4207 matches found
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Microsoft Office. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code under user privileges or circumvent a security measure to bypass Excel. The vulnerability with reference CVE-2021-42292 has been actively exploited...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in the following products: SAP ABAP Platform Kernel SAP Commerce SAP ERP Financial Accounting SAP ERP HCM Portugal SAP Focused SAP GUI for Windows SAP NetWeaver Application Server for ABAP and ABAP Platform. SAP Solution Manager The vulnerabilities potentially enable...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in Microsoft SQL Server. The vulnerability allows a malicious party to launch Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attack. execute. By combining the two methods, an attacker can execute arbitrary code on the server under the privileges o...
Vulnerabilities found in RPKI validators
Researchers at the University of Twente have found vulnerabilities found in several RPKI validators. RPKI validators are used to validate that a route propagated via BGP originates from an AS that is authorized to distribute this route. propagation. The vulnerabilities make it possible for an...
Vulnerabilities fixed in Citrix ADC, Gateway and SD-WAN WANOP Edition
Citrix has fixed two vulnerabilities in Citrix Application Delivery Controller ADC, Citrix Gateway and Citrix SD-WAN WANOP Edition. The vulnerabilities allow a remote malicious party to able to cause a denial-of-service DoS. The vulnerability with reference CVE-2021-22955 is located in Citrix ADC...
Vulnerabilities fixed in Siemens SIMATIC WINCC
Siemens has fixed vulnerabilities in WinCC. A authenticated malicious person could exploit the vulnerabilities to execute a "Path Traversal" and thus appropriate elevated privileges, read and write arbitrary files and manipulate write and thereby manipulate data and/or gain access gain access to...
Vulnerabilities fixed in Microsoft Azure products
Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities allow a malicious party to gain elevated permissions and to obtain sensitive data. Azure RTOS: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in Draytek VigorConnect
Draytek has fixed a vulnerability in VigorConnect, the management software for Draytek networking equipment. A unauthenticated malicious person could exploit the vulnerability to download arbitrary files from the vulnerable system and thus gather information about the underlying system. The...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows a malicious person to execute arbitrary execute arbitrary code under the application's permissions. The following table summarizes the vulnerability. |----------------|------|-------------------------------------|...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities potentially enable a malicious person to able to launch attacks that result in the following categories of damage: Impersonating another user Executing arbitrary code Administrator/Root privileges Microsoft...
Vulnerabilities fixed in Nucleus NET stack
Forescout researchers have found 13 vulnerabilities in the Siemens Nucleus NET stack. This is a network stack that is used by both Siemens products as well as products from other vendors used. The vulnerabilities have collectively been named "NUCLEUS:13." assigned. The vulnerabilities were found ...
Vulnerabilities fixed in Mirosoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Increased user privileges. Remote code execution User Rights Denial-of-Service DoS. Circumvention of...
Vulnerability fixed in Microsoft Malware Protection Engine
Microsoft has fixed a vulnerability in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. The vulnerabilities allow a malicious person to execute arbitrary code. The following table lists the vulnerabilities...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in Visual Studio and Visual Studio Code. The vulnerabilities allow a malicious person able to execute arbitrary code under the privileges of the user and obtain elevated privileges. Below is a summary of the various vulnerabilities described by compone...
Vulnerabilities fixed in Siemens SCALANCE
Siemens has fixed vulnerabilities in Siemens SCALANCE products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. Siemens is still working on fixes for several SCALANCE products that are vulnerable. For when updates are not yet...
Vulnerability fixed in Cisco Small Business Series Switches
Cisco has fixed a vulnerability in several Small Business Series Switches. The vulnerability allows an unauthenticated malicious person with access to the management interface to obtain obtain administrator privileges. Successful exploitation requires a man-in-the-middle position between the...
Vulnerabilities fixed in Redis
Vulnerabilities have been fixed in Redis. The vulnerabilities allow an unauthenticated malicious person potentially able to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access to...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to perform a denial-of-service DoS execution. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6513681...
Vulnerabilities fixed in HP LaserJet
Vulnerabilities have been fixed in HP Laserjet. The vulnerabilities allow a remote malicious person to cause a denial-of-service and to bypass a security measure. circumvention. HP has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to system data GitLab categorize...
Vulnerabilities hide in Java
Vulnerabilities have been fixed in Java. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Access to system data -=...
Vulnerability fixed in FortiWeb
A vulnerability has been fixed in FortiWeb. The vulnerability allows an unauthenticated malicious person who is in the network of the victim is able to execute arbitrary code by sending a rogue HTTP request. Fortinet made few substantive details available. Fortinet has released updates to fix the...
Vulnerability fixed in FortiClientEMS
A vulnerability has been fixed in FortiClientEMS. The vulnerability allows an authenticated remote malicious person to to execute arbitrary code. Fortinet categorizes this vulnerability according to the CVSSv3 method with a score of 4. Fortinet has released updates to fix the vulnerability. More...
Vulnerability fixed in systemd
A vulnerability has been fixed in systemd. The vulnerability allows a malicious party the opportunity to cause a denial-of-service cause. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE 12. You can install these custom packages using 'YaST'. You can also download t...
Fixed vulnerability in Snow Inventory Agent for Windows
A vulnerability has been fixed in Snow Inventory Agent for Windows. The vulnerability allows a locally authenticated malicious person able to manipulate data. Snow Globe has released updates to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerabilities fixed in Cisco Unified Communications
Vulnerabilities have been fixed in Cisco Unified Communications. The vulnerabilities allow a malicious party to access sensitive data or perform arbitrary actions perform under the privileges of the user being targeted. attack. Cisco has released updates to fix the vulnerabilities. More informati...
Vulnerability fixed in Cisco Email Security Appliance (ESA)
A vulnerability has been fixed in Cisco Email Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. In order to vulnerability, a malicious party must send a rogue e-mail to the appliance. Due to insufficient inp...
Vulnerability fixed in Ansible
A vulnerability has been fixed in Ansible. The vulnerability allows a malicious party to obtain sensitive data. -= Fedora =- Fedora has made updates available for Fedora 34. You can install these updates by using the command 'dnf' or 'yum'. More information about these updates and about possible...
Vulnerabilities fixed in Fedora kernel
Vulnerabilities have been fixed in Fedora kernel. The vulnerabilities allow a malicious person to cause a denial-of-service cause. -= Fedora =- Fedora has made updates available for Fedora 34 and 35. You can install these updates using the command 'dnf' or 'yum'. More information about these...
Vulnerability fixed in Cisco AnyConnect Secure Mobility Client
A vulnerability has been fixed in Cisco AnyConnect Secure Mobility Client. The vulnerability allows a locally authenticated malicious party to obtain elevated privileges. Cisco has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in Cisco Prime Infrastructure
A vulnerability has been fixed in Cisco Prime Infrastructure. The vulnerability is known as a so-called Stored-Cross-Site Scripting and allows a malicious party to execute execute malicious code in the victim's Web browser. Cisco has released updates to fix the vulnerability. More information can...
Vulnerabilities fixed in Cisco Webex
Vulnerabilities have been fixed in Cisco Webex. The vulnerabilities marked CVE-2021-1500 and CVE-2021-40128 allow an unauthenticated remote malicious person able to trick a user to trick a user into opening a rogue Web page. The vulnerability with reference CVE-2021-40115 allows a malicious perso...
Vulnerability fixed in php
A vulnerability has been fixed in php. The vulnerability allows a local malicious party to obtain elevated privileges. PHP developers have released updates to fix the vulnerability. More information can be found at the page below: https://www.php.net/ChangeLog-8.php8.0.12 -= Fedora =- Fedora has...
Vulnerabilities fixed in Red Hat OpenShift
Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Red Hat categorizes these vulnerabilities according to the...
Vulnerability fixed in Linux kernel
A vulnerability has been fixed in Linux kernel. The vulnerability allows a remote malicious person to obtain system data obtain. Updates have been released to fix the vulnerability. More information can be found on the page below: https://github.com/torvalds/linux/commit...
Vulnerability fixed in Red Hat flatpak
Red Hat has fixed a vulnerability in flatpak. The vulnerability allows a malicious person to escape from the flatpak sandbox to escape. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can install these updates using the command 'yum'. More information about...
Vulnerabilities verhopen in Mozilla Firefox
Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing...
Vulnerability fixed in HPE Proliant
Vulnerabilities have been fixed in several HPE Proliant systems. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data HPE has released updates to fix the vulnerability...
Vulnerability fixed in GitLab
A vulnerability was fixed in April 2021 in GitLab Community Edition and GitLab Enterprise Edition. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code to execute. The ExifTool built into GitLab could be exploited by the offering a rogue file to be...
Vulnerability fixed in Tenable Nessus
Tenable has fixed a vulnerability in Nessus. The vulnerability allows a malicious person with limited privileges to to execute certain commands on Nessus Agent hosts. The use of these commands is normally reserved for legitimate system administrators with the required privileges. Tenable did not...
Vulnerabilities fixed in Dell BIOS
Dell has fixed vulnerabilities in the BIOS of, among others. Optiplex, Precision and Wyse systems. The vulnerabilities allow a local, authenticated malicious person to execute arbitrary code into the System Management RAM SMRAM. Normally only a system's firmware can execute code in SMRAM. A...
Vulnerabilities fixed in HP LaserJet printers
Vulnerabilities have been fixed in several HP printers. The vulnerability with the reference CVE-2021-39238 describes a possible buffer overflow. A malicious party could potentially exploit this vulnerability to execute arbitrary code or cause a denial-of-service. The vulnerability with the...
Vulnerability fixed in NetApp ONTAP
A vulnerability has been fixed in NetApp ONTAP. The vulnerability allows a malicious party to cause a denial-of-service cause with respect to the HTTP server in ONTAP. NetApp categorizes this vulnerability according to the CVSSv3 method with a score of 5.3. NetApp has released updates to fix the...
Vulnerabilities fixed in McAfee Data Loss Prevention
McAfee has fixed vulnerabilities in the Data Loss Prevention extension for ePolicy Orchestrator. An authenticated malicious party could exploit the vulnerabilities to perform of an SQL injection or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in t...
Vulnerabilities fixed in Python
Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Access to sensitive data Increased user...
Vulnerabilities related to Unicode fixed
Researchers from the universities of Cambridge and Edinburgh have developed developed attack methods for compromising open-source software. This involves the abuse of Unicode control characters. By placing control characters in the source code at tactical places in tactical places, source code is...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in Red Hat's kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data Increased user privileges -= Red Hat =- Red Ha...
Vulnerabilities fixed in Wind River Linux
Vulnerabilities have been fixed in Wind River Linux. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in Jira. The vulnerability allows an authenticated remote malicious person to opportunity to bypass a security measure. Atlassian categorizes this vulnerability according to the CVSSv3 method with a score of 4.3. Atlassian has released updates to address the...