4207 matches found
Availability issue fixed in Microsoft Exchange
Due to a bug in the on-premises Microsoft Exchange Server 2016 and 2019, email may not have been sent out anymore. At this time, there is no reason to believe that incoming email has not been accepted. The accepted emails just could not be delivered. The problem could have occurred because of the...
Vulnerability fixed in Apache Log4j
A vulnerability has been fixed in Apache Log4j. The vulnerability with reference CVE-2021-44832 allows a malicious person to execute execute arbitrary code. To exploit the vulnerability an attacker must have the ability to modify a configuration file modify a configuration file that the vulnerabl...
Vulnerability fixed in Moxa MGate systems
Moxa has fixed a vulnerability in the MGate 5109 and MGate 5101-PBM-MN protocol gateway systems. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. Abuse is possible by continuously sending specially prepared network traffic, causing the gatewa...
Vulnerabilities fixed in NetBSD
Vulnerabilities have been fixed in NetBSD's IP stack. Because the randomizer for IP packet ID is not turned on by default, and the randomizer is not random enough when it is enabled, a malicious party can analyze the IP traffic and possibly gain access to sensitive data via a man-in-the-middle...
Vulnerability found in Moxa MGate
A vulnerability has been found in Moxa MGate. The vulnerability allows an unauthenticated remote malicious person to obtain obtain sensitive data. The vulnerable Moxa MGate series have vulnerable firmware that makes it possible for an attacker to intercept the traffic and then decrypt the login...
Vulnerabilities fixed in PostgreSQL
Vulnerabilities have been fixed in PostgreSQL. An authenticated malicious person could exploit the vulnerabilities to cause a denial-of-service. In addition, an unauthenticated malicious person with a man-in-the-middle position can exploit the vulnerabilities potentially exploit the vulnerabiliti...
Vulnerability fixed in SonicWall SMA100 series
A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to access some management APIs in order to view meta-data of configurations. SonicWall has released updates to fix the vulnerability. fix. More information can be...
Vulnerabilities fixed in Emerson DeltaV
Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the exploit the vulnerabilities to execute with elevated privileg...
Vulnerabilities fixed in SolarWinds Orion
SolarWinds has fixed vulnerabilities in Orion. The vulnerabilities marked CVE-2021-35234 and CVE-2021-35248 allow an authenticated malicious person to gain access to user data, including hashed passwords and information about salts used. In addition, a malicious person with alert management...
Vulnerabilities fixed in VMware products
VMware has fixed vulnerabilities in the following products: VMware Cloud Foundation VMware Identity Manager vIDM VMware Workspace ONE Access Access VMware vRealize Automation vRA VMware vRealize Suite Lifecycle Manager A remote malicious party could potentially exploit them to bypass two-factor...
Vulnerability fixed in Apache Solr for Windows
Apache has fixed vulnerabilities in Solr for Windows. The vulnerability allows a malicious party to access sensitive data, impersonate another user or potentially execute arbitrary code. Apache has released updates to fix the vulnerability in Solr 8.11.1. For more information, see:...
Vulnerabilities fixed in Apache httpd
Apache has fixed two vulnerabilities in HTTP Server. The vulnerability with attribute CVE-2021-44224 is present when HTTP Server is configured as a forward proxy. The vulnerability allows a remote malicious person to cause a denial-of-service cause or potentially perform a cross-site request...
Vulnerability fixed in VMware Workspace ONE UEM
VMware has fixed a vulnerability in Workspace ONE UEM. A unauthenticated malicious person could exploit this vulnerability to perform a same-site request forgery SSRF attack and thereby gain access to sensitive data. For successful exploitation requires network access to the Workspace ONE UEM...
Vulnerabilities fixed in Dell EMC iDRAC
Dell EMC has fixed vulnerabilities in iDRAC8 and iDRAC9.The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access to system...
Vulnerabilities fixed in MediaWiki
Vulnerabilities have been fixed in MediaWiki. The vulnerabilities potentially allow a malicious party to view non-public wiki content or modify the content of a wiki. MediaWiki has released updates to address the vulnerabilities. fix. More information can be found on the page below:...
Vulnerability fixed in DBeaver
A vulnerability has been fixed in DBeaver. The vulnerability allows a local malicious agent to obtain sensitive data. This is possible because the loading of external XML entities is not properly is not properly captured. For this vulnerability Proof-of-Concept code is available. DBeaver's...
Vulnerabilities fixed in JBoss Enterprise Application Platform
Red Hat has fixed vulnerabilities in JBoss Enterprise Application Platform. A remote malicious person could vulnerabilities potentially exploit them to cause a denial-of-service or to gain access to sensitive data. Red Hat has released updates to fix the vulnerabilities in JBoss Enterprise...
Vulnerabilities fixed in Red Hat OpenShift Logging
Red Hat has fixed vulnerabilities in OpenShift Logging. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. A malicious person at remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code under application privileges. Apple has few substantive details about the vulnerabilities publicly made available. Apple has...
Vulnerabilities fixed in X.Org X Server
Vulnerabilities have been fixed in X.Org X Server. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code or obtain elevated privileges. When using X Forwarding over SSH, the vulnerabilities may also be remotely exploitable. -=...
Vulnerabilities fixed in Schneider Electric products
Schneider Electric has fixed vulnerabilities in its PowerLogic and Modicon products. The vulnerabilities allow an unauthenticated malicious person to cause a denial-of-service or gain access to sensitive data. To do so, rogue network traffic must be sent to the vulnerable device be sent. Schneide...
Vulnerabilities fixed in Adobe products
Adobe has fixed vulnerabilities in several of its products. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Increased user privileges Adobe...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...
Vulnerability fixed in WIBU Codemeter Runtime
WIBU Systems has fixed a vulnerability in WIBU Codemeter Runtime. A local, authenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause, or manipulate data. The vulnerability can be exploited by creating a symbolic link using...
Vulnerability fixed in SIMATIC eaSie PCS7
Siemens has fixed a vulnerability in SIMATIC eaSie PCS7. A authenticated malicious party can exploit the vulnerability to access arbitrary files via path-traversal on the vulnerable system. The download function in which the vulnerability is not activated by default. Siemens has released updates ...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer tools. A local malicious person could exploit the vulnerabilities to execute arbitrary code, or to impersonate a user other than himself. The tables below list the vulnerabilities that have been fixed by Microsoft. Visual Studio Code:...
Vulnerabilities fixed in Microsoft Edge (Chromium)
Microsoft has fixed vulnerabilities in Edge Chromium-based. An unauthenticated malicious person can remotely exploit the vulnerabilities to remote exploit to execute arbitrary code in the scope of the browser. To do this, the malicious party must entice the victim to open a rogue Web page...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the user's privileges. Google has made few substantive details available about these vulnerabilities. Google has indicated that for the vulnerability...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...
Vulnerabilities fixed in IBM MQ for HPE NonStop Server
Vulnerabilities have been fixed in IBM MQ used in the HPE NonStop Server. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges IBM has released updates to f...
Vulnerabilities fixed in Cisco Small Business 220 Series Switches
Cisco has fixed vulnerabilities in Small Business 220 Series Switches. An unauthenticated malicious person on the local network of the switch could potentially exploit the vulnerabilities to execute arbitrary code or cause a denial-of-service DoS. Only switches on which Link Layer Discovery...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Remote code execution User rights Spoofing Access to sensitive data Increased user privileges The tables...
Vulnerabilities fixed in IBM i2 Analysts Notebook
IBM has fixed vulnerabilities in i2 Analysts' Notebook. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges within the application. IBM has released updates to fix the vulnerabilities in i2 Analysts' Notebook 9.3.1. For more information, see:...
Vulnerabilities fixed in GitLab Runner
Vulnerabilities have been fixed in GitLab Runner. A authenticated malicious party could potentially exploit them to cause a denial-of-service or to gain access to system data. GitLab developers have released updates to address the vulnerabilities in GitLab Runner 14.3.4, 14.4.2 and 14.5.2. For mo...
Vulnerability fixed in Cisco Web Security Appliance
A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. The Cisco Web Security Appliance can crash due to a large number of HTTP requests, manual actions may be necessar...
Vulnerabilities fixed in Grafana
Grafana Labs has fixed two vulnerabilities in Grafana. The vulnerabilities allow an authenticated malicious person to to gain access to sensitive data. This data is limited to arbitrary .md and .csv files. Obtaining unauthorized access to csv files requires it is necessary that the resource...
Multiple vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed vulnerabilities in Spectrum Protect and software bundled with Spectrum Protect. The bundled software covers previously fixed vulnerabilities in underlying products and libraries such as Golang, DB2, Node.js, PostgreSQL, OpenSSH, OpenSSH and others. Previous security advisories...
Vulnerabilities fixed in Atlassian Jira Server
Atlassian has fixed two vulnerabilities in Jira Server. A authenticated malicious person could exploit the vulnerabilities to give themselves elevated privileges, gain access to sensitive data and manipulate that data. The vulnerability is in access control, which allows accounts that have been...
Vulnerability fixed in Dell Powerpath Management Appliance
Dell has fixed a vulnerability in the Powerpath Management Appliance. A locally authenticated malicious person could exploit the vulnerability to give himself admin rights and thereby executing arbitrary code on the vulnerable system. By using a default, hardcoded, password, the malicious party c...
Vulnerability fixed in Apache Log4j2
A serious vulnerability has been fixed in Apache Log4j, a java log tool used by many Web applications and services. The vulnerability makes it possible for an unauthenticated remote malicious person to execute arbitrary code with the permissions of the Web server. Because Web servers generally ru...
Vulnerabilities fixed in Autodesk products
Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities potentially allow a malicious person to execute code under the application's permissions. To exploit requires a malicious party to trick a user into opening a rogue file open. The vulnerabilities are in two modules...
Vulnerabilities fixed in IBM Spectrum Control
IBM has fixed vulnerabilities in software bundled at Spectrum Control. These include previously fixed vulnerabilities in underlying products and libraries such as node.js, OpenSSL and Websphere Liberty. Previous security advisories have been published. A malicious party can exploit the...
Vulnerabilities fixed in Bentley View and Microstation
Bentley Systems has fixed several vulnerabilities in Bentley View and Microstation. A malicious party could potentially exploit them to cause a denial-of-service, or to execute arbitrary code with the victim's privileges. The malicious party does not need prior authentication, but must entice the...
Vulnerabilities fixed in Fortinet FortiWeb
Several vulnerabilities have been fixed in Fortinet FortiWeb. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User...
Vulnerability fixed in IBM WebSphere Application Server
A vulnerability has been fixed in IBM WebSphere Application Server. An unauthenticated remote malicious agent could cause a Denial-of-Service exploit. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6524674...
Vulnerabilities fixed in IBM DB2
Vulnerabilities have been fixed in IBM DB2. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user privileges IBM has released updates to fix the...
Vulnerabilities fixed in Fortinet FortiClient EMS and FortiClient Windows
Several vulnerabilities have been fixed in Fortinet products. These include Fortinet FortiClient EMS and FortiClient Windows. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of...
Vulnerability fixed in SonicWall Global VPN Client
A vulnerability has been fixed in SonicWall Global VPN Client. The vulnerability is in the handling of specific DLL files. A local malicious party can exploit the vulnerability to execute arbitrary code. SonicWall has released updates to fix the vulnerability fix in Global VPN Client 4.10.7. More...