The vulnerability allows a malicious remote user the ability to execute arbitrary code. The FBI, CISA and CGCYBER, have issued a joint security...

Vulnerabilities remedied in Dell PowerEdge VRTX and X-Series firmware

Dell has fixed vulnerabilities in VRTX switch module firmware. By exploiting these vulnerabilities, an unauthenticated malicious person remotely retrieve another user's login credentials retrieve another user's login credentials and thereby gain elevated privileges. It is also it is possible to...

Vulnerability fixed in Cryptshare server

A vulnerability has been fixed in the Web App component of Cryptshare server. This vulnerability allows a malicious user of the system to, via an "HTML injection" attack to redirect the recipient of a "confidential" message to an arbitrary web page. The recipient must open such a message message...

Vulnerabilities fixed in IBM QRadar

IBM has fixed vulnerabilities in QRadar. The vulnerabilities potentially enable a malicious person to conduct attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data Increased user privileges IBM has made updates available to...

Vulnerabilities fixed in IBM Integration Bus

IBM has fixed vulnerabilities in Integration Bus. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights IBM has released updates to fix the...

Vulnerability concealed in FortiClient

A vulnerability has been fixed in FortiClient and FortiClient EMS. An insecure search path could allow an attacker to launch a DLL-Hijack attack. Through the exploitation of this vulnerability, an attacker can obtain elevated privileges on the vulnerable system. Fortinet has released updates to f...

Vulnerabilities fixed in IBM MQ

IBM has fixed several vulnerabilities in MQ. A malicious person could potentially exploit the vulnerabilities locally to cause a denial-of-service, gain access to sensitive data or execute arbitrary code under the user's privileges. IBM has released updates to fix the vulnerability. More...

Vulnerabilities fixed in Dell EMC CloudLink

Vulnerabilities have been fixed in Dell EMC CloudLink. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution application rights...

Vulnerability fixed in Trend Micro Antivirus for Mac

Trend Micro has released updated versions of the Trend Micro Antivirus for macOS. Abuse of this vulnerability may result in increased user privileges as a result. Trend Micro has released updates to address the vulnerabilities. fix. More information can be found on the page below:...

Vulnerability fixed in Sophos SG UTM

A SQL injection vulnerability has been fixed in the user portal of Sophos SG UTM. An authenticated user could potentially execute arbitrary code. Sophos has released updates to fix the vulnerabilities. For more information, see: https://www.sophos.com/en-us/security-advisories...

Vulnerabilities fixed in OpenBSD

Two vulnerabilities have been fixed in OpenBSD. The vulnerabilities apply to the kernel and libcrypto. The kernel vulnerability allows a local authorized user able to establish a denial of service on the system. This vulnerability is present in OpenBSD 6.9 and 7.0. The second vulnerability is in...

Vulnerabilities fixed in Zoom products

Two vulnerabilities have been fixed in various Zoom products, including the Zoom Client for Meetings. A malicious party could vulnerabilities potentially exploit them to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights...

Vulnerability fixed in VxWorks

A vulnerability has been fixed in Wind River VxWorks 6.9 and 7. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by sending a specially prepared network packet to the IKE service. Wind River has released updates to fix the vulnerability fix in VxWorks. Fo...

Vulnerabilities fixed in Roundcube Webmail

Roundcube has fixed vulnerabilities in Webmail and Webmail LTS. The vulnerabilities allow a malicious party to launch a cross-site scripting attack, or to perform an SQL injection execute and thus gain access to the data in the underlying database. Roundcube has released updates to address the...