4179 matches found
Vulnerabilities fixed in XStream
Several vulnerabilities have been fixed in XStream. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. The vulnerabilities are exploitable only when using use of the default XStream blacklist...
Vulnerability fixed in NetApp Clustered Data ONTAP
NetApp has fixed a vulnerability in the BSD sub-layer of Clustered Data ONTAP. The vulnerability is located in the ipv6 impelementation and potentially allows a malicious party to cause a denial-of-service exploit. NetApp has released updates to fix the vulnerability in Clustered Data ONTAP. For...
Vulnerability fixed in libssh
A vulnerability has been fixed in libssh. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause or execute arbitrary code with the privileges of application that uses libssh. It is good practice to apply the principle of "privilege separation" to this ty...
Vulnerabilities fixed in Xen
Xen's developers have fixed several vulnerabilities in Xen. A local malicious person could exploit the vulnerabilities to cause a denial-of-service, both in the guest system as well as the underlying host. Also, potentially the vulnerabilities could be exploited to obtain sensitive data in memory...
Vulnerabilities fixed in IBM AIX
Vulnerabilities have been fixed in IBM AIX. A local malicious party can, by exploiting these vulnerabilities, gain gain root privileges on the vulnerable system or can cause a Denial-of-Service exploit on the local system. IBM has released updates to fix the vulnerabilities in AIX. For more...
Vulnerabilities fixed in TeamViewer
Teamviewer has fixed two vulnerabilities in Teamviewer 15. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code with the application's privileges, causing a denial-of-service, or to gain access to sensitive data. To execute code, or cause a Denial-of-Service,...
Vulnerability fixed in Atlassian Confluence
A vulnerability has been fixed in Atlassian Confluence. A malicious party could potentially exploit the vulnerability to execute arbitrary code under the application's permissions. Atlassian has released updates to fix the vulnerability in Confluence. For more information, see:...
Vulnerabilities fixed in Cisco Nexus 9000 series switches
Vulnerabilities have been fixed in Cisco Nexus 9000 series switches that operate in Application Centric Infrastructure ACI mode. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Access to...
Vulnerabilities fixed in Cisco Application Policy Infrastructure Controller (APIC).
Vulnerabilities have been fixed in Cisco Application Policy Infrastructure Controller APIC. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution Administrator/Root right...
Vulnerabilities fixed in Cisco NX-OS
Vulnerabilities have been fixed in Cisco NX-OS. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause. Both vulnerabilities are not exploitable with standard configuration. exploited. For the vulnerability with CVE attribute CVE-2021-1588 requires tha...
Vulnerabilities fixed in F5 BIG-IP
Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights SQL Injection Access to...
Vulnerabilities fixed in OpenSSL
The developers of OpenSSL have fixed two vulnerabilities. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to cause a denial-of-service, or potentially gain access to sensitive data, including possibly private keys currently actively in use on the system. Misu...
Vulnerabilities fixed in VMware vRealize
VMware has fixed vulnerabilities in vRealize. A malicious person with access to the vRealize Operations Manager API could potentially exploit the vulnerabilities potentially exploit them to obtain sensitive data via accessing log files and arbitrary files, potentially possibly taking over a user...
Vulnerability fixed in F-Secure anti-virus engine
A vulnerability has been fixed in the F-Secure anti-virus engine. A malicious party could potentially exploit the vulnerability to cause a denial-of-service by running a specially prepared file to be scanned. F-Secure has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in Joomla! media manager
Joomla has fixed a vulnerability in the Joomla! media!! manager. Due to improper access control, a user could without being authorized to do so could delete arbitrary content from the media directory. Joomla has released updates to fix the vulnerability in Joomla! 4.0.1. For more information, see...
Vulnerabilities fixed in QEMU
Vulnerabilities have been fixed in several components of QEMU. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service on the QEMU hypervisor or execute arbitrary code with the privileges of the QEMU emulator on the host. -= OpenSUSE =- The developers of...
Vulnerability fixed in Ruby on Rails
A vulnerability has been fixed in Ruby on Rails. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website. send. Ruby on Rails has released updates to fix the vulnerability. fix. For more information, see:...
Vulnerabilities fixed in Arista MOS on 7130 switches
Several vulnerabilities have been fixed in Arista 7130 switches that use the Metamako Operating System MOS. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Bypassing authentication Bypassing security measure Remote...
Vulnerability fixed in Kerberos KDC
MIT has fixed a vulnerability in Kerberos. A malicious could potentially exploit the vulnerability to cause a denial-of-service cause in the KDC. -= Fedora =- Fedora has made updates available for Fedora 34. You can install these updates by using the command 'dnf' or 'yum'. More information about...
Vulnerability fixed in Rapid7 Nexpose
A vulnerability has been fixed in Rapid7 Nexpose. The vulnerability allows a malicious party to read and edit tickets that should not be available to the account the malicious party is logged in should be available. Rapid7 has released updates to fix the vulnerability. More information can be fou...
Vulnerability fixed in Icinga
A vulnerability has been fixed in Icinga. Within Icinga TLS certificate verification is used. However However, the validity of the Certificate Authority is not checked. A malicious party can thus circumvent bypass security. Updates have been released to fix the vulnerabilities. More information c...
Vulnerabilities fixed in AVEVA products
AVEVA has fixed vulnerabilities in several products. The vulnerabilities allow a malicious party to perform a denial-of-service exploit. AVEVA categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 8.1. AVEVA has released updates to fix the vulnerabilities. More...
Vulnerability fixed in VMware Workspace ONE
VMware has fixed a vulnerability in Workspace ONE. The vulnerability allows a malicious party with access to /API/system/admins/session the ability to perform a Denial of Service execution. VMware categorizes this vulnerability according to the CVSSv3 method with a score of 5.8. VMware has releas...
Vulnerability fixed in BIND
A vulnerability has been fixed in BIND. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The vulnerability manifests itself when the RRL functionality is enabled. By default, this is not case. ISC has released updates to fix and mitigation. More...
Vulnerability fixed in jsoup
A vulnerability has been fixed in jsoup. The vulnerability allows a remote malicious party to cause a denial-of-service. cause. The developers of jsoup have released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerability fixed in Autodesk Licensing Service
A vulnerability has been fixed in the Autodesk Licensing Service. This service is present on all of Autodesk's flagship products. The vulnerability allows a malicious person with local access to obtain elevated privileges. Autodesk has released updates to fix the vulnerability. More information c...
Vulnerability fixed in Atlassian Jira
A vulnerability has been fixed in Atlassian Jira. The vulnerability allows a remote malicious party to obtain obtain system data by performing a path-traversal. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerability fixed in Firefox and Thunderbird
Mozilla has fixed a vulnerability in Thunderbird and Firefox. The vulnerability can be exploited with a so-called HTTP Response Splitting attack. In this attack, the malicious party manages to replace the original content of an HTTP response with rogue content. Mozilla has released updates to fix...
Vulnerability fixed in FortiOS
A vulnerability has been fixed in FortiOS. The vulnerability allows a malicious party located within the victim's network is able to execute arbitrary code by providing a specially prepared image. Fortinet has released updates to fix the vulnerability. More information can be found on the page...
Vulnerability fixed in FortiWeb
FortiNet has released new versions that fix a vulnerability fix in FortiWeb. The vulnerability allows a remote malicious remote user to execute arbitrary code under permissions of the application. FortiNet has released updates to fix the vulnerability. More information can be found on the page...
Vulnerabilities fixed in multiple implementations of HTTP/2
A PortSwigger researcher has discovered vulnerabilities in several implementations of HTTP/2. The researcher has demonstrated that it is possible to manipulate HTTP/2 requests. When the front-end of an application uses HTTP/2 and forwards the request to the back-end a downgrade to HTTP/1 takes...
Vulnerability fixed in Red Hat JBoss Enterprise Application Platform
A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. A remote malicious agent could vulnerability potentially exploit it to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Cisco Expressway Series and TelePresence Video Communication Server
Vulnerabilities have been fixed in Cisco Expressway Series and TelePresence Video Communication Server. The vulnerabilities allow an authenticated remote malicious person to execute arbitrary code to execute under user privileges and under root privileges. Cisco has released updates to fix the...
Vulnerabilities fixed in Aruba Networks AirWave Management Platform
Vulnerabilities have been fixed in AirWave Management Platform. The vulnerability with reference CVE-2021-3156 allows a local malicious person able to obtain elevated privileges and thereby execute arbitrary code under root privileges. The vulnerability with CVE-2021-3156 is described in detail i...
Vulnerabilities fixed in OpenSUSE RPM
Vulnerabilities have been fixed in OpenSUSE RPM. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights -= OpenSUSE =- The developers of OpenSUSE ha...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to syste...
Vulnerabilities fixed in Ubuntu kernel
Vulnerabilities have been fixed in Ubuntu's kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Canonical has released updates to...
Vulnerabilities fixed in Juniper Junos Space Platform
Vulnerabilities have been fixed in Junos Space Platform. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Circumvention of security measure Remote...
Vulnerability fixed in BlackBerry QNX Real Time Operating System, QNX SDP, QNX OS for Safety, and QNX OS for Medical
Blackberry has fixed a vulnerability in QNX Real Time Operating System. The vulnerability is known by attribute CVE-2021-22156 and is part of a collection of vulnerabilities known as BadAlloc. A malicious person who manages to gain access to a vulnerable system can exploit the exploit the...
Vulnerability fixed in SSSD
A vulnerability has been fixed in SSSD. The vulnerability allows a local malicious person with permissions on the SSSD interface e.g., via sudo to obtain root privileges. -= Oracle =- Oracle has made updates available for Oracle Linux 8. You can install these updates using the command 'yum'. More...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights As usual, Google has made few details...
Vulnerability fixed in Zoom Client for Meetings
A vulnerability has been fixed in Zoom Client for Meetings. The vulnerability allows a remote malicious person to execute arbitrary code. To exploit this vulnerability exploit two other misconfigurations within the Zoom client while the attacker is is connected to the victim. Zoom indicates that...
Vulnerabilities fixed in Oracle Unbreakable Enterprise kernel
Vulnerabilities have been fixed in Oracle Unbreakable Enterprise kernel. The vulnerabilities enable a malicious party to to cause a denial-of-service. -= Oracle =- Oracle has made updates available for Oracle Linux 7 and 8. U can install these updates using the command 'yum'. More information abo...
Vulnerability fixed in Atlassian Jira
A vulnerability has been fixed in Atlassian Jira. The vulnerability allows a remote malicious party to obtain to obtain system data. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/JRASERVER-72695...
Vulnerabilities fixed in Nagios XI
Nagios has released a new version to address vulnerabilities fixes. The vulnerabilities allow a malicious person to to bypass security measures. Nagios makes little public information about these vulnerabilities available. Nagios has released a new version to address the vulnerabilities. fixes...
Vulnerabilities fixed in NetApp products
NetApp has fixed vulnerabilities in several products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data NetApp has released updates to address the...
Vulnerability fixed in cpio
A vulnerability has been fixed in cpio. The vulnerability allows a malicious person to execute arbitrary code. The developers of cpio have released updates to fix the vulnerability. More information can be found at the page below: https://git.savannah.gnu.org/cgit/cpio.git/commit...
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in SUSE kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= SUSE =- SUSE has made updates available to address the...
Vulnerabilities fixed in the openSUSE kernel
Vulnerabilities have been fixed in the openSUSE kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Access to system data Increased user privileges -=...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities potentially enable a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure. Remote code execution User Rights The...