Vulnerability fixed in Veeam Backup & Replication

A vulnerability has been fixed in Veeam Backup & Replication. The vulnerability potentially allows a malicious party to execute arbitrary code to execute arbitrary code because the Veeam application was vulnerable to a flaw in the deseralization logic of .NET remoting. Veeam's developers have mad...

Vulnerabilities fixed in OpenSUSE kernel

Vulnerabilities have been fixed in the openSUSE kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Accessing system data -=...

Vulnerabilities fixed in Jenkins

Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution User Rights Spoofing Increased user rights Jenkins...

Vulnerabilities fixed in Dell iDRAC

Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under the user's privileges by performing a cross-site scripting attack and allow a user to be to a different page or show other injected content display. Dell has release...

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in OpenShift Container Platform. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in Zimbra. The vulnerabilities allow a remote malicious person to launch a so-called cross-site scripting, and open-redirect attack. To do this, the attacker must trick the victim into following a rogue link to follow. Zimbra has released patches to fix the...

Vulnerabilities fixed in AVEVA System Platform

AVEVA has fixed vulnerabilities in System Platform. The vulnerabilities allow a remote malicious person to gain gain unauthenticated access to the system and to cause a denial-of-service. AVEVA has released updates to fix the vulnerabilities. More information can be found on the page below:...

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Vulnerabilities have been fixed in Aruba ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication. Remote code execution Administrator/Root rights...

Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus

Vulnerabilities have been fixed in IBM Tivoli Netcool/OMNIbus. The vulnerabilities allow a malicious person to conduct attacks execute attacks that result in the following categories of damage: Server-Side Request Forgery SSRF. Cross-Site Scripting XSS. Denial-of-Service DoS Remote code execution...

Vulnerabilities fixed in Red Hat Openshift Container Platform

Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Increased...

Vulnerabilities fixed in Nessus

Vulnerabilities have been fixed in Nessus. The vulnerabilities allow a locally authenticated malicious person with administrator privileges to obtain elevated privileges. The malicious party can use these privileges to execute specific Windows commands execute as the Nessus Agent host. Tenable ha...

Vulnerability fixed in Infoblox NIOS

A vulnerability has been fixed in Infoblox Network Identity Operating System NIOS. The vulnerability allows a malicious person with elevated privileges to cause a denial-of-service. Infoblox has released updates to fix the vulnerability. More information can be found on the page below:...

InjectaBLE vulnerability discovered in Bluetooth Low Energy (BLE)

Researchers at the LAAS-CNRS laboratory have demonstrated the ability to obtain a be able to obtain full man-in-the-middle status from two Bluetooth Low Energy BLE devices that have an unencrypted connection have. The man-in-the-middle attack does not work on encrypted connections. However, it is...

Vulnerability fixed in Umbraco CMS

A vulnerability has been fixed in Umbraco CMS. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website. send. Umbraco has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerabilities fixed in RabbitMQ

Vulnerabilities have been fixed in RabbitMQ. The vulnerabilities allow a malicious person to execute arbitrary code under the user's privileges. RabbitMQ categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 3.1. RabbitMQ has released updates to address the...

Vulnerabilities fixed in Red Hat JBoss Web Server

Vulnerabilities have been fixed in Red Hat JBoss Web Server. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive data obtain. Red Hat has released updates to fix the vulnerabilities. More information can be found on the page below:...

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or bypass a security measure. Microsoft has disclosed little information about the vulnerability with attribute CVE 2021-34475. Microsoft has released updates to...

Vulnerability fixed in libgcrypt

The developers of GnuPG have fixed a vulnerability in libgcrypt. The vulnerability is caused by an insecure implementation of ElGamal cryptography. A malicious person could potentially exploit the vulnerability to perform a side-channel attack against data encrypted using ElGamal. Few substantive...

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. An authenticated malicious party could potentially exploit the vulnerability to execute arbitrary code under application privileges. To do this, a rogue XML file needs to be presented to the application presented. The developers have released updates to...

Fixed vulnerabilities in Dell boot functionality.

Eclypsium has discovered vulnerabilities in Dell SupportAssist for Windows. The vulnerabilities allow an unauthenticated remote malicious person able to execute arbitrary code in the BIOS before the operating system is booted. The malicious must perform a man-in-the-middle attack to do so and...

Vulnerabilities fixed in IBM DB2

Vulnerabilities have been fixed in IBM DB2. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data IBM has released updates to fix the vulnerabilities. More...

Vulnerability fixed in MediaWiki

A vulnerability has been fixed in MediaWiki. The vulnerability allows an authenticated remote malicious person to delete delete pages while the account is locked. MediaWiki has released new versions to fix the vulnerability. fix. More information can be found on the page below:...

Vulnerabilities fixed in Red Hat OpenShift

Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Red Hat ha...

Vulnerabilities fixed in Broadcom Symantec products

Broadcom has fixed vulnerabilities in Symantec products. The vulnerabilities allow a malicious party to cause a denial-of-service and to obtain sensitive data obtain. Broadcom has been sparse in making information available regarding the vulnerabilities. Broadcom has released updates to address t...

Vulnerability found in Lexmark drivers

An IBM X-Force researcher has discovered a vulnerability in the LMbdsvc component in the Lexmark printer drivers for Windows. The vulnerability allows a locally authenticated malicious person to able to execute arbitrary code under system privileges. One and all is described in the following...

Vulnerability fixed in VMware products

A vulnerability has been fixed in VMware products. The vulnerability allows a malicious party to obtain elevated privileges obtain in a Windows guest system. VMware has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerabilities fixed in Autodesk Design Review

Autodesk has fixed vulnerabilities in Design Review. The vulnerabilities allow a remote malicious person to execute arbitrary code under user privileges. Also, the vulnerabilities allow the malicious party to obtain obtain system information. To exploit the vulnerabilities the attacker must induc...

Vulnerability fixed in SonicWall SonicOS

A vulnerability has been fixed in SonicOS. The vulnerability allows an unauthenticated malicious party to obtain system information through a malicious http request to obtain system information. SonicWall categorizes this vulnerability according to the CVSSv3 method with a score of 5.3. SonicWall...

Vulnerabilities fixed in Dovecot

Dovecot's developers have fixed two vulnerabilities. An authenticated remote malicious person can exploit the vulnerabilities exploit them to cause a denial-of-service, execute execute commands with application privileges or to obtain sensitive data. -= Ubuntu =- Canonical has made updates...

Vulnerabilities fixed in Autodesk products

Autodesk has fixed vulnerabilities in several products. The vulnerabilities allow an unauthenticated remote malicious person to remote user to execute arbitrary code under privileges of the user and to manipulate data. To exploit the vulnerabilities exploit, the malicious party must induce the...

Vulnerabilities discovered in Moxa hardware

Vulnerabilities have been discovered in Moxa protocol gateways. The vulnerabilities allow an unauthenticated malicious person to conduct opportunity to launch a denial-of-service attack on the management interface execute. For both vulnerabilities, the researcher has published a Proof-of-Concept ...

Vulnerability fixed in Xterm

The developers of Xterm have fixed a vulnerability. The vulnerability can be exploited by an unauthenticated malicious person at a remote user to cause a Denial-of-Service, or possibly executing arbitrary code with the privileges of the process. -= SUSE =- SUSE has made updates available to fix t...

Vulnerability fixed in Pulse Connect Secure

A vulnerability has been fixed in Pulse Connect Secure. A authenticated malicious person could potentially abuse it to execute arbitrary code under root privileges. To do this, however, the user must have the rights to view a Samba SMB share via the "Windows File Share Browser" functionality. Sin...

Vulnerability fixed in VMware Tools for Windows

A vulnerability has been fixed in VMware Tools for Windows. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by exploiting a race condition in the VM3DMP driver. VMware has released updates to fix the vulnerability. For more information, see:...

Vulnerability fixed in Fortinet FortiClient for macOS

A vulnerability has been fixed in Fortinet FortiClient for macOS. By exploiting this vulnerability to gain root privileges on the vulnerable system. See also the page below from the discoverers of this vulnerability, for more information: https://www.zerodayinitiative.com/advisories/ZDI-21-693/...

Vulnerability fixed in MantisBT

A vulnerability has been fixed in MantisBT. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. MantisBT has released updates to fix...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or execute arbitrary code with the application's permissions. Google indicates that for the vulnerability with attribute...

Vulnerabilities fixed in Synology DiskStation Manager

Vulnerabilities have been fixed in Synology DiskStation Manager. An authenticated malicious person can exploit the vulnerabilities to obtain sensitive information and system data, as well as to execute arbitrary code under the privileges of the user. Synology has released updates to fix the...

Vulnerability fixed in Sonatype Nexus

Sonatype has fixed a vulnerability in Nexus Repository 3. An authenticated malicious person could exploit the vulnerability to gain access to sensitive information. Sonatype has released updates to fix the vulnerability in Nexus Repository 3.31.0. For more information, see:...

Vulnerabilities fixed in Cisco Small Business switches

Vulnerabilities have been fixed in Cisco Small Business 220 Series Smart Switches. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights...

Vulnerabilities fixed in Cisco Jabber for Windows

Vulnerabilities have been fixed in Cisco Jabber for Windows. A malicious party could exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service to the recipient of a specially prepared XMPP message. Cisco has released updates to fix the vulnerabilities. For more...

Vulnerability fixed in Cisco Meeting Server

A vulnerability has been fixed in Cisco Meeting Server. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service causing all connected users to lose their connection. Cisco has released updates to fix the vulnerability. For more information, see:...

Vulnerability fixed in Cisco AnyConnect Secure Mobility Client

Cisco has fixed a vulnerability in AnyConnect Secure Mobility Client. A local malicious agent could potentially exploit it to execute arbitrary code under SYSTEM privileges. Only clients on which the VPN Posture HostScan Module is installed are vulnerable. Cisco has released updates to fix the...

Vulnerability fixed in Cisco Email Security Appliance and Web Security Appliance

Cisco has fixed a vulnerability in the integration of Advanced Malware Protection AMP for Endpoints in Cisco Email Security Appliance and Cisco Web Security Appliance. The vulnerability involves improper validation of TLS certificates. A malicious party could, as a result, via a Man-in-the-Middle...

Vulnerability fixed in VMware Workspace ONE UEM

VMware has fixed a vulnerability in Workspace ONE UEM console. An unauthenticated remote malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack could result in the execution of arbitrary script code in the browser used to visit the...

Vulnerability fixed in VMware vRealize Business for Cloud

VMware has fixed a vulnerability in virtual appliances of vRealize Business for Cloud. An unauthenticated remote malicious agent could remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code. To do so, the malicious party must maliciously send network...

Vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed vulnerabilities in IBM Spectrum Protect Backup Archive Client and IBM Spectrum Protect for Space Management. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to execute under elevated privileges execute arbitrary code. IBM has...

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service exploit. To do this, a rogue SELECT statement must be executed on the database. IBM has released updates to fix the vulnerability in Db2 11.1.4FP6 and...

Vulnerabilities fixed in Red Hat OpenShift

Red Hat has fixed vulnerabilities in OpenShift Container Platform. A malicious party could potentially exploit them to obtain elevated privileges on the vulnerable system or to cause a denial-of-service. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can...

Vulnerabilities fixed in Ubuntu

Vulnerabilities have been fixed in Ubuntu, specifically in the Apport package. The vulnerabilities allow a malicious party to access to system data and potentially obtain elevated permissions. -= Ubuntu =- Canonical has made updates available for Ubuntu 18.04 LTS, 20.04 LTS, 20.10 and 21.04 to fi...