4179 matches found
Vulnerabilities fixed in VMware vCenter
VMware has fixed vulnerabilities in vCenter server. A malicious party on the local network, with access to port 443 could exploit the vulnerabilities to gain access to sensitive data. VMware did not release further details. VMWare has released updates to fix the vulnerabilities in vCenter server...
Vulnerabilities fixed in Xen
Xen has released updates to fix vulnerabilities in its hypervisor. Under specific circumstances, a virtualized system "guest" exploit the vulnerabilities to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased...
Vulnerabilities fixed in Dell Wyse Management Suite
Dell has fixed two vulnerabilities in Wyse Management Suite. An unauthenticated malicious person could exploit them to execute arbitrary code on the vulnerable system. Also, through a man-in-the-middle attack to gain access to sensitive data. This update also includes previously fixed...
Vulnerabilities fixed in Red Hat Virtualization
Vulnerabilities have been fixed in Red Hat Virtualization for Red Hat Enterprise Linux 8. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges The...
Vulnerabilities fixed in Wind River Linux
Vulnerabilities have been fixed in Wind River Linux. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote co...
Vulnerabilities fixed in Drupal
Drupal developers have fixed two vulnerabilities in Drupal core. The vulnerabilities are in CKEditor, a library used by Drupal to provide the WYSIWYG editor. An unauthenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attac...
Fixed vulnerabilities in the BIOS belonging to Intel processors
Intel has fixed two vulnerabilities in the BIOS code of the Pentium, Celeron, Xeon and Core processors. A malicious person with physical access and the authentication to access the BIOS could potentially exploit the vulnerabilities to grant himself elevated privileges and thus potentially execute...
Vulnerabilities fixed in IBM Security SiteProtector System
IBM has fixed two vulnerabilities in SiteProtector. A malicious party can exploit the vulnerabilities to execute arbitrary execute arbitrary JavaScript code in the Web interface to potentially gain access to system data or sensitive data, such as credentials. To do this, the malicious party must...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has mad...
Vulnerability fixed in Ubuntu
Canonical has fixed a vulnerability in Ubuntu. The vulnerability is located in AccountsService. A local malicious party can, by exploiting this vulnerability, gain gain elevated privileges on the vulnerable system. Canonical has made updates available for Ubuntu 20.04 LTS, 21.04 and 21.10 to fix...
Vulnerability fixed in Fortinet Fortimanager
Fortinet has fixed a vulnerability in Fortimanager. A authenticated malicious party could potentially abuse it to manipulate VPN tunnels without having the necessary permissions to do so. Fortinet has released updates to fix the vulnerability in Fortimanager 6.4.6 & 7.0.0. For more information,...
Vulnerability Fixed in Intel Processors
Intel has fixed a vulnerability in processors from the Pentium, Celeron and Atom families. A malicious person with physical access to the system could exploit the vulnerability to gain access under elevated privileges to gain access to potentially sensitive data and to execute arbitrary code. The...
Vulnerabilities fixed in IBM MQ
IBM has fixed vulnerabilities in MQ. The vulnerabilities allow a malicious person potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data The vulnerability with attribute CVE-2021-28165 ha...
Vulnerabilities found in Veritas Enterprise Vault
Vulnerabilities have been found in Veritas Enterprise Vault. A malicious party could potentially exploit the vulnerabilities to run execute arbitrary code on an Enterprise Vault server. To do this, the malicious party must send malicious network traffic to the vulnerable server. To successfully...
Vulnerabilities fixed in Zoom
Zoom has fixed several vulnerabilities in the Zoom client and connector. A malicious party could potentially exploit them to cause a denial-of-service, to execute arbitrary code with user privileges, or to gain access to sensitive data. The most serious vulnerability is in the windows client, in...
Vulnerabilities fixed in GNU Mailman
The developers of GNU Mailman have fixed two vulnerabilities fixed in GNU Mailman. The vulnerabilities could be exploited by a malicious person to gain access to the administrator password, or to use a cross-site scripting attack to execute code in the scope of the affected browser. To gain acces...
Vulnerabilities fixed in Siemens Mendix
Siemens fixed vulnerabilities in Mendix. Successful misuse of these vulnerabilities could allow a malicious person to manipulate the manipulate the contents of specific objects. Siemens has released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerabilities fixed in Palo Alto PAN-OS and GlobalProtect
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges...
Vulnerabilities fixed in Kibana
Vulnerabilities have been fixed in Kibana. The vulnerabilities allow a malicious person the opportunity to gain access to system data. Updates have been released to fix the vulnerabilities in Kibana 7.15.2 For more information, see: https://discuss.elastic.co/t/kibana-7-15-2-security-update/28892...
Vulnerability fixed in VMware vCenter and Cloud Foundation
VMware has fixed a vulnerability in vCenter Server and Cloud Foundation. An authenticated malicious party could, by exploiting this vulnerability obtain elevated privileges on the vulnerable system. The vulnerability is located in the Integrated Windows Authentication IWA authentication mechanism...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Adobe has released updates to fix the...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. A malicious party could vulnerabilities potentially exploit them to cause a limited denial-of-service or to obtain elevated permissions. The latter could result in the malicious party gaining administrator privileges within a domain to obtain administrato...
Vulnerability fixed in Microsoft Malware Protection Engine
Microsoft has fixed a vulnerability in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. The vulnerabilities allow a malicious person to execute arbitrary code. The following table lists the vulnerabilities...
Vulnerabilities fixed in Nucleus NET stack
Forescout researchers have found 13 vulnerabilities in the Siemens Nucleus NET stack. This is a network stack that is used by both Siemens products as well as products from other vendors used. The vulnerabilities have collectively been named "NUCLEUS:13." assigned. The vulnerabilities were found ...
Vulnerabilities fixed in Mirosoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Increased user privileges. Remote code execution User Rights Denial-of-Service DoS. Circumvention of...
Vulnerabilities fixed in Siemens SCALANCE
Siemens has fixed vulnerabilities in Siemens SCALANCE products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. Siemens is still working on fixes for several SCALANCE products that are vulnerable. For when updates are not yet...
Vulnerabilities found in RPKI validators
Researchers at the University of Twente have found vulnerabilities found in several RPKI validators. RPKI validators are used to validate that a route propagated via BGP originates from an AS that is authorized to distribute this route. propagation. The vulnerabilities make it possible for an...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities potentially enable a malicious person to able to launch attacks that result in the following categories of damage: Impersonating another user Executing arbitrary code Administrator/Root privileges Microsoft...
Vulnerabilities fixed in Microsoft Azure products
Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities allow a malicious party to gain elevated permissions and to obtain sensitive data. Azure RTOS: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows a malicious person to execute arbitrary execute arbitrary code under the application's permissions. The following table summarizes the vulnerability. |----------------|------|-------------------------------------|...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in the following products: SAP ABAP Platform Kernel SAP Commerce SAP ERP Financial Accounting SAP ERP HCM Portugal SAP Focused SAP GUI for Windows SAP NetWeaver Application Server for ABAP and ABAP Platform. SAP Solution Manager The vulnerabilities potentially enable...
Vulnerabilities fixed in Citrix ADC, Gateway and SD-WAN WANOP Edition
Citrix has fixed two vulnerabilities in Citrix Application Delivery Controller ADC, Citrix Gateway and Citrix SD-WAN WANOP Edition. The vulnerabilities allow a remote malicious party to able to cause a denial-of-service DoS. The vulnerability with reference CVE-2021-22955 is located in Citrix ADC...
Vulnerability fixed in Draytek VigorConnect
Draytek has fixed a vulnerability in VigorConnect, the management software for Draytek networking equipment. A unauthenticated malicious person could exploit the vulnerability to download arbitrary files from the vulnerable system and thus gather information about the underlying system. The...
Vulnerabilities fixed in Siemens SIMATIC WINCC
Siemens has fixed vulnerabilities in WinCC. A authenticated malicious person could exploit the vulnerabilities to execute a "Path Traversal" and thus appropriate elevated privileges, read and write arbitrary files and manipulate write and thereby manipulate data and/or gain access gain access to...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in Visual Studio and Visual Studio Code. The vulnerabilities allow a malicious person able to execute arbitrary code under the privileges of the user and obtain elevated privileges. Below is a summary of the various vulnerabilities described by compone...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in Microsoft SQL Server. The vulnerability allows a malicious party to launch Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attack. execute. By combining the two methods, an attacker can execute arbitrary code on the server under the privileges o...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Microsoft Office. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code under user privileges or circumvent a security measure to bypass Excel. The vulnerability with reference CVE-2021-42292 has been actively exploited...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to perform a denial-of-service DoS execution. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6513681...
Vulnerabilities fixed in Redis
Vulnerabilities have been fixed in Redis. The vulnerabilities allow an unauthenticated malicious person potentially able to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access to...
Vulnerability fixed in Cisco Small Business Series Switches
Cisco has fixed a vulnerability in several Small Business Series Switches. The vulnerability allows an unauthenticated malicious person with access to the management interface to obtain obtain administrator privileges. Successful exploitation requires a man-in-the-middle position between the...
Vulnerabilities fixed in HP LaserJet
Vulnerabilities have been fixed in HP Laserjet. The vulnerabilities allow a remote malicious person to cause a denial-of-service and to bypass a security measure. circumvention. HP has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in FortiWeb
A vulnerability has been fixed in FortiWeb. The vulnerability allows an unauthenticated malicious person who is in the network of the victim is able to execute arbitrary code by sending a rogue HTTP request. Fortinet made few substantive details available. Fortinet has released updates to fix the...
Vulnerability fixed in systemd
A vulnerability has been fixed in systemd. The vulnerability allows a malicious party the opportunity to cause a denial-of-service cause. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE 12. You can install these custom packages using 'YaST'. You can also download t...
Vulnerability fixed in FortiClientEMS
A vulnerability has been fixed in FortiClientEMS. The vulnerability allows an authenticated remote malicious person to to execute arbitrary code. Fortinet categorizes this vulnerability according to the CVSSv3 method with a score of 4. Fortinet has released updates to fix the vulnerability. More...
Vulnerabilities hide in Java
Vulnerabilities have been fixed in Java. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Access to system data -=...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to system data GitLab categorize...
Vulnerability fixed in Cisco Email Security Appliance (ESA)
A vulnerability has been fixed in Cisco Email Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. In order to vulnerability, a malicious party must send a rogue e-mail to the appliance. Due to insufficient inp...
Vulnerabilities fixed in Cisco Unified Communications
Vulnerabilities have been fixed in Cisco Unified Communications. The vulnerabilities allow a malicious party to access sensitive data or perform arbitrary actions perform under the privileges of the user being targeted. attack. Cisco has released updates to fix the vulnerabilities. More informati...
Fixed vulnerability in Snow Inventory Agent for Windows
A vulnerability has been fixed in Snow Inventory Agent for Windows. The vulnerability allows a locally authenticated malicious person able to manipulate data. Snow Globe has released updates to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerability fixed in Cisco Prime Infrastructure
A vulnerability has been fixed in Cisco Prime Infrastructure. The vulnerability is known as a so-called Stored-Cross-Site Scripting and allows a malicious party to execute execute malicious code in the victim's Web browser. Cisco has released updates to fix the vulnerability. More information can...