Vulnerabilities fixed in Netgear SmartSwitches

Netgear has fixed three vulnerabilities in a large number of SmartSwitches Seventh Inferno, Demon's Cries and Draconian Fear. The vulnerabilities allow a malicious party to cause a denial-of-service, or, when the vulnerabilities are used in tandem, to reset the password of the local admin reset...

Vulnerability discovered in Schneider Electric EcoStruxure Control Expert

A vulnerability has been discovered in Schneider Electric EcoStruxure Control Expert. The vulnerability could cause a malicious script to be deployed deployed to an unauthorized location which in turn could lead to the execution of code. Schneider Electric has published mitigating measures. More...

Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of a number of Dell products. These vulnerabilities allow a local malicious person to able to access sensitive information and execute execute arbitrary code. Dell has released updates to fix the vulnerabilities. More information can be found on the pag...

Vulnerability fixed in Zoho ManageEngine ADSelfService Plus

Zoho ManageEngine has fixed a vulnerability in ADSelfService Plus. ADSelfService Plus is a self-service password management and single-sign-on solution. The vulnerability allows a malicious remotely able to bypass authentication. Zoho ManageEngine categorizes this vulnerability according to the...

Vulnerabilities fixed in BIND

A vulnerability has been fixed in BIND. The vulnerability allows a malicious party with access to the internal network of a group of BIND servers able to launch a denial-of-service attack on an update process. This enables the distribution of zone information from the master server to slave serve...

Vulnerabilities fixed in Apache Tomcat

Vulnerabilities have been fixed in Apache Tomcat that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data The developers of Apache Tomcat have made updates available made available. For more information, see the following page: https://tomcat.apache.org...

Issues fixed in Apache web server

Apache has released version 2.4.49 of the Apache Web server. In this version a number of vulnerabilities have been fixed. Please note that the 2.2.x branch is now at the end of the life of the Apache HTTP Server project and there will be no further activity take place, including security updates...

Vulnerabilities fixed in curl

Vulnerabilities have been fixed in curl. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Updates have been released to fix the vulnerabilities. More...

Vulnerabilities fixed in FortiSandbox

Due to a session expiration vulnerability in FortiSandbox allows a malicious party to reuse the non-expired session IDs of an administrator reuse to obtain information about other users. obtain. CVE-2020-29012 Due to a vulnerability in the input validation of the sniffer interface of FortiSandbox...

Vulnerability fixed in Artifex Ghostscript

Artifex has fixed a vulnerability in Ghostscript. The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code under the privileges of Ghostscript. To do this, the malicious party must trick the victim into to open a malicious document. Artifex has release...

Vulnerabilities fixed in Drupal

Several vulnerabilities have been fixed in Drupal. A malicious party can exploit the vulnerabilities to perform of Cross-Site Scripting XSS, Cross-Site Request Forgery XSRF and bypassing security measures. Drupal has released updates to fix the vulnerabilities. For more information, see:...

Vulnerabilities fixed in QNAP nas

QNAP has fixed vulnerabilities in nas systems. The vulnerabilities allow a malicious person to execute arbitrary code execute arbitrary code. QNAP has released updates to fix the vulnerability. More information can be found on the pages below: CVE-2021-28816 and CVE-2021-34343:...

Vulnerabilities fixed in Adobe products

Vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User...

Vulnerability fixed in Fedora kernel

Fedora has fixed a vulnerability in its kernel. The vulnerability allows a malicious party to cause a Denial-of-Service exploit. -= Fedora =- Fedora has made updates available for Fedora 33 and 34. You can install these updates using the command 'dnf' or 'yum'. More information about these update...

Vulnerabilities fixed in Microsoft Edge

Microsoft has made updates available to fix vulnerabilities fixes in Microsoft Edge. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of security measure Remote code execution...

Vulnerability fixed in Nitro Pro PDF

A vulnerability has been fixed in Nitro Pro PDF. The vulnerability allows a remote malicious person to execute arbitrary execute arbitrary code under the victim's privileges. The malicious party to do this must induce the victim to open a rogue document to be opened. Nitro has released updates to...

Vulnerabilities fixed in Microsoft Azure products

Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities allow an unauthenticated remote malicious person to remote user to execute arbitrary code, gain elevated permissions and obtain sensitive information. Microsoft indicates that for the vulnerability with the attribute...

Vulnerabilities fixed in Apple iOS, iPadOS and macOS

Vulnerabilities have been fixed in iOS, iPadOS and macOS. A malicious party could potentially exploit the vulnerability to execute arbitrary code. To exploit the vulnerabilities a user must open a rogue PDF document or visit Web page visit. Apple indicates that these vulnerabilities may be active...

Vulnerability fixed in Microsoft Edge

Microsoft has fixed a vulnerability in Edge. The vulnerability allows a malicious person to manipulate data manipulate. Microsoft has made few details public and categorizes this vulnerability according to the CVSSv3 method with a score of 6.4. Microsoft has released updates to fix the...

Vulnerabilities fixed in NetIQ Access Manager

Vulnerabilities have been fixed in Access Manager. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Access to system da...

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics Business Central Control. A malicious party could exploit the vulnerability to perform of a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is...

Vulnerabilities fixed in Siemens products.

Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Access to sensitive data Increased user right...

Vulnerability fixed in Citrix ShareFile Storage Zones

A security issue has been fixed in the Citrix ShareFile storage area controller that, if exploited, would allow an unauthenticated malicious person would be able to remotely compromise the storage zone controller. All currently supported versions of the Citrix ShareFile storage zone controller...

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Microsoft Visual Studio. The vulnerabilities allow a malicious person to launch attacks execute attacks that could lead to the execution of arbitrary code under a user's privileges, obtaining elevated permissions and spoofing. Below is a summary of the vario...

Vulnerability fixed in Git

A vulnerability has been fixed in Git. The vulnerability allows a malicious party to bypass a security measure. Git has released updates to fix the vulnerability. More information can be found on the page below: https://github.com/git/git/commit /a02ea577174ab8ed18f847cf1693f213e0b9c473 -= Ubuntu...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Google, as usual, is releasing few technical details abou...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing SQL...

Vulnerabilities fixed in Microsoft Office products

Microsoft has fixed vulnerabilities in Office products. A malicious party can exploit the vulnerabilities to execute arbitrary code with user privileges and spoofing. Below is a summary of the various vulnerabilities described by component and the impact. Microsoft Office SharePoint:...

Vulnerabilities fixed in IBM Connections

Multiple vulnerabilities have been fixed in IBM SDK Java Technology Edition that is used by Content Collector for IBM Connections. IBM has released updates that fix the vulnerability. For more information see: https://www.ibm.com/support/pages/node/6487171...

Vulnerability fixed in AVEVA System Platform

A vulnerability has been fixed in Platform Common Services PCS Portal which is a component of AVEVA System Platform. It concerns a certain "DLL hijacking" vulnerability. A local malicious person could potentially exploit the vulnerability to execute arbitrary code execute with the privileges of t...

Vulnerabilities fixed in Cisco IOS XR

Vulnerabilities have been fixed in Cisco IOS XR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Access to sensitive data Increased user privileges Cisco ha...

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. A remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack. Also, a data exposure vulnerability has been fixed within the REST API. No CVE numbers ha...

Vulnerabilities fixed in Dell iDRAC

Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...

Vulnerabilities fixed in PAN-OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights...

Vulnerabilities fixed in Citrix Hypervisor

Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a malicious person with administrator privileges within the guest VM to cause a denial-of-service on the host and execute arbitrary code. Citrix has released updates to fix the vulnerabilities. More information ca...

Vulnerabilities fixed in Google Android

Google has fixed vulnerabilities in the Android OS. A malicious party could misuse the vulnerabilities to gain access to sensitive data or give himself elevated privileges. To do this, the malicious party must trick the victim into installing a rogue app to install. The vulnerability with referen...

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow an unauthenticated remote malicious agent potentially able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure...

Multiple vulnerabilities fixed in Fortinet products

Fortinet has fixed multiple vulnerabilities in Fortinet products. The vulnerabilities allow a malicious person to execute attacks that potentially lead to: Bypassing security measure Bypassing authentication Remote code execution User rights Spoofing Accessing sensitive data Fortinet has released...

Vulnerability fixed in IBM WebSphere

A vulnerability has been fixed in the Dojo library used used by WebSphere Application Server. By exploiting this vulnerability, a remote malicious person may be able to inject arbitrary code onto the system. IBM has released updates to fix the vulnerabilities. More information can be found on the...

Vulnerability fixed in Nessus agent

Nessus Agent 8.3.0 and earlier contains multiple local vulnerabilities that would allow an authenticated, local administrator to execute specific executable code on the Nessus Agent host could execute. Tenable has made updates available for Nessus to address the vulnerability. More information ca...

Vulnerability found in Microsoft Windows

A vulnerability has been found in Microsoft Windows' MSHTML component. A malicious party could potentially exploit it to execute arbitrary code under the privileges of a user. To do this, the malicious party needs to get the victim to to open a rogue Office document. Microsoft indicates that ther...

Vulnerabilities fixed in Dell EMC NetWorker

Dell has fixed two vulnerabilities in EMC NetWorker. A malicious party with user rights on the NetWorker server could access sensitive data on NetWorker clients via path-traveral. data on NetWorker clients. Dell has released updates to fix the vulnerabilities in EC Networker 19.4.0.4. Also, Dell...

Vulnerabilities fixed in IBM Spectrum Protect Plus

IBM has fixed vulnerabilities in Spectrum Protect Plus. A authenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary commands on the underlying system. IBM has released updates to fix the vulnerabilities in Spectrum Protect Plus 10.1.8.2...

Vulnerability fixed in Cisco Prime Infrastructure and Evolved Programmable Network Manager

Cisco has fixed a vulnerability in Prime Infrastructure and Evolved Programmable Network Manager. An authenticated malicious person with access to the command-line interface could exploit the exploit the vulnerability to gain access to sensitive information. Cisco has released updates to fix the...

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Identity Services Engine ISE. A malicious person with administrator privileges can exploit the vulnerability exploit it to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit...

Vulnerabilities fixed in Elasticsearch and Kibana

Vulnerabilities have been fixed in Elasticsearch and Kibana. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Elastic...

Vulnerabilities fixed in ArubaOS and Aruba SD-WAN

Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Access-Points and SD-WAN Gateways. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damag...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights...

Vulnerabilities fixed in Wind River Linux

Wind River has found and fixed vulnerabilities in Wind River Linux. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to...