4207 matches found
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Microsoft Visual Studio. The vulnerabilities allow a malicious person to launch attacks execute attacks that could lead to the execution of arbitrary code under a user's privileges, obtaining elevated permissions and spoofing. Below is a summary of the vario...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing SQL...
Vulnerabilities fixed in Microsoft Edge
Microsoft has made updates available to fix vulnerabilities fixes in Microsoft Edge. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...
Vulnerabilities fixed in Microsoft Azure products
Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities allow an unauthenticated remote malicious person to remote user to execute arbitrary code, gain elevated permissions and obtain sensitive information. Microsoft indicates that for the vulnerability with the attribute...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Microsoft Dynamics Business Central Control. A malicious party could exploit the vulnerability to perform of a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is...
Vulnerabilities fixed in Apple iOS, iPadOS and macOS
Vulnerabilities have been fixed in iOS, iPadOS and macOS. A malicious party could potentially exploit the vulnerability to execute arbitrary code. To exploit the vulnerabilities a user must open a rogue PDF document or visit Web page visit. Apple indicates that these vulnerabilities may be active...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Google, as usual, is releasing few technical details abou...
Vulnerabilities fixed in IBM Connections
Multiple vulnerabilities have been fixed in IBM SDK Java Technology Edition that is used by Content Collector for IBM Connections. IBM has released updates that fix the vulnerability. For more information see: https://www.ibm.com/support/pages/node/6487171...
Vulnerabilities fixed in WordPress
WordPress developers have fixed several vulnerabilities fixed. A remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack. Also, a data exposure vulnerability has been fixed within the REST API. No CVE numbers ha...
Vulnerabilities fixed in Dell iDRAC
Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...
Vulnerabilities fixed in Cisco IOS XR
Vulnerabilities have been fixed in Cisco IOS XR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Access to sensitive data Increased user privileges Cisco ha...
Vulnerability fixed in AVEVA System Platform
A vulnerability has been fixed in Platform Common Services PCS Portal which is a component of AVEVA System Platform. It concerns a certain "DLL hijacking" vulnerability. A local malicious person could potentially exploit the vulnerability to execute arbitrary code execute with the privileges of t...
Vulnerabilities fixed in PAN-OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Citrix Hypervisor
Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a malicious person with administrator privileges within the guest VM to cause a denial-of-service on the host and execute arbitrary code. Citrix has released updates to fix the vulnerabilities. More information ca...
Vulnerabilities fixed in Google Android
Google has fixed vulnerabilities in the Android OS. A malicious party could misuse the vulnerabilities to gain access to sensitive data or give himself elevated privileges. To do this, the malicious party must trick the victim into installing a rogue app to install. The vulnerability with referen...
Vulnerability fixed in IBM WebSphere
A vulnerability has been fixed in the Dojo library used used by WebSphere Application Server. By exploiting this vulnerability, a remote malicious person may be able to inject arbitrary code onto the system. IBM has released updates to fix the vulnerabilities. More information can be found on the...
Multiple vulnerabilities fixed in Fortinet products
Fortinet has fixed multiple vulnerabilities in Fortinet products. The vulnerabilities allow a malicious person to execute attacks that potentially lead to: Bypassing security measure Bypassing authentication Remote code execution User rights Spoofing Accessing sensitive data Fortinet has released...
Vulnerability fixed in Nessus agent
Nessus Agent 8.3.0 and earlier contains multiple local vulnerabilities that would allow an authenticated, local administrator to execute specific executable code on the Nessus Agent host could execute. Tenable has made updates available for Nessus to address the vulnerability. More information ca...
Vulnerability found in Microsoft Windows
A vulnerability has been found in Microsoft Windows' MSHTML component. A malicious party could potentially exploit it to execute arbitrary code under the privileges of a user. To do this, the malicious party needs to get the victim to to open a rogue Office document. Microsoft indicates that ther...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow an unauthenticated remote malicious agent potentially able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure...
Vulnerabilities fixed in Dell EMC NetWorker
Dell has fixed two vulnerabilities in EMC NetWorker. A malicious party with user rights on the NetWorker server could access sensitive data on NetWorker clients via path-traveral. data on NetWorker clients. Dell has released updates to fix the vulnerabilities in EC Networker 19.4.0.4. Also, Dell...
Vulnerabilities fixed in IBM Spectrum Protect Plus
IBM has fixed vulnerabilities in Spectrum Protect Plus. A authenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary commands on the underlying system. IBM has released updates to fix the vulnerabilities in Spectrum Protect Plus 10.1.8.2...
Vulnerability fixed in Cisco Prime Infrastructure and Evolved Programmable Network Manager
Cisco has fixed a vulnerability in Prime Infrastructure and Evolved Programmable Network Manager. An authenticated malicious person with access to the command-line interface could exploit the exploit the vulnerability to gain access to sensitive information. Cisco has released updates to fix the...
Vulnerabilities fixed in Elasticsearch and Kibana
Vulnerabilities have been fixed in Elasticsearch and Kibana. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Elastic...
Vulnerability fixed in Cisco Identity Services Engine
Cisco has fixed a vulnerability in Identity Services Engine ISE. A malicious person with administrator privileges can exploit the vulnerability exploit it to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights...
Vulnerabilities fixed in ArubaOS and Aruba SD-WAN
Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Access-Points and SD-WAN Gateways. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damag...
Vulnerabilities fixed in Wind River Linux
Wind River has found and fixed vulnerabilities in Wind River Linux. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to...
Vulnerability fixed in NetApp Clustered Data ONTAP
NetApp has fixed a vulnerability in the BSD sub-layer of Clustered Data ONTAP. The vulnerability is located in the ipv6 impelementation and potentially allows a malicious party to cause a denial-of-service exploit. NetApp has released updates to fix the vulnerability in Clustered Data ONTAP. For...
Vulnerability fixed in libssh
A vulnerability has been fixed in libssh. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause or execute arbitrary code with the privileges of application that uses libssh. It is good practice to apply the principle of "privilege separation" to this ty...
Vulnerabilities fixed in XStream
Several vulnerabilities have been fixed in XStream. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. The vulnerabilities are exploitable only when using use of the default XStream blacklist...
Vulnerabilities fixed in Cisco Application Policy Infrastructure Controller (APIC).
Vulnerabilities have been fixed in Cisco Application Policy Infrastructure Controller APIC. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution Administrator/Root right...
Vulnerabilities fixed in IBM AIX
Vulnerabilities have been fixed in IBM AIX. A local malicious party can, by exploiting these vulnerabilities, gain gain root privileges on the vulnerable system or can cause a Denial-of-Service exploit on the local system. IBM has released updates to fix the vulnerabilities in AIX. For more...
Vulnerability fixed in Atlassian Confluence
A vulnerability has been fixed in Atlassian Confluence. A malicious party could potentially exploit the vulnerability to execute arbitrary code under the application's permissions. Atlassian has released updates to fix the vulnerability in Confluence. For more information, see:...
Vulnerabilities fixed in Cisco Nexus 9000 series switches
Vulnerabilities have been fixed in Cisco Nexus 9000 series switches that operate in Application Centric Infrastructure ACI mode. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Access to...
Vulnerabilities fixed in Cisco NX-OS
Vulnerabilities have been fixed in Cisco NX-OS. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause. Both vulnerabilities are not exploitable with standard configuration. exploited. For the vulnerability with CVE attribute CVE-2021-1588 requires tha...
Vulnerabilities fixed in TeamViewer
Teamviewer has fixed two vulnerabilities in Teamviewer 15. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code with the application's privileges, causing a denial-of-service, or to gain access to sensitive data. To execute code, or cause a Denial-of-Service,...
Vulnerabilities fixed in Xen
Xen's developers have fixed several vulnerabilities in Xen. A local malicious person could exploit the vulnerabilities to cause a denial-of-service, both in the guest system as well as the underlying host. Also, potentially the vulnerabilities could be exploited to obtain sensitive data in memory...
Vulnerabilities fixed in VMware vRealize
VMware has fixed vulnerabilities in vRealize. A malicious person with access to the vRealize Operations Manager API could potentially exploit the vulnerabilities potentially exploit them to obtain sensitive data via accessing log files and arbitrary files, potentially possibly taking over a user...
Vulnerabilities fixed in F5 BIG-IP
Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights SQL Injection Access to...
Vulnerabilities fixed in OpenSSL
The developers of OpenSSL have fixed two vulnerabilities. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to cause a denial-of-service, or potentially gain access to sensitive data, including possibly private keys currently actively in use on the system. Misu...
Vulnerability fixed in F-Secure anti-virus engine
A vulnerability has been fixed in the F-Secure anti-virus engine. A malicious party could potentially exploit the vulnerability to cause a denial-of-service by running a specially prepared file to be scanned. F-Secure has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in Joomla! media manager
Joomla has fixed a vulnerability in the Joomla! media!! manager. Due to improper access control, a user could without being authorized to do so could delete arbitrary content from the media directory. Joomla has released updates to fix the vulnerability in Joomla! 4.0.1. For more information, see...
Vulnerabilities fixed in Arista MOS on 7130 switches
Several vulnerabilities have been fixed in Arista 7130 switches that use the Metamako Operating System MOS. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Bypassing authentication Bypassing security measure Remote...
Vulnerability fixed in Ruby on Rails
A vulnerability has been fixed in Ruby on Rails. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website. send. Ruby on Rails has released updates to fix the vulnerability. fix. For more information, see:...
Vulnerability fixed in Kerberos KDC
MIT has fixed a vulnerability in Kerberos. A malicious could potentially exploit the vulnerability to cause a denial-of-service cause in the KDC. -= Fedora =- Fedora has made updates available for Fedora 34. You can install these updates by using the command 'dnf' or 'yum'. More information about...
Vulnerabilities fixed in QEMU
Vulnerabilities have been fixed in several components of QEMU. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service on the QEMU hypervisor or execute arbitrary code with the privileges of the QEMU emulator on the host. -= OpenSUSE =- The developers of...
Vulnerabilities fixed in AVEVA products
AVEVA has fixed vulnerabilities in several products. The vulnerabilities allow a malicious party to perform a denial-of-service exploit. AVEVA categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 8.1. AVEVA has released updates to fix the vulnerabilities. More...
Vulnerability fixed in Rapid7 Nexpose
A vulnerability has been fixed in Rapid7 Nexpose. The vulnerability allows a malicious party to read and edit tickets that should not be available to the account the malicious party is logged in should be available. Rapid7 has released updates to fix the vulnerability. More information can be fou...
Vulnerability fixed in VMware Workspace ONE
VMware has fixed a vulnerability in Workspace ONE. The vulnerability allows a malicious party with access to /API/system/admins/session the ability to perform a Denial of Service execution. VMware categorizes this vulnerability according to the CVSSv3 method with a score of 5.8. VMware has releas...