4207 matches found
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. The vulnerabilities potentially allow a remote malicious person to able to execute arbitrary code with the privileges of the application. Google has made few technical details about the vulnerabilities made publicly available. Google has released...
Vulnerability fixed in Grafana
A vulnerability has been fixed in Grafana. The vulnerability with the attribute CVE-2021-43798 concerns a path-traversal vulnerability that allows an unauthenticated remote malicious person to potentially be able to gain access to sensitive data. On Twitter and elsewhere and others, exploits are...
Vulnerability fixed in Fortinet products
A vulnerability has been fixed in FortiSandbox, FortiWeb, FortiADC and FortiMail. A malicious party in possession of the password store could potentially gain access to encrypted data. Fortinet has released updates to address the vulnerability. fix. For more information, see:...
Vulnerabilities fixed in SonicWall SMA100 series
Vulnerabilities have been fixed in SonicWall SMA100. The vulnerabilities with the attribute CVE-2021-20038 and CVE-2021-20045 have received a CVSSv3 score of 9.8 and 9.4 and allow an unauthenticated remote malicious person potentially able to execute code execute code on the system. The...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...
Vulnerabilities fixed in FortiOS
Vulnerabilities have been fixed in FortiOS and FortiGate. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution User Rights Acces...
Vulnerability fixed in Huawei CloudEngine
Huawei has fixed a vulnerability in their CloudEngine series of switches. An unauthenticated malicious person on the same network can exploit the vulnerability to cause a denial-of-service cause. Huawei has released updates to fix the vulnerability in CloudEngine. For more information, see:...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab CE/EE. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges Gitlab has made updates available to address the...
Vulnerability fixed in Dell Wyse Device Agent
A vulnerability has been fixed in Dell Wyse Device Agent version 14.5.4.1 and below. A local authenticated user with low privileges could potentially exploit this security vulnerability and gain access to sensitive information. Dell has released updates to fix the vulnerability in Wyse Device...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges The...
Vulnerabilities fixed in IBM Cognos Analytics
IBM has fixed a large number of vulnerabilities in underlying software provided with Cognos Analytics. The vulnerabilities were previously fixed and released by the vendors in question previously fixed and released. IBM has in this update bundled the affected vulnerabilities for Cognos. A malicio...
Vulnerability fixed in Ngnix
F5 has fixed a vulnerability in NGINX. The vulnerability makes it possible to perform a denial-of-service attack by sending corrupt json data. The vulnerability is specifically in the JSON parser of the ModSecurity WAF module of NGINX Plus. F5 has made updates available to fix the vulnerability...
Vulnerability fixed in Zoho ManageEngine Desktop Central
Zoho has fixed a vulnerability in ManageEngine Desktop Central. Desktop Central is a solution used by administrators to remotely manage devices within an organization. manage. The vulnerability makes it possible for a malicious person to bypass authentication and execute arbitrary code. It is goo...
Vulnerability fixed in GNU Mailman
The developers of GNU Mailman have fixed a vulnerability in GNU Mailman. The vulnerability could be exploited by a malicious person abused to perform a Cross-Site Request Forgery XSRF on the administrator page. The developers have released updates to fix the vulnerability fix in GNU Mailman 2.1.3...
Vulnerability fixed in Zoho ManageEngine ADSelfService Plus
Zoho ManageEngine has fixed a vulnerability in ADSelfService Plus. ADSelfService Plus is a self-service password management and single-sign-on solution. The vulnerability allows a malicious remote user the ability to execute arbitrary code. The FBI, CISA and CGCYBER, have issued a joint security...
Vulnerabilities remedied in Dell PowerEdge VRTX and X-Series firmware
Dell has fixed vulnerabilities in VRTX switch module firmware. By exploiting these vulnerabilities, an unauthenticated malicious person remotely retrieve another user's login credentials retrieve another user's login credentials and thereby gain elevated privileges. It is also it is possible to...
Vulnerability fixed in Cryptshare server
A vulnerability has been fixed in the Web App component of Cryptshare server. This vulnerability allows a malicious user of the system to, via an "HTML injection" attack to redirect the recipient of a "confidential" message to an arbitrary web page. The recipient must open such a message message...
Vulnerabilities fixed in IBM Integration Bus
IBM has fixed vulnerabilities in Integration Bus. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights IBM has released updates to fix the...
Vulnerabilities fixed in IBM QRadar
IBM has fixed vulnerabilities in QRadar. The vulnerabilities potentially enable a malicious person to conduct attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data Increased user privileges IBM has made updates available to...
Vulnerability concealed in FortiClient
A vulnerability has been fixed in FortiClient and FortiClient EMS. An insecure search path could allow an attacker to launch a DLL-Hijack attack. Through the exploitation of this vulnerability, an attacker can obtain elevated privileges on the vulnerable system. Fortinet has released updates to f...
Vulnerabilities fixed in IBM MQ
IBM has fixed several vulnerabilities in MQ. A malicious person could potentially exploit the vulnerabilities locally to cause a denial-of-service, gain access to sensitive data or execute arbitrary code under the user's privileges. IBM has released updates to fix the vulnerability. More...
Vulnerabilities fixed in Dell EMC CloudLink
Vulnerabilities have been fixed in Dell EMC CloudLink. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution application rights...
Vulnerability fixed in Trend Micro Antivirus for Mac
Trend Micro has released updated versions of the Trend Micro Antivirus for macOS. Abuse of this vulnerability may result in increased user privileges as a result. Trend Micro has released updates to address the vulnerabilities. fix. More information can be found on the page below:...
Vulnerability fixed in Sophos SG UTM
A SQL injection vulnerability has been fixed in the user portal of Sophos SG UTM. An authenticated user could potentially execute arbitrary code. Sophos has released updates to fix the vulnerabilities. For more information, see: https://www.sophos.com/en-us/security-advisories...
Vulnerabilities fixed in OpenBSD
Two vulnerabilities have been fixed in OpenBSD. The vulnerabilities apply to the kernel and libcrypto. The kernel vulnerability allows a local authorized user able to establish a denial of service on the system. This vulnerability is present in OpenBSD 6.9 and 7.0. The second vulnerability is in...
Vulnerabilities fixed in Zoom products
Two vulnerabilities have been fixed in various Zoom products, including the Zoom Client for Meetings. A malicious party could vulnerabilities potentially exploit them to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights...
Vulnerability fixed in VxWorks
A vulnerability has been fixed in Wind River VxWorks 6.9 and 7. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by sending a specially prepared network packet to the IKE service. Wind River has released updates to fix the vulnerability fix in VxWorks. Fo...
Vulnerabilities fixed in VMware vCenter
VMware has fixed vulnerabilities in vCenter server. A malicious party on the local network, with access to port 443 could exploit the vulnerabilities to gain access to sensitive data. VMware did not release further details. VMWare has released updates to fix the vulnerabilities in vCenter server...
Vulnerabilities fixed in Roundcube Webmail
Roundcube has fixed vulnerabilities in Webmail and Webmail LTS. The vulnerabilities allow a malicious party to launch a cross-site scripting attack, or to perform an SQL injection execute and thus gain access to the data in the underlying database. Roundcube has released updates to address the...
Vulnerabilities fixed in Xen
Xen has released updates to fix vulnerabilities in its hypervisor. Under specific circumstances, a virtualized system "guest" exploit the vulnerabilities to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased...
Vulnerabilities fixed in Red Hat Virtualization
Vulnerabilities have been fixed in Red Hat Virtualization for Red Hat Enterprise Linux 8. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges The...
Vulnerabilities fixed in Dell Wyse Management Suite
Dell has fixed two vulnerabilities in Wyse Management Suite. An unauthenticated malicious person could exploit them to execute arbitrary code on the vulnerable system. Also, through a man-in-the-middle attack to gain access to sensitive data. This update also includes previously fixed...
Vulnerabilities fixed in Wind River Linux
Vulnerabilities have been fixed in Wind River Linux. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote co...
Vulnerabilities fixed in Drupal
Drupal developers have fixed two vulnerabilities in Drupal core. The vulnerabilities are in CKEditor, a library used by Drupal to provide the WYSIWYG editor. An unauthenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attac...
Vulnerabilities fixed in IBM Security SiteProtector System
IBM has fixed two vulnerabilities in SiteProtector. A malicious party can exploit the vulnerabilities to execute arbitrary execute arbitrary JavaScript code in the Web interface to potentially gain access to system data or sensitive data, such as credentials. To do this, the malicious party must...
Fixed vulnerabilities in the BIOS belonging to Intel processors
Intel has fixed two vulnerabilities in the BIOS code of the Pentium, Celeron, Xeon and Core processors. A malicious person with physical access and the authentication to access the BIOS could potentially exploit the vulnerabilities to grant himself elevated privileges and thus potentially execute...
Vulnerability fixed in Ubuntu
Canonical has fixed a vulnerability in Ubuntu. The vulnerability is located in AccountsService. A local malicious party can, by exploiting this vulnerability, gain gain elevated privileges on the vulnerable system. Canonical has made updates available for Ubuntu 20.04 LTS, 21.04 and 21.10 to fix...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has mad...
Vulnerability fixed in Fortinet Fortimanager
Fortinet has fixed a vulnerability in Fortimanager. A authenticated malicious party could potentially abuse it to manipulate VPN tunnels without having the necessary permissions to do so. Fortinet has released updates to fix the vulnerability in Fortimanager 6.4.6 & 7.0.0. For more information,...
Vulnerabilities found in Veritas Enterprise Vault
Vulnerabilities have been found in Veritas Enterprise Vault. A malicious party could potentially exploit the vulnerabilities to run execute arbitrary code on an Enterprise Vault server. To do this, the malicious party must send malicious network traffic to the vulnerable server. To successfully...
Vulnerabilities fixed in IBM MQ
IBM has fixed vulnerabilities in MQ. The vulnerabilities allow a malicious person potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data The vulnerability with attribute CVE-2021-28165 ha...
Vulnerability Fixed in Intel Processors
Intel has fixed a vulnerability in processors from the Pentium, Celeron and Atom families. A malicious person with physical access to the system could exploit the vulnerability to gain access under elevated privileges to gain access to potentially sensitive data and to execute arbitrary code. The...
Vulnerabilities fixed in GNU Mailman
The developers of GNU Mailman have fixed two vulnerabilities fixed in GNU Mailman. The vulnerabilities could be exploited by a malicious person to gain access to the administrator password, or to use a cross-site scripting attack to execute code in the scope of the affected browser. To gain acces...
Vulnerabilities fixed in Zoom
Zoom has fixed several vulnerabilities in the Zoom client and connector. A malicious party could potentially exploit them to cause a denial-of-service, to execute arbitrary code with user privileges, or to gain access to sensitive data. The most serious vulnerability is in the windows client, in...
Vulnerabilities fixed in Siemens Mendix
Siemens fixed vulnerabilities in Mendix. Successful misuse of these vulnerabilities could allow a malicious person to manipulate the manipulate the contents of specific objects. Siemens has released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerabilities fixed in Palo Alto PAN-OS and GlobalProtect
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges...
Vulnerabilities fixed in Kibana
Vulnerabilities have been fixed in Kibana. The vulnerabilities allow a malicious person the opportunity to gain access to system data. Updates have been released to fix the vulnerabilities in Kibana 7.15.2 For more information, see: https://discuss.elastic.co/t/kibana-7-15-2-security-update/28892...
Vulnerability fixed in VMware vCenter and Cloud Foundation
VMware has fixed a vulnerability in vCenter Server and Cloud Foundation. An authenticated malicious party could, by exploiting this vulnerability obtain elevated privileges on the vulnerable system. The vulnerability is located in the Integrated Windows Authentication IWA authentication mechanism...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Adobe has released updates to fix the...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. A malicious party could vulnerabilities potentially exploit them to cause a limited denial-of-service or to obtain elevated permissions. The latter could result in the malicious party gaining administrator privileges within a domain to obtain administrato...