4207 matches found
Vulnerability fixed in Icinga
A vulnerability has been fixed in Icinga. Within Icinga TLS certificate verification is used. However However, the validity of the Certificate Authority is not checked. A malicious party can thus circumvent bypass security. Updates have been released to fix the vulnerabilities. More information c...
Vulnerability fixed in Atlassian Jira
A vulnerability has been fixed in Atlassian Jira. The vulnerability allows a remote malicious party to obtain obtain system data by performing a path-traversal. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerability fixed in Autodesk Licensing Service
A vulnerability has been fixed in the Autodesk Licensing Service. This service is present on all of Autodesk's flagship products. The vulnerability allows a malicious person with local access to obtain elevated privileges. Autodesk has released updates to fix the vulnerability. More information c...
Vulnerability fixed in Red Hat JBoss Enterprise Application Platform
A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. A remote malicious agent could vulnerability potentially exploit it to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in FortiOS
A vulnerability has been fixed in FortiOS. The vulnerability allows a malicious party located within the victim's network is able to execute arbitrary code by providing a specially prepared image. Fortinet has released updates to fix the vulnerability. More information can be found on the page...
Vulnerability fixed in FortiWeb
FortiNet has released new versions that fix a vulnerability fix in FortiWeb. The vulnerability allows a remote malicious remote user to execute arbitrary code under permissions of the application. FortiNet has released updates to fix the vulnerability. More information can be found on the page...
Vulnerability fixed in BIND
A vulnerability has been fixed in BIND. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The vulnerability manifests itself when the RRL functionality is enabled. By default, this is not case. ISC has released updates to fix and mitigation. More...
Vulnerability fixed in jsoup
A vulnerability has been fixed in jsoup. The vulnerability allows a remote malicious party to cause a denial-of-service. cause. The developers of jsoup have released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerabilities fixed in multiple implementations of HTTP/2
A PortSwigger researcher has discovered vulnerabilities in several implementations of HTTP/2. The researcher has demonstrated that it is possible to manipulate HTTP/2 requests. When the front-end of an application uses HTTP/2 and forwards the request to the back-end a downgrade to HTTP/1 takes...
Vulnerability fixed in Firefox and Thunderbird
Mozilla has fixed a vulnerability in Thunderbird and Firefox. The vulnerability can be exploited with a so-called HTTP Response Splitting attack. In this attack, the malicious party manages to replace the original content of an HTTP response with rogue content. Mozilla has released updates to fix...
Vulnerabilities fixed in Cisco Expressway Series and TelePresence Video Communication Server
Vulnerabilities have been fixed in Cisco Expressway Series and TelePresence Video Communication Server. The vulnerabilities allow an authenticated remote malicious person to execute arbitrary code to execute under user privileges and under root privileges. Cisco has released updates to fix the...
Vulnerabilities fixed in Ubuntu kernel
Vulnerabilities have been fixed in Ubuntu's kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Canonical has released updates to...
Vulnerabilities fixed in OpenSUSE RPM
Vulnerabilities have been fixed in OpenSUSE RPM. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights -= OpenSUSE =- The developers of OpenSUSE ha...
Vulnerabilities fixed in Aruba Networks AirWave Management Platform
Vulnerabilities have been fixed in AirWave Management Platform. The vulnerability with reference CVE-2021-3156 allows a local malicious person able to obtain elevated privileges and thereby execute arbitrary code under root privileges. The vulnerability with CVE-2021-3156 is described in detail i...
Vulnerabilities fixed in Juniper Junos Space Platform
Vulnerabilities have been fixed in Junos Space Platform. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Circumvention of security measure Remote...
Vulnerabilities fixed in Adobe products
Vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to syste...
Vulnerability fixed in Zoom Client for Meetings
A vulnerability has been fixed in Zoom Client for Meetings. The vulnerability allows a remote malicious person to execute arbitrary code. To exploit this vulnerability exploit two other misconfigurations within the Zoom client while the attacker is is connected to the victim. Zoom indicates that...
Vulnerability fixed in BlackBerry QNX Real Time Operating System, QNX SDP, QNX OS for Safety, and QNX OS for Medical
Blackberry has fixed a vulnerability in QNX Real Time Operating System. The vulnerability is known by attribute CVE-2021-22156 and is part of a collection of vulnerabilities known as BadAlloc. A malicious person who manages to gain access to a vulnerable system can exploit the exploit the...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights As usual, Google has made few details...
Vulnerabilities fixed in Oracle Unbreakable Enterprise kernel
Vulnerabilities have been fixed in Oracle Unbreakable Enterprise kernel. The vulnerabilities enable a malicious party to to cause a denial-of-service. -= Oracle =- Oracle has made updates available for Oracle Linux 7 and 8. U can install these updates using the command 'yum'. More information abo...
Vulnerability fixed in SSSD
A vulnerability has been fixed in SSSD. The vulnerability allows a local malicious person with permissions on the SSSD interface e.g., via sudo to obtain root privileges. -= Oracle =- Oracle has made updates available for Oracle Linux 8. You can install these updates using the command 'yum'. More...
Vulnerability fixed in Atlassian Jira
A vulnerability has been fixed in Atlassian Jira. The vulnerability allows a remote malicious party to obtain to obtain system data. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/JRASERVER-72695...
Vulnerabilities fixed in Nagios XI
Nagios has released a new version to address vulnerabilities fixes. The vulnerabilities allow a malicious person to to bypass security measures. Nagios makes little public information about these vulnerabilities available. Nagios has released a new version to address the vulnerabilities. fixes...
Vulnerability fixed in cpio
A vulnerability has been fixed in cpio. The vulnerability allows a malicious person to execute arbitrary code. The developers of cpio have released updates to fix the vulnerability. More information can be found at the page below: https://git.savannah.gnu.org/cgit/cpio.git/commit...
Vulnerabilities fixed in NetApp products
NetApp has fixed vulnerabilities in several products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data NetApp has released updates to address the...
Vulnerabilities fixed in the openSUSE kernel
Vulnerabilities have been fixed in the openSUSE kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Access to system data Increased user privileges -=...
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in SUSE kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= SUSE =- SUSE has made updates available to address the...
Vulnerabilities fixed in Arconis Cyber Project
Acronis has fixed vulnerabilities in Cyber Project. The vulnerabilities allow a malicious party to obtain elevated user privileges and to obtain a security measure to circumvention. Acronis has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. The vulnerability is located in the...
Vulnerabilities fixed in PostgreSQL
Vulnerabilities have been fixed in PostgreSQL. The vulnerabilities allow a remote malicious party to cause a denial-of-service to potentially access sensitive data as a result. PostgreSQL has released a new version to address the vulnerabilities. fixes. More information can be found on the page...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in both the on-premises and SaaS versions of Apex One formerly OfficeScan. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities potentially enable a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure. Remote code execution User Rights The...
Vulnerabilities fixed in Brocade Fabric OS
Vulnerabilities have been fixed in Brocade Fabric OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root privileges...
Vulnerability found in Microsoft Printer Spooler service
A vulnerability has been found in the Print Spooler service of Microsoft Windows. A local malicious person without administrator privileges can exploit this vulnerability by connecting to a rogue print server. From this print server, a printer driver is then installed. Although the driver should...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Obtaining elevated privileges Execution of arbitrary code Accessing sensitive data The...
Vulnerabilities fixed in PAN-OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication. Remote code execution Administrator/Root...
Vulnerabilities fixed in Schneider Electric EcoStruxure and Modicon products
Vulnerabilities have been fixed in Schneider Electric products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Schneider Electric...
Vulnerability fixed in the Linux kernel
A vulnerability has been fixed in the Linux kernel. A malicious party could potentially exploit the vulnerability to execute arbitrary code under root privileges. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can install these updates using the command 'yum'...
Vulnerability fixed in Citrix ShareFile
Citrix has fixed a vulnerability caused by the CTX269106 mitigation tool for Citrix ShareFile storage zones controller. The tool disabled encryption when it was enabled. This would have allowed data to be stored and transmitted. Citrix has released updates to fix the vulnerability. More informati...
Vulnerability fixed in Dell EMC NetWorker
A vulnerability has been fixed in Dell EMC NetWorker. A authenticated malicious party could potentially exploit it to cause a Denial-of-Service through a rogue API request. Dell EMC has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in Tomcat
Debian has fixed vulnerabilities in Tomcat. The vulnerabilities allow a remote malicious person to circumvent a to bypass a security measure. -= Debian =- Debian has made updates to tomcat available for Debian 10.0 Buster to fix the vulnerability. You can install the custom packages by using...
Vulnerabilities fixed in SolarWinds products
Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root privileges SQL Injection Increased user...
Vulnerabilities fixed in Mozilla Thunderbird
Mozilla has fixed vulnerabilities in Thunderbird. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow an unauthenticated remote malicious party potentially able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure...
Vulnerabilities fixed in Adobe Connect and Magento
Adobe has fixed vulnerabilities in Adobe Connect and Magento. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code executio...
Vulnerabilities fixed in Oracle Linux Unbreakable Enterprise kernel
Oracle has fixed vulnerabilities in the Unbreakable Enterprise Linux kernel. The vulnerabilities potentially enable a malicious person able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user...
Vulnerabilities in Moxa EDS-405A series ICS Ethernet switches
Moxa has fixed vulnerabilities in Ethernet switches. The vulnerabilities allow a remote malicious person to execute arbitrary code and to perform a denial-of-service execution. Moxa has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Dell OpenManage Enterprise
Vulnerabilities have been fixed in Dell OpenMangage. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root privileges Access to sensitive data Increased...
Multiple vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Executing arbitrary code User privileges. Impersonating another user Below is a summary of the various...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed three vulnerabilities in Dynamics. A malicious party can exploit the vulnerabilities to impersonate as another user or to execute arbitrary code. Below is an overview of the affected vulnerabilities: Microsoft Dynamics:...