4207 matches found
Vulnerabilities fixed in Trend Micro Apex One
Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service or execute arbitrary code with SYSTEM privileges. Trend Micro has released updates to address the vulnerabilities fixes in Apex One. For more...
Vulnerability fixed in Palo Alto Networks GlobalProtect
A vulnerability has been fixed in Palo Alto Networks GlobalProtect app. A malicious party could potentially exploit it to perform a man-in-the-middle attack or to execute execute arbitrary code under SYSTEM privileges. Palo Alto Networks has released updates to fix the vulnerability fix in...
Vulnerabilities fixed in Foxit products
Vulnerabilities have been fixed in Foxit products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Foxit has released updates to fix the vulnerabilitie...
Vulnerabilities fixed in Oracle Linux kernel
Vulnerabilities have been fixed in the Oracle Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user privileges...
Vulnerabilities fixed in IBM Cognos
IBM has fixed vulnerabilities in Cognos. The vulnerabilities allow a remote malicious person to manipulate data manipulate. To do so, the malicious party must induce the victim to run rogue Java Web Start applications or rogue Java applets. execute. IBM has released updates to fix the...
Vulnerabilities fixed in Juniper Junos OS
Vulnerabilities have been fixed in Juniper Junos OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Increased user rights Juniper...
Vulnerabilities fixed in Acrobat Reader
Acrobat has fixed vulnerabilities in Acrobat Reader. A unauthenticated malicious person could potentially abuse them to obtain elevated privileges or to execute arbitrary code with application privileges. To exploit the vulnerabilities, the malicious party must entice the victim to open a rogue P...
Vulnerability fixed in Acrobat Reader Mobile
Adobe has fixed a vulnerability in Acrobat Reader Mobile for Android. A remote malicious person could potentially exploit it to execute arbitrary code with permissions from the user. The malicious party must trick the victim into opening a rogue PDF document to open. Adobe has released updates to...
Vulnerability fixed in SonicOS
SonicWall has fixed a vulnerability in SonicOS. A malicious party could potentially exploit the vulnerability to send a user on the vulnerable SonicWall system via a header redirection to a rogue website under the control of the malicious party's control. However, the rogue website and the...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed two vulnerabilities in Adobe Connect. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to execute arbitrary code with permissions of the application. Adobe has released updates to fix the vulnerabilities in Connect 11.2.3. For mo...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Vulnerabilities have been fixed in Aruba ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Bypassing authentication. Bypassing security measure Remote code execution Administrator/Root...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Microsoft Dynamics. The vulnerabilities allow a malicious party to launch a Cross-Site Scripting attack and the malicious party can then impersonate then impersonate another user. Microsoft indicates That for the vulnerability with attribute CVE-2021-40457...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Access to system...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows and Hyper-V. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of securit...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution User Rights Spoofing Access to sensitive data The vulnerability with reference...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities potentially enable a malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Impersonating another user Executing arbitrary code Administrator/Root...
Vulnerability fixed in Apple iOS and iPadOS
Apple has fixed a vulnerability in iOS and iPadOS. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with kernel privileges and thus access gain access to sensitive information or possibly install more malware install. Apple reports receiving reports...
Vulnerability fixed in Microsoft System Center Operations Manager
Microsoft has fixed a vulnerability in System Center Operations Manager SCOM. The vulnerability allows a malicious remotely able to view files. The vulnerability is only exploitable on SCOM systems that have the web console installed. System Center:...
Vulnerability fixed in Grafana Enterprise
A vulnerability has been fixed in the Snapshot functionality of Grafana. A malicious party could exploit the vulnerability to obtain sensitive information that should not have been shared with them should have been shared. Under certain circumstances, when "publicmode" is configured, an...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Microsoft Visual Studio. The vulnerabilities allow a malicious person to perform attacks execute attacks that result in the following categories of damage: Access to sensitive data. Spoofing, Denial-of-Service DoS The vulnerabilities with characteristics...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Circumvention of authentication Remote code executio...
Vulnerability fixed in Huawei CloudEngine
Huawei has fixed a vulnerability in their CloudEngine series of switches. An unauthenticated malicious person on the same network could exploit the vulnerability to cause a denial-of-service cause. Huawei has released updates to fix the vulnerability in CloudEngine. For more information, see:...
Vulnerabilities fixed in IBM FileNet Content manager
IBM has fixed two vulnerabilities in the PDFBox module in the FileNet Content Manager. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service by tricking a victim into processing a rogue PDF file or have it processed. IBM has released updates to...
Vulnerabilities fixed in Google Chrome
Google has released version 94.0.4606.81 of Chrome for Windows, MacoOS and Linux. In this version, four vulnerabilities are fixed. A malicious party could potentially exploit them to cause a denial-of-service, or to executing arbitrary code in the context of the browser. Google has released updat...
Vulnerability fixed in Cisco Anyconnect Secure Client
Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client for linux and macOS. A locally authenticated malicious party could exploit the vulnerability to load a rogue shared library, which allows the malicious party to execute arbitrary code execute with root privileges and gain access...
Vulnerability fixed in Cisco Email Security Appliance
Cisco has fixed a vulnerability in the Email Security Appliance. An unauthenticated malicious person could exploit the vulnerability to use a specially prepared URL to still bypass the URL Reputation filters and, in effect, the entire filtering system. The integrity or continuity of the Appliance...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed vulnerabilities in the Identity Services Engine ISE. A malicious party could potentially exploit the vulnerabilities to obtain sensitive data, or execute arbitrary code with root privileges. To obtain sensitive data, the malicious party must be authenticated to the management...
Vulnerabilities fixed in Squid
Two vulnerabilities have been fixed in Squid. The vulnerabilities potentially allow a remote malicious party to cause a denial-of-service DoS or gain access to sensitive data. The vulnerability with reference CVE-2021-28116 is located in the way Squid handles WCCPv2 traffic. The developers of Squ...
Vulnerabilities discovered in Honeywell Experion
Honeywell reports having found three vulnerabilities in Experion Process Knowledge System PKS C200, C200E, C300 and ACE Controllers. An unauthenticated malicious person could potentially exploit them to cause a denial-of-service, the execute arbitrary code on the vulnerable system or to gain acce...
Vulnerability fixed in Fortinet FortiSandbox
Fortinet has fixed a vulnerability in FortiSandbox. A authenticated malicious party could potentially abuse the vulnerability to execute arbitrary code. To do so, a rogue HTTP request must be sent to the FortiSandbox appliance. sent. Fortinet has released updates to fix the vulnerability in...
Vulnerabilities fixed in Fortinet FortiClientEMS
Fortinet has fixed vulnerabilities in FortiClientEMS. The vulnerability with reference CVE-2020-15941 concerns a path traversal vulnerability. This vulnerability allows an authenticated malicious person potentially able to add or delete files on the server to add or delete files. The vulnerabilit...
Vulnerability fixed in Typo3
The developers of Typo3 have fixed a vulnerability in Typo3 core. An unauthenticated malicious person could potentially exploit the vulnerability potentially exploit it to perform a Cross-site Request Forgery and thereby trick a victim into execute code under the malicious party's control. In the...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox and Firefox ESR. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights On...
Vulnerabilities fixed in Google Android
Google has fixed vulnerabilities in the Android OS. A malicious party can misuse the vulnerabilities to execute arbitrary code execute arbitrary code, gain access to sensitive data or to give themselves elevated privileges. To do this, the malicious party must trick the victim into installing a...
Vulnerabilities fixed in Apache web server
Apache Foundation has fixed two vulnerabilities in the apache web server. An unauthenticated remote malicious person could vulnerabilities potentially exploit them to cause a denial-of-service, or to obtain sensitive data. The Denial-of-Service can be caused by sending a specially prepared reques...
Vulnerability fixed in Sonatype Nexus
Sonatype has fixed a vulnerability in Nexus Repository. A unauthenticated malicious party could potentially gain access to sensitive information via an HTTP header injection to potentially gain access to sensitive information. Sonatype has released little further substantive information. Sonatype...
Vulnerability fixed in Fedora
A vulnerability has been fixed in the Linux kernel as used by Fedora. A local, authenticated malicious person can gain by exploiting this vulnerability to gain elevated privileges acquire elevated privileges on the vulnerable system. Fedora has made updates available for Fedora 33 and 34. You can...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code under application privileges to execute arbitrary code, cause a denial-of-service and to gain access to sensitive data. Google indicates that for the vulnerabilitie...
Vulnerabilities found in Corel products
FortiGuard Labs has found vulnerabilities in the following Corel products: Corel CorelDraw Standard Corel PDF Fusion Corel PhotoPaint Corel Presentations Corel WordPerfect A malicious party can exploit these vulnerabilities to execute arbitrary code under application privileges or to gain access ...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Server Side Request Forgery SSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of security measure...
Vulnerabilities fixed in MediaWiki
Vulnerabilities have been fixed in MediaWiki. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Accessing system data MediaWiki has released updates to address the...
Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus
Vulnerabilities have been fixed in IBM Tivoli Netcool/OMNIbus. The vulnerabilities allow a malicious person to execute arbitrary code execute arbitrary code. In addition, IBM reports an unspecified vulnerability that has been fixed. IBM has released updates to fix the vulnerabilities. More...
Vulnerabilities found in Apple iOS and iPadOS
A security researcher has found three vulnerabilities in Apple iOS and iPadOS. A malicious party can exploit these vulnerabilities exploit them to gain access to sensitive data. This includes contact data stored on the device and metadata about interactions with these persons. Successful misuse...
Vulnerability fixed in IBM Aspera
A vulnerability has been fixed in IBM Aspera. The vulnerability allows a remote malicious party to perform a Cross-Site Scripting attack and thereby steal authentication cookies. IBM has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in ArcSight Enterprise Security Manager
Micro Focus has fixed a vulnerability in ArcSight Enterprise Security Manager ESM. An authenticated malicious person at remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code under the application's privileges. Micro Focus shared few technical details...
Vulnerabilities fixed in Ubuntu
Vulnerabilities have been fixed in Ubuntu. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Increased user privileges -= Ubuntu =- Canonical has made...
Vulnerability fixed in Chromium-based browsers
A vulnerability has been fixed in Google Chrome. The vulnerability potentially allows a remote malicious person to execute arbitrary code to execute under the user's privileges. Google has disclosed little information about the vulnerability. The vulnerability is in the "Portals" component, which...
Vulnerability fixed in Trend Micro ServerProtect
Trend Micro has fixed a vulnerability in ServerProtect. A unauthenticated malicious party could potentially abuse it to bypass authentication. The vulnerability has a CVSS3.1 score of 9.8 assigned. Content-wise, however, few technical details made publicly available. Trend Micro has released...
Vulnerabilities fixed in Debian
Vulnerabilities have been fixed in Debian. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to sensitive data Increased user rights -=...
Vulnerability fixed in OpenVPN Access Server
The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. OpenVPN has released updates to fix the vulnerability. More information can b...