4179 matches found
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed vulnerabilities in Bridge. A malicious person could potentially exploit the vulnerabilities to execute arbitrary code under a user's privileges or to gain access to files on the vulnerable system. Adobe has released updates to fix the vulnerabilities in Bridge 11.1. For more...
Vulnerabilities fixed in VMware ESXi
VMware has fixed two vulnerabilities in ESXi. The vulnerability with reference CVE-2021-21994 is located in the Small Footprint CIM Broker SFCB and allows a remote malicious person to bypass authentication. This requires rogue network traffic be sent to port 5989 of the ESXi server. The...
Vulnerability fixed in Citrix Virtual Apps and Desktops
Citrix has fixed a vulnerability in Virtual Apps and Desktops, XenApp and XenDesktop. A local malicious party could by exploiting this vulnerability within a Windows VDA acquire elevated privileges. The vulnerability resides only in systems using Citrix Profile Management or the Citrix Profile...
Vulnerabilities fixed in Adobe Acrobat
Adobe has fixed vulnerabilities in Acrobat, Acrobat DC and Acrobat Reader. The vulnerabilities potentially enable a malicious person able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Increase...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Illustrator. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code under a user's privileges or to gain access to files on the vulnerable system. Adobe has released updates to fix the vulnerabilities in Illustrator 25.3. For...
Vulnerability fixed in Adobe Framemaker
Adobe has fixed a vulnerability in Framemaker. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. Adobe has released updates to fix the vulnerability in Framemaker 2019 Update 8 and 2020 Update 2. For more information, see:...
Vulnerabilities fixed in QEMU
Vulnerabilities have been fixed in QEMU. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution with privileges of the QEMU process Access to sensitive data Access to...
Vulnerabilities fixed in Mozilla Thunderbird
Mozilla has fixed vulnerabilities in Thunderbird. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Acces...
Actively exploited vulnerability fixed in ForgeRock AM
ForgeRock has fixed a vulnerability in ForgeRock Access Manager AM. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code under the application's permissions. To do this, malicious network traffic should be sent to a...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service Circumvention of security measure Executing arbitrary code Accessing...
Vulnerability fixed in Siemens SIMIT
Siemens has fixed a vulnerability in SIMIT. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or to gain access to data stored in system memory. For this vulnerability, Proof-of-Concept code is publicly available. Siemens has released updates to fix the...
Vulnerabilities fixed in Microsoft Exchange
Vulnerabilities have been fixed in Microsoft Exchange. Microsoft indicates that the vulnerabilities with reference CVE-2021-34523 and CVE-2021-34473 were already fixed in the April updates but this has been now being administered. Below is a summary of the various vulnerabilities described for ea...
Vulnerabilities Fixed in Microsoft Malware Protection Engine
Microsoft has fixed vulnerabilities in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. A local malicious agent could vulnerabilities potentially exploit them to execute code under elevated privileges execute code. Windows...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Dynamics Business Central Control. A malicious party could potentially exploit it to execute arbitrary code under the privileges of the application on the underlying operating system. Microsoft has made updates available that fix the described vulnerability...
Vulnerability fixed in Microsoft Power BI
A vulnerability has been fixed in the Microsoft Power BI application. A malicious party could potentially abuse it to execute arbitrary code with elevated privileges. Microsoft has made updates available that fix the described vulnerability described. We recommend that you install these updates...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed vulnerabilities in Identity Services Engine ISE. An authenticated malicious person could exploit the vulnerabilities on the management interface to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser us...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Spoofing Accessing sensitive data Microsoft Offic...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Mozilla has...
Vulnerabilities fixed in Siemens Scalance and Ruggedcom
Siemens has fixed vulnerabilities in Scalance and Ruggedcom products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Access to sensitive data Siemens has...
Vulnerabilities fixed in Siemens SIMATIC
Siemens has fixed vulnerabilities in Simatic products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...
Vulnerability fixed in NetIQ Advanced Authentication
Micro Focus has fixed a vulnerability in NetIQ Advanced Authentication. The vulnerability allows a malicious party to bypass bypass multi-factor authentication. No substantive details about this vulnerability made publicly available. Micro Focus has released updates to fix the vulnerability fix i...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js and npm. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service in the npm client or within a service that uses node.js. Also, by exploiting the vulnerability with CVE attribute CVE-2021-22921 SYSTEM privileges gain...
Vulnerability fixed in SonicWall network switches
SonicWall has fixed a vulnerability in several network switches. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause or read system memory. The vulnerability resides in the way LLDP network traffic is processed...
Vulnerabilities fixed in Esri ArcGIS Server
Esri has fixed vulnerabilities in ArcGIS Server. A malicious party could exploit the vulnerabilities to perform of a Same-Site Request Forgery SSRF or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application visite...
Vulnerability fixed in OpenVPN
A vulnerability has been fixed in OpenVPN. The vulnerability allows a malicious party in a Man-in-the-Middle position to be able to bypass certificate-based authentication. To do so the malicious party must generate its own server certificate containing containing the hostname as it appears in th...
Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus
IBM has fixed vulnerabilities in the web interface of Tivoli Netcool/OMNIbus. An authenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visi...
Vulnerabilities fixed in Kaseya Virtual System Administrator (VSA)
Vulnerabilities have been fixed in Kaseya VSA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights SQL Injection Access to sensitive data...
Vulnerability fixed in GitLab
A vulnerability has been fixed in GitLab. A malicious party could exploit the vulnerability to obtain sensitive information with the application's permissions through the uploading a prepared "design" file. To do this, "Large File Support" LFS must be enabled for the GitLab server or the specific...
Vulnerabilities fixed in FortiMail
Fortinet has fixed vulnerabilities in FortiMail. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution Access to sensitive data Increased user privileges Fortinet ha...
Vulnerability fixed in Cisco IP Phone
A vulnerability has been fixed in Cisco IP Phone. The vulnerability allows a malicious person with physical access to the device to execute arbitrary code with elevated permissions. Cisco has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Cisco Adaptive Security Device Manager
Cisco has fixed a vulnerability in Adaptive Security Device Manager ASDM. A malicious party could potentially exploit it to execute arbitrary code under privileges of ASDM or to gain access to files. For successful misuse, a Man-in-the-Middle position is required. Few substantive details have bee...
Vulnerabilities fixed in Fedora kernel
Vulnerabilities have been fixed in the Fedora Linux kernel. The vulnerabilities allow a local malicious person to obtain elevated privileges. Fedora has released updates to fix the vulnerabilities. More information can be found on the pages below: Fedora 33:...
Vulnerabilities fixed in Ruby
Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to system data Ruby developers have released updates to address t...
Vulnerabilities fixed in Android
Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased user privileges As usual, Google has disclosed...
Vulnerabilities fixed in MediaWiki
Vulnerabilities have been fixed in MediaWiki. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code...
Vulnerability fixed in PRTG Network Monitor
A vulnerability has been fixed in PRTG Network Monitor. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Paessler has released updat...
Vulnerabilities fixed in Joomla!
Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights released updates to addre...
Vulnerabilities fixed in Dell Wyse Management Suite
Dell has fixed vulnerabilities in Dell Wyse Management Suite. An authenticated remote malicious person could potentially potentially exploit them to perform a path traversal attack. This could gain read access to arbitrary files on the system. Dell has released updates to fix the vulnerabilities ...
Vulnerability fixed in MISP
A vulnerability has been fixed in MISP. An unauthenticated remote malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers have...
Vulnerability fixed in Cacti
Vulnerabilities have been fixed in Cacti. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Not every vulnerability h...
Vulnerabilities fixed in OpenVPN
Vulnerabilities have been fixed in the Windows versions of OpenVPN and OpenVPN Connect. A local malicious party could potentially exploit them to execute arbitrary code under the rights of the OpenVPN process. To do this, the malicious party must modify the OpenVPN configuration file such that th...
Vulnerability discovered in TLS implementations
Researchers have discovered a vulnerability in the way TLS traffic is processed. The vulnerability has been named ALPACA and is caused by the fact that IP addresses and port numbers are not authenticated by TLS. A malicious party with a Man-in-the-Middle position can therefore encrypt network...
Vulnerability fixed in XWiki
Advanced Open Source Enterprise Wiki has fixed a vulnerability fixed in XWiki. The vulnerability allows an unauthenticated malicious person able to reset a counter that tracks the number of failed login attempts to zero. This makes it possible to launch a brute-force attack. Updates have been...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution Use...
Vulnerability fixed in Ansible
A vulnerability has been fixed in Ansible. The vulnerability allows a malicious person to inject commands. With this vulnerability makes it possible to obtain sensitive data and possibly execute arbitrary code as well. The researcher who reported the vulnerability to Ansible has published an...
Vulnerability found in Microsoft Windows
There is a vulnerability in the Printer Spooler service from Microsoft. The vulnerability allows an authenticated malicious person able to execute arbitrary code and obtain elevated privileges. obtain. By exploiting the vulnerability, it is possible to take over a Domain Controller. Earlier this...
Vulnerabilities fixed in PHP7
PHP developers have fixed two vulnerabilities. The vulnerabilities allow a malicious party to cause a denial-of-service and to bypass a security measure. circumvention. PHP developers have made little information regarding these vulnerabilities publicly. PHP's developers have released updates to...
Vulnerability fixed in Broadcom ProxySG
Broadcom has fixed a vulnerability in ProxySG. The vulnerability allows an unauthenticated malicious person to access the system's management interface. It is good practice to place management interfaces of such devices on a separate management network. Broadcom has released updates to fix the...
Vulnerabilities fixed in QEMU
Vulnerabilities have been fixed in QEMU. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data -= SUSE =- SUSE has made updates available to fix the...