4179 matches found
Vulnerability fixed in Cisco AnyConnect Secure Mobility Client
A vulnerability has been fixed in Cisco AnyConnect Secure Mobility Client. The vulnerability allows a locally authenticated malicious party to obtain elevated privileges. Cisco has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Cisco Webex
Vulnerabilities have been fixed in Cisco Webex. The vulnerabilities marked CVE-2021-1500 and CVE-2021-40128 allow an unauthenticated remote malicious person able to trick a user to trick a user into opening a rogue Web page. The vulnerability with reference CVE-2021-40115 allows a malicious perso...
Vulnerability fixed in Ansible
A vulnerability has been fixed in Ansible. The vulnerability allows a malicious party to obtain sensitive data. -= Fedora =- Fedora has made updates available for Fedora 34. You can install these updates by using the command 'dnf' or 'yum'. More information about these updates and about possible...
Vulnerabilities fixed in Fedora kernel
Vulnerabilities have been fixed in Fedora kernel. The vulnerabilities allow a malicious person to cause a denial-of-service cause. -= Fedora =- Fedora has made updates available for Fedora 34 and 35. You can install these updates using the command 'dnf' or 'yum'. More information about these...
Vulnerability fixed in php
A vulnerability has been fixed in php. The vulnerability allows a local malicious party to obtain elevated privileges. PHP developers have released updates to fix the vulnerability. More information can be found at the page below: https://www.php.net/ChangeLog-8.php8.0.12 -= Fedora =- Fedora has...
Vulnerability fixed in HPE Proliant
Vulnerabilities have been fixed in several HPE Proliant systems. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data HPE has released updates to fix the vulnerability...
Vulnerability fixed in Red Hat flatpak
Red Hat has fixed a vulnerability in flatpak. The vulnerability allows a malicious person to escape from the flatpak sandbox to escape. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can install these updates using the command 'yum'. More information about...
Vulnerabilities fixed in Red Hat OpenShift
Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Red Hat categorizes these vulnerabilities according to the...
Vulnerability fixed in Linux kernel
A vulnerability has been fixed in Linux kernel. The vulnerability allows a remote malicious person to obtain system data obtain. Updates have been released to fix the vulnerability. More information can be found on the page below: https://github.com/torvalds/linux/commit...
Vulnerabilities verhopen in Mozilla Firefox
Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing...
Vulnerability fixed in NetApp ONTAP
A vulnerability has been fixed in NetApp ONTAP. The vulnerability allows a malicious party to cause a denial-of-service cause with respect to the HTTP server in ONTAP. NetApp categorizes this vulnerability according to the CVSSv3 method with a score of 5.3. NetApp has released updates to fix the...
Vulnerabilities fixed in McAfee Data Loss Prevention
McAfee has fixed vulnerabilities in the Data Loss Prevention extension for ePolicy Orchestrator. An authenticated malicious party could exploit the vulnerabilities to perform of an SQL injection or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in t...
Vulnerabilities fixed in Python
Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...
Vulnerabilities fixed in Dell BIOS
Dell has fixed vulnerabilities in the BIOS of, among others. Optiplex, Precision and Wyse systems. The vulnerabilities allow a local, authenticated malicious person to execute arbitrary code into the System Management RAM SMRAM. Normally only a system's firmware can execute code in SMRAM. A...
Vulnerability fixed in Tenable Nessus
Tenable has fixed a vulnerability in Nessus. The vulnerability allows a malicious person with limited privileges to to execute certain commands on Nessus Agent hosts. The use of these commands is normally reserved for legitimate system administrators with the required privileges. Tenable did not...
Vulnerabilities related to Unicode fixed
Researchers from the universities of Cambridge and Edinburgh have developed developed attack methods for compromising open-source software. This involves the abuse of Unicode control characters. By placing control characters in the source code at tactical places in tactical places, source code is...
Vulnerabilities fixed in HP LaserJet printers
Vulnerabilities have been fixed in several HP printers. The vulnerability with the reference CVE-2021-39238 describes a possible buffer overflow. A malicious party could potentially exploit this vulnerability to execute arbitrary code or cause a denial-of-service. The vulnerability with the...
Vulnerability fixed in GitLab
A vulnerability was fixed in April 2021 in GitLab Community Edition and GitLab Enterprise Edition. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code to execute. The ExifTool built into GitLab could be exploited by the offering a rogue file to be...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in Red Hat's kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data Increased user privileges -= Red Hat =- Red Ha...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Access to sensitive data Increased user...
Vulnerabilities fixed in Wind River Linux
Vulnerabilities have been fixed in Wind River Linux. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerability fixed in HPE iLO
HPE has fixed a vulnerability in iLO Amplifier Pack. HPE iLO Amplifier Pack is an applicance that allows HPE iLO systems to be be managed. The vulnerability allows a malicious party to opportunity to execute arbitrary code on the HPE iLO Amplifier Pack. HPE recommends that after updating the HPE...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in Jira. The vulnerability allows an authenticated remote malicious person to opportunity to bypass a security measure. Atlassian categorizes this vulnerability according to the CVSSv3 method with a score of 4.3. Atlassian has released updates to address the...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. Google has not published substantive...
Vulnerabilities fixed in Juniper Junos OS
Vulnerabilities have been fixed in Junos OS and Junos OS Evolved. The vulnerabilities allow an authenticated malicious person to obtain elevated privileges. These privileges can then be exploited to perform a denial-of-service Dos attack or executing code under root. These attacks are seen as...
Vulnerability fixed in BIND
ISC has fixed a vulnerability in BIND. A unauthenticated remote malicious person could exploit it to significantly affect the performance of a BIND DNS server. impact. Abuse results in it taking longer before a client receives a response from the DNS server and also increases additionally increas...
Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA)
Cisco has fixed several vulnerabilities in Cisco Adaptive Security Appliance ASA. A malicious party could exploited to bypass implemented security measures, thereby thereby bypassing the functionality of the ASA, or to cause a denial-of-service attack. To exploit the vulnerabilities, the maliciou...
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed vulnerabilities in Adobe Bridge. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under application privileges. The malicious party to do this must trick the vict...
Vulnerabilities fixed in Apple macOS
Apple has fixed a large number of vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...
Vulnerabilities fixed in Adobe Media Encoder
Adobe has fixed vulnerabilities in Adobe Media Encoder. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must trick th...
Vulnerabilities fixed in Adobe Premiere Elements
Adobe has fixed vulnerabilities in Adobe Premiere Elements. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this mu...
Vulnerability fixed in Adobe Lightroom
Adobe has fixed a vulnerability in Adobe Lightroom. A malicious person with access to the file system could exploit the exploit the vulnerability to obtain elevated privileges. To do so, the malicious party must entice a user with elevated privileges coax a rogue file to open. Adobe did not relea...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must tri...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed three vulnerabilities in Adobe Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must tric...
Vulnerabilities fixed in Adobe Photoshop
Adobe has fixed three vulnerabilities in Adobe Photoshop. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, or execute arbitrary code on the system under the application's permissions. The malicious must do this to trick the victim into opening a rogue...
Vulnerabilities fixed in Nagios XI
Nagios has fixed vulnerabilities in Nagios XI. The vulnerabilities allow an authenticated malicious person to perform perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User rights SQL...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in After Effects. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must trick the vict...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution...
Vulnerabilities fixed in Mailman
Several vulnerabilities have been fixed in Mailman, a web-based mailing list manager, that can be exploited to perform a cross-site request forgery CSRF attack. A malicious party can exploit these vulnerabilities to obtain elevated privileges or gain access to application data. -= Debian =- Debia...
Vulnerability fixed in Juniper Junos OS
Juniper has fixed a vulnerability in Junos OS on the QFX5000 Series. The vulnerability results in potentially sensitive system information, including kernel versions, being leaked in communication between the routing engine and the packet forwarding engine. A malicious person with access to the...
Vulnerability fixed in Discourse
A vulnerability has been fixed in Discourse. A unauthenticated remote malicious person could potentially potentially exploit it to execute arbitrary code under the rights of the application. To do so, malicious network traffic should be be sent to the /webhooks/aws endpoint. The vulnerability is...
Multiple vulnerabilities fixed in McAfee ePolicy Orchestrator
McAfee has fixed multiple vulnerabilities in McAfee ePolicy Orchestrator. The vulnerabilities allow a malicious party whether or not unauthenticated malicious person may be able to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities potentially allow a remote malicious party to launch an HTTP request smuggling attack. Such an attack could lead to unauthorized access to systems. Possible consequential damages may include gaining access to information or performin...
Vulnerabilities fixed in ESET products
ESET has fixed a vulnerability in its consumer and business products for macOS. A user who is logged in can stop the ESET daemon, which disables protection disabled until the system is restarted. ESET has released updates to fix the vulnerabilities. For more information, see:...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed two vulnerabilities in Jira Server. A unauthenticated remote malicious person could exploit them to perform a Cross-Site-Request-Forgery attack XSRF or to gain direct gain unauthorized access to the JQL query component. Both attack methods lead to obtaining sensitive data...
Vulnerabilities fixed in Ubuntu kernel
Vulnerabilities have been fixed in the Ubuntu Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Access to sensitive data Increased...
Vulnerabilities fixed in Microsoft Edge
Several vulnerabilities have been fixed in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities exploit them to execute external code, bypass security measures and obtain sensitive information. Microsoft has made updates available that fix the described vulnerabilities...
Vulnerability fixed in Pulse Connect Secure
A vulnerability has been fixed in Pulse Connect Secure. A unauthenticated administrator could potentially exploit it to cause a denial-of-service. Pulse Secure has released updates and a workaround to fix the vulnerability. For more information, see:...
Vulnerability fixed in Cisco IOS XR
A vulnerability has been found in Cisco IOS XR. The vulnerability is located specifically in the DHCP functionality. It allows an unauthenticated remote malicious person able to stop the DHCP daemon process. While this process is running it is temporarily not possible to obtain a new DHCP lease...
Vulnerabilities fixed in SolarWinds products
Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Increased user privileges SolarWinds has released updates...