4207 matches found
Vulnerability fixed in HPE iLO
HPE has fixed a vulnerability in iLO Amplifier Pack. HPE iLO Amplifier Pack is an applicance that allows HPE iLO systems to be be managed. The vulnerability allows a malicious party to opportunity to execute arbitrary code on the HPE iLO Amplifier Pack. HPE recommends that after updating the HPE...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. Google has not published substantive...
Vulnerability fixed in BIND
ISC has fixed a vulnerability in BIND. A unauthenticated remote malicious person could exploit it to significantly affect the performance of a BIND DNS server. impact. Abuse results in it taking longer before a client receives a response from the DNS server and also increases additionally increas...
Vulnerabilities fixed in Juniper Junos OS
Vulnerabilities have been fixed in Junos OS and Junos OS Evolved. The vulnerabilities allow an authenticated malicious person to obtain elevated privileges. These privileges can then be exploited to perform a denial-of-service Dos attack or executing code under root. These attacks are seen as...
Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA)
Cisco has fixed several vulnerabilities in Cisco Adaptive Security Appliance ASA. A malicious party could exploited to bypass implemented security measures, thereby thereby bypassing the functionality of the ASA, or to cause a denial-of-service attack. To exploit the vulnerabilities, the maliciou...
Vulnerabilities fixed in Mailman
Several vulnerabilities have been fixed in Mailman, a web-based mailing list manager, that can be exploited to perform a cross-site request forgery CSRF attack. A malicious party can exploit these vulnerabilities to obtain elevated privileges or gain access to application data. -= Debian =- Debia...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must tri...
Vulnerabilities fixed in Adobe Premiere Elements
Adobe has fixed vulnerabilities in Adobe Premiere Elements. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this mu...
Vulnerability fixed in Adobe Lightroom
Adobe has fixed a vulnerability in Adobe Lightroom. A malicious person with access to the file system could exploit the exploit the vulnerability to obtain elevated privileges. To do so, the malicious party must entice a user with elevated privileges coax a rogue file to open. Adobe did not relea...
Vulnerabilities fixed in Adobe Photoshop
Adobe has fixed three vulnerabilities in Adobe Photoshop. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, or execute arbitrary code on the system under the application's permissions. The malicious must do this to trick the victim into opening a rogue...
Vulnerabilities fixed in Apple macOS
Apple has fixed a large number of vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...
Vulnerabilities fixed in Adobe Media Encoder
Adobe has fixed vulnerabilities in Adobe Media Encoder. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must trick th...
Vulnerabilities fixed in Nagios XI
Nagios has fixed vulnerabilities in Nagios XI. The vulnerabilities allow an authenticated malicious person to perform perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User rights SQL...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution...
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed vulnerabilities in Adobe Bridge. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under application privileges. The malicious party to do this must trick the vict...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed three vulnerabilities in Adobe Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must tric...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in After Effects. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must trick the vict...
Vulnerability fixed in Juniper Junos OS
Juniper has fixed a vulnerability in Junos OS on the QFX5000 Series. The vulnerability results in potentially sensitive system information, including kernel versions, being leaked in communication between the routing engine and the packet forwarding engine. A malicious person with access to the...
Vulnerability fixed in Discourse
A vulnerability has been fixed in Discourse. A unauthenticated remote malicious person could potentially potentially exploit it to execute arbitrary code under the rights of the application. To do so, malicious network traffic should be be sent to the /webhooks/aws endpoint. The vulnerability is...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities potentially allow a remote malicious party to launch an HTTP request smuggling attack. Such an attack could lead to unauthorized access to systems. Possible consequential damages may include gaining access to information or performin...
Multiple vulnerabilities fixed in McAfee ePolicy Orchestrator
McAfee has fixed multiple vulnerabilities in McAfee ePolicy Orchestrator. The vulnerabilities allow a malicious party whether or not unauthenticated malicious person may be able to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in ESET products
ESET has fixed a vulnerability in its consumer and business products for macOS. A user who is logged in can stop the ESET daemon, which disables protection disabled until the system is restarted. ESET has released updates to fix the vulnerabilities. For more information, see:...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed two vulnerabilities in Jira Server. A unauthenticated remote malicious person could exploit them to perform a Cross-Site-Request-Forgery attack XSRF or to gain direct gain unauthorized access to the JQL query component. Both attack methods lead to obtaining sensitive data...
Vulnerability fixed in Pulse Connect Secure
A vulnerability has been fixed in Pulse Connect Secure. A unauthenticated administrator could potentially exploit it to cause a denial-of-service. Pulse Secure has released updates and a workaround to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in Ubuntu kernel
Vulnerabilities have been fixed in the Ubuntu Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Access to sensitive data Increased...
Vulnerabilities fixed in Microsoft Edge
Several vulnerabilities have been fixed in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities exploit them to execute external code, bypass security measures and obtain sensitive information. Microsoft has made updates available that fix the described vulnerabilities...
Vulnerability fixed in Cisco IOS XR
A vulnerability has been found in Cisco IOS XR. The vulnerability is located specifically in the DHCP functionality. It allows an unauthenticated remote malicious person able to stop the DHCP daemon process. While this process is running it is temporarily not possible to obtain a new DHCP lease...
Vulnerabilities fixed in Cisco Identity Services Engine (ISE).
A vulnerability has been fixed in Cisco Identity Services Engine ISE. The vulnerability allows an unauthenticated malicious person able to execute arbitrary code under privileges of the application. To do this, the malicious party must trick the victim into upload a malicious file in the browser...
Vulnerabilities fixed in SolarWinds products
Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Increased user privileges SolarWinds has released updates...
Vulnerability fixed in Cisco Meeting Server
A vulnerability has been fixed in Cisco Meeting Server. The vulnerability has been labeled CVE-2021-40122 and allows an unauthenticated remote malicious party to cause a Denial-of-Service DoS attack. By sending a large amount of messages to the vulnerable API Call Bridge, a malicious party can...
Vulnerabilities fixed in Oracle Essbase
Oracle has fixed vulnerabilities in Hyperion Essbase Administration Services. The vulnerabilities allow a malicious potentially be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in the following Oracle Fusion Middleware products: HTTP Server BAM Business Activity Monitoring WebCenter Portal Business Intelligence Enterprise Edition Real-Time Decision Server Data Integrator Outside In Technology WebLogic Server Enterprise Repository...
Vulnerabilities fixed in Nitro Pro PDF
Vulnerabilities have been fixed in Nitro Pro PDF. The vulnerabilities allow an unauthenticated remote malicious person to opportunity to execute arbitrary code under the privileges of the application. To do this, the malicious agent must trick the victim to open a malicious file. Nitro Software...
Vulnerability fixed in Huawei S5700 switch series
Huawei has fixed a vulnerability in its S5700 switch series. A remote malicious person could exploit the vulnerability to cause a denial-of-service attack. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Google Chrome
Google has released version 95.0.4638.54 of Chrome for Windows, MacoOS and Linux. A malicious party could potentially exploit them to cause a Denial-of-Service, or for executing arbitrary code in the context of the browser. Google has released updates to fix the vulnerabilities in Chrome...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in the following JD Edwards products: JD Edwards EnterpriseOne Tools JD Edwards World Security JD Edwards EnterpriseOne Orchestrator The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...
Vulnerabilities fixed in Oracle Java SE and GraalVM
Oracle has fixed vulnerabilities in Java SE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Circumvention of security measure. Denial-of-Service DoS. Remote code execution User Rights Acces...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in the following products: Operations Intelligence Applications Manager Payables Incentive Compensation Mobile Field Service Trade Management Universal Work Queue Shipping Execution Sales Offline Content Manager Applications Framework Web Analytics Deal Management...
Vulnerabilities fixed in Oracle Communications products
Oracle has fixed vulnerabilities in the following Communications products: Communications Services Gatekeeper Communications Converged Application Server - Service Controller Communications Session Border Controller Enterprise Communications Broker Communications Operations Monitor Communications...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in the following products: Enterprise Manager for Oracle Database Enterprise Manager Base Platform Application Testing Suite APM - Application Performance Management Enterprise Manager Ops Center The vulnerabilities potentially enable a malicious party to execute...
Vulnerabilities fixed in Oracle Systems Solaris, ZFS Storage Appliance Kit and Ethernet switches
Oracle has fixed vulnerabilities in Solaris, ZFS Storage Appliance Kit and ES2-64 and ES2-72 switches. The vulnerabilities potentially enable a malicious party to launch attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following MySQL products: MySQL Workbench MySQL Server MySQL Cluster MySQL Enterprise Monitor MySQL Connectors The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service D...
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in the following products: Financial Services Analytical Applications Infrastructure FLEXCUBE Core Banking Banking Platform Banking Enterprise Default Management Banking Virtual Account Management Financial Services Enterprise Case Management Banking Corporate...
Vulnerabilities fixed in Oracle Supply Chain Suite products
Oracle has fixed vulnerabilities in the following Supply Chain Suite products: Transportation Management Autovue for Agile Product Lifecycle Management Agile PLM Framework The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Spatial and Graph Application Express APEX Engineered Systems Utilities The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...
Vulnerabilities fixed in Oracle Virtualization products
Oracle has fixed vulnerabilities in Secure Global Desktop and VirtualBox. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Gain access to VM Accessing sensitive data Accessing system data...
Vulnerabilities fixed in Oracle Communications Applications
Oracle has fixed vulnerabilities in the following Communications Applications products: Communications Billing and Revenue Management Communications MetaSolv Solution Communications Offline Mediation Controller Communications Design Studio Communications Calendar Server Communications Messaging...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denail-Of-Service DOS. Remote code execution User Rights Provide elevated privileges Accessing sensitive data...
Vulnerabilities fixed in Oracle Peoplesoft products
Oracle has fixed vulnerabilities in the following PeopleSoft products: PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise CS SA Integration Pack PeopleSoft Enterprise SCM Purchasing PeopleSoft Enterprise CS Academic Advisement PeopleSoft Enterprise CS Student Records. PeopleSoft Enterpris...
Vulnerability fixed in OTRS
A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. OTRS uses the deprecated npm module "resolve-url-loader" which is depends on the module "postcs" and is vulnerable to the ReDoS attack. OTRS has...