Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. The vulnerability is located in the...

Vulnerabilities fixed in Arconis Cyber Project

Acronis has fixed vulnerabilities in Cyber Project. The vulnerabilities allow a malicious party to obtain elevated user privileges and to obtain a security measure to circumvention. Acronis has released updates to fix the vulnerabilities. More information can be found on the page below:...

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in both the on-premises and SaaS versions of Apex One formerly OfficeScan. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing...

Vulnerabilities fixed in Brocade Fabric OS

Vulnerabilities have been fixed in Brocade Fabric OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root privileges...

Vulnerabilities fixed in PostgreSQL

Vulnerabilities have been fixed in PostgreSQL. The vulnerabilities allow a remote malicious party to cause a denial-of-service to potentially access sensitive data as a result. PostgreSQL has released a new version to address the vulnerabilities. fixes. More information can be found on the page...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Obtaining elevated privileges Execution of arbitrary code Accessing sensitive data The...

Vulnerabilities fixed in PAN-OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication. Remote code execution Administrator/Root...

Vulnerability found in Microsoft Printer Spooler service

A vulnerability has been found in the Print Spooler service of Microsoft Windows. A local malicious person without administrator privileges can exploit this vulnerability by connecting to a rogue print server. From this print server, a printer driver is then installed. Although the driver should...

Vulnerabilities fixed in Schneider Electric EcoStruxure and Modicon products

Vulnerabilities have been fixed in Schneider Electric products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Schneider Electric...

Vulnerabilities fixed in Mozilla Thunderbird

Mozilla has fixed vulnerabilities in Thunderbird. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User...

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow an unauthenticated remote malicious party potentially able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure...

Vulnerability fixed in the Linux kernel

A vulnerability has been fixed in the Linux kernel. A malicious party could potentially exploit the vulnerability to execute arbitrary code under root privileges. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can install these updates using the command 'yum'...

Vulnerability fixed in Citrix ShareFile

Citrix has fixed a vulnerability caused by the CTX269106 mitigation tool for Citrix ShareFile storage zones controller. The tool disabled encryption when it was enabled. This would have allowed data to be stored and transmitted. Citrix has released updates to fix the vulnerability. More informati...

Vulnerability fixed in Dell EMC NetWorker

A vulnerability has been fixed in Dell EMC NetWorker. A authenticated malicious party could potentially exploit it to cause a Denial-of-Service through a rogue API request. Dell EMC has released updates to fix the vulnerability. For more information, see:...

Vulnerabilities fixed in Adobe Connect and Magento

Adobe has fixed vulnerabilities in Adobe Connect and Magento. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code executio...

Vulnerabilities fixed in Tomcat

Debian has fixed vulnerabilities in Tomcat. The vulnerabilities allow a remote malicious person to circumvent a to bypass a security measure. -= Debian =- Debian has made updates to tomcat available for Debian 10.0 Buster to fix the vulnerability. You can install the custom packages by using...

Vulnerabilities fixed in SolarWinds products

Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root privileges SQL Injection Increased user...

Vulnerabilities fixed in Oracle Linux Unbreakable Enterprise kernel

Oracle has fixed vulnerabilities in the Unbreakable Enterprise Linux kernel. The vulnerabilities potentially enable a malicious person able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user...

Vulnerabilities fixed in Siemens Simatic products

Siemens has fixed vulnerabilities in several Simatic products. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Remote code execution User right...

Several vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Bypassing security measure SQL Injection SAP designates three vulnerabilities as "Ho...

Vulnerabilities fixed in Dell OpenManage Enterprise

Vulnerabilities have been fixed in Dell OpenMangage. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root privileges Access to sensitive data Increased...

Vulnerability fixed in Lynx

A vulnerability has been fixed in Lynx. A malicious person at remote can exploit the vulnerability to obtain login credentials sent over HTTPS via Lynx to a server. transmitted. To do this, the malicious party must have access to network traffic between the victim and the server. It is not...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed three vulnerabilities in Dynamics. A malicious party can exploit the vulnerabilities to impersonate as another user or to execute arbitrary code. Below is an overview of the affected vulnerabilities: Microsoft Dynamics:...

Vulnerabilities in Moxa EDS-405A series ICS Ethernet switches

Moxa has fixed vulnerabilities in Ethernet switches. The vulnerabilities allow a remote malicious person to execute arbitrary code and to perform a denial-of-service execution. Moxa has released updates to fix the vulnerabilities. More information can be found on the page below:...

Vulnerability fixed in Jupyter notebook

Jupyter has fixed a vulnerability in notebook. The vulnerability is known as a so-called Cross-Site-Scripting XSS. The vulnerability allows a malicious person to execute arbitrary code under the privileges of the victim. To do this, the malicious party must induce the victim to to follow a rogue...

Vulnerabilities fixed in Oracle Linux microcode

Vulnerabilities have been fixed in the Oracle Linux microcode. The vulnerabilities allow a malicious party to access system data and increased user privileges. -= Oracle =- Oracle has made updates available for Oracle Linux 7 and 8. U can install these updates using the command 'yum'. More...

Multiple vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Executing arbitrary code User privileges. Impersonating another user Below is a summary of the various...

Vulnerabilities fixed in Siemens Scalance products

Siemens has fixed vulnerabilities in Scalance products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authenticati...

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in SUSE kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= SUSE =- SUSE has made updates available to fix the vulnerabili...

Vulnerabilities fixed in Debian Bluetooth protocol stack

Vulnerabilities have been fixed in Bluetooth. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing -= Debian =- Debian has made updates...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in its Developer products. The vulnerabilities allow a malicious party to launch attacks execute attacks that could lead to access to sensitive data, or Denial-of-Service, for example, through services and applications that make use of these vulnerable products...

Apache Tomcat vulnerability discovered in BIG-IP

F5 has discovered a vulnerability in BIG-IP. The vulnerability is located in the Tomcat component and gives opportunity for HTTP request smuggling. A malicious party can modify an HTTP request of another user. This can lead to many types of consequential damage. F5 has not yet released updates to...

Vulnerabilities fixed in Red Hat OpenShift

Red Hat has fixed vulnerabilities in OpenShift. The vulnerabilities allow an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 7 and 8. You can install these updates using the...

Vulnerabilities fixed in Ansible

Vulnerabilities have been fixed in Ansible. The vulnerabilities potentially enable an authenticated malicious person to perform attacks that result in the following categories of damage: Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges -=...

Vulnerabilities fixed in IBM Workload Scheduler

IBM has fixed vulnerabilities in Workload Scheduler. The vulnerabilities allow an unauthenticated malicious person to opportunity to cause a denial-of-service and to bypass a security measure. IBM categorizes these vulnerabilities using the CVSSv3 method with a highest score of 7.5. IBM has...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Not all vulnerabilities...

Vulnerabilities fixed in Pulse Connect Secure

Pulse Connect has fixed vulnerabilities in Pulse Connect Secure. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remote code execution...

Vulnerabilities fixed in VMware Workspace One Access and Identity Manager

VMware has fixed vulnerabilities in Workspace One Access and Identity Manager, as used by VMware Cloud Foundation, Identity Manager, Workspace One Access and vRealize. A unauthenticated malicious party could potentially exploit them to gain access to sensitive system data. VMware has released...

Vulnerabilities fixed in Cisco RV-series routers

Cisco has fixed vulnerabilities in several routers in its RV product line. An unauthenticated malicious party could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service cause or to execute arbitrary code with elevated privileges. execution. To do this, rog...

Vulnerabilities fixed in IBM Db2

IBM has fixed vulnerabilities in Db2. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To do this, a rogue database query on the database server to be executed. IBM has released updates to fix the vulnerabilities. For more information, see:...

Vulnerabilities fixed in ForsiOS

FortiGuard Labs has fixed several vulnerabilities in FortiOS. The vulnerabilities allow a malicious party to execute attacks that potentially lead to the execution of arbitrary code under the user's privileges. FortiGuard Labs has released updates to fix the vulnerabilities fixes in FortiOS SSL...

Vulnerability fixed in FortiManager and FortiAnalyzer

A server-side request forgery SSRF vulnerability in FortiManager and FortiAnalyser GUI could allow a remote attacker to gain access to unauthorized files and services on the system via specially designed web requests. Fortinet has released updates to fix the vulnerability. More information can be...

Vulnerabilities fixed in FortiManager and FortiAnalyzer

A vulnerability has been fixed in FortiManager and FortiAnalyzer. A malicious party could potentially exploit them to execute arbitrary code with elevated privileges or gain access to sensitive data. Fortinet has released updates to fix the vulnerability. More information can be found on the page...

Vulnerabilities fixed in ElasticSearch

Elastic has fixed vulnerabilities in the Elastic Stack. A authenticated malicious person could exploit the vulnerabilities to obtain sensitive information or bypass a security measure. The vulnerabilities are located in Elasticsearch itself and in the Elastic App Search API. Elastic has released...

Vulnerabilities found in NicheStack

Forescout researchers have found fourteen vulnerabilities found in NicheStack. This is a TCP/IP stack used primarily used in embedded systems and ICS/SCADA devices. Among Siemens, Honeywell, Rockwell Automation and Schneider Electric, among others are mentioned by Forescout as manufacturers that...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a remote malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Few technical details ...

Vulnerabilities fixed in Google Android

Google has fixed vulnerabilities in Android. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges Few technical...

Vulnerabilities fixed in Samsung Mobile

Vulnerabilities have been fixed in Android as used by Samsung Mobile products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access t...

Vulnerability fixed in PowerDNS

A vulnerability has been fixed in PowerDNS. The vulnerability allows an unauthenticated remote malicious agent to cause a denial-of-service. PowerDNS has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerabilities fixed is MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow an unauthenticated remote malicious person to be able to execute arbitrary code in the victim's browser. To do so, the malicious party must induce the victim to follow a rogue hyper-link to follow CIRCL has released updates to fix...