4199 matches found
Vulnerabilities discovered in Moxa hardware
Vulnerabilities have been discovered in Moxa protocol gateways. The vulnerabilities allow an unauthenticated malicious person to conduct opportunity to launch a denial-of-service attack on the management interface execute. For both vulnerabilities, the researcher has published a Proof-of-Concept ...
Vulnerability fixed in Xterm
The developers of Xterm have fixed a vulnerability. The vulnerability can be exploited by an unauthenticated malicious person at a remote user to cause a Denial-of-Service, or possibly executing arbitrary code with the privileges of the process. -= SUSE =- SUSE has made updates available to fix t...
Vulnerabilities fixed in Synology DiskStation Manager
Vulnerabilities have been fixed in Synology DiskStation Manager. An authenticated malicious person can exploit the vulnerabilities to obtain sensitive information and system data, as well as to execute arbitrary code under the privileges of the user. Synology has released updates to fix the...
Vulnerability fixed in Pulse Connect Secure
A vulnerability has been fixed in Pulse Connect Secure. A authenticated malicious person could potentially abuse it to execute arbitrary code under root privileges. To do this, however, the user must have the rights to view a Samba SMB share via the "Windows File Share Browser" functionality. Sin...
Vulnerability fixed in Fortinet FortiClient for macOS
A vulnerability has been fixed in Fortinet FortiClient for macOS. By exploiting this vulnerability to gain root privileges on the vulnerable system. See also the page below from the discoverers of this vulnerability, for more information: https://www.zerodayinitiative.com/advisories/ZDI-21-693/...
Vulnerability fixed in Sonatype Nexus
Sonatype has fixed a vulnerability in Nexus Repository 3. An authenticated malicious person could exploit the vulnerability to gain access to sensitive information. Sonatype has released updates to fix the vulnerability in Nexus Repository 3.31.0. For more information, see:...
Vulnerability fixed in VMware Tools for Windows
A vulnerability has been fixed in VMware Tools for Windows. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by exploiting a race condition in the VM3DMP driver. VMware has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in MantisBT
A vulnerability has been fixed in MantisBT. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. MantisBT has released updates to fix...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or execute arbitrary code with the application's permissions. Google indicates that for the vulnerability with attribute...
Vulnerabilities fixed in Cisco Jabber for Windows
Vulnerabilities have been fixed in Cisco Jabber for Windows. A malicious party could exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service to the recipient of a specially prepared XMPP message. Cisco has released updates to fix the vulnerabilities. For more...
Vulnerability fixed in Cisco Email Security Appliance and Web Security Appliance
Cisco has fixed a vulnerability in the integration of Advanced Malware Protection AMP for Endpoints in Cisco Email Security Appliance and Cisco Web Security Appliance. The vulnerability involves improper validation of TLS certificates. A malicious party could, as a result, via a Man-in-the-Middle...
Vulnerabilities fixed in Cisco Small Business switches
Vulnerabilities have been fixed in Cisco Small Business 220 Series Smart Switches. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights...
Vulnerability fixed in Cisco AnyConnect Secure Mobility Client
Cisco has fixed a vulnerability in AnyConnect Secure Mobility Client. A local malicious agent could potentially exploit it to execute arbitrary code under SYSTEM privileges. Only clients on which the VPN Posture HostScan Module is installed are vulnerable. Cisco has released updates to fix the...
Vulnerability fixed in Cisco Meeting Server
A vulnerability has been fixed in Cisco Meeting Server. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service causing all connected users to lose their connection. Cisco has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service exploit. To do this, a rogue SELECT statement must be executed on the database. IBM has released updates to fix the vulnerability in Db2 11.1.4FP6 and...
Vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed vulnerabilities in IBM Spectrum Protect Backup Archive Client and IBM Spectrum Protect for Space Management. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to execute under elevated privileges execute arbitrary code. IBM has...
Vulnerability fixed in VMware Workspace ONE UEM
VMware has fixed a vulnerability in Workspace ONE UEM console. An unauthenticated remote malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack could result in the execution of arbitrary script code in the browser used to visit the...
Vulnerabilities fixed in Ubuntu
Vulnerabilities have been fixed in Ubuntu, specifically in the Apport package. The vulnerabilities allow a malicious party to access to system data and potentially obtain elevated permissions. -= Ubuntu =- Canonical has made updates available for Ubuntu 18.04 LTS, 20.04 LTS, 20.10 and 21.04 to fi...
Vulnerability fixed in VMware vRealize Business for Cloud
VMware has fixed a vulnerability in virtual appliances of vRealize Business for Cloud. An unauthenticated remote malicious agent could remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code. To do so, the malicious party must maliciously send network...
Vulnerabilities fixed in Red Hat OpenShift
Red Hat has fixed vulnerabilities in OpenShift Container Platform. A malicious party could potentially exploit them to obtain elevated privileges on the vulnerable system or to cause a denial-of-service. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can...
Vulnerability fixed in SonicOS
SonicWall has fixed a vulnerability in SonicOS as used by several SonicWall products. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause a denial-of-service. To do this, a rogue HTTP request to the management interface of the SonicOS device needs to be ...
Vulnerability fixed in OTRS
A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to send a rogue email message that must then be sent by the OTRS application to process. OTRS has released...
Vulnerabilities fixed in IBM Spectrum Protect Client
Vulnerabilities have been fixed in IBM Spectrum Protect Client. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code with the application's permissions. IBM has released updates to fix the vulnerabilities. For more information, see:...
Vulnerabilities fixed in Nagios XI
Vulnerabilities have been fixed in Nagios XI. A malicious party can exploit the vulnerability to perform an SQL injection or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Few substantive...
Vulnerability fixed in IBM Integration Bus
A vulnerability has been fixed in IBM Integration Bus. A malicious party could potentially exploit the vulnerability in the Javascript lodash module potentially exploit it to execute arbitrary commands on the underlying system. IBM has released updates to fix the vulnerability. For more...
Vulnerabilities fixed in Docker
Vulnerabilities have been fixed in Docker. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges Successful misuse requires the...
Vulnerability fixed in Rockwell Automation FactoryTalk
A vulnerability has been fixed in Rockwell Automation FactoryTalk Services Platform. The vulnerability allows an authenticated remote malicious person able to assume the same rights as a locally logged on user. Rockwell Automation has released updates and mitigating measures released to address t...
Vulnerability fixed in polkit
A vulnerability has been fixed in polkit, an integral part of several Linux distributions. A local malicious person could gain root privileges by exploiting this vulnerability on the vulnerable system. GitHub has published more information about this vulnerability. For more information see:...
Vulnerabilities fixed in McAfee Agent for Windows
Vulnerabilities have been fixed in McAfee Agent for Windows. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-31840 potentially exploit it to execute arbitrary code with elevated privileges via a "DLL preloading" attack. The vulnerability with CVE attribut...
Vulnerability fixed in RabbitMQ
A vulnerability has been fixed in RabbitMQ. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause by sending a rogue AMQP message to the RabbitMQ server that can receive AMQP 1.0 messages. VMware Tanzu has released updates to fix the vulnerability fix in...
Vulnerability fixed in IBM WebSphere Application Server
A vulnerability has been fixed in IBM WebSphere Application Server. A remote malicious party could, by exploiting this vulnerability to gain elevated privileges within the application server. This vulnerability is only exploitable when using SAML Web Inbound Trust Association Interceptor TAI. IBM...
Vulnerabilities fixed in IBM Spectrum Protect Server
Vulnerabilities have been fixed in IBM DB2 as used in IBM Spectrum Protect. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to system data T...
Vulnerabilities fixed in Bosch IP Cameras
Bosch has fixed vulnerabilities in IP cameras CPP4, CPP6, CPP7, CPP13 and AVIOTEC. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, obtaining sensitive information, manipulating manipulate camera settings or perform a cross-site scripting...
Vulnerabilities fixed in Cisco Finesse
Cisco has fixed two vulnerabilities in Finesse. A unauthenticated remote malicious person could exploit the vulnerability with reference CVE-2021-1245 to perform a cross-site scripting XSS attack. Such an attack can lead to the execution of arbitrary code in the context of the browser of the...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights To do this, the malicious party must induce the victim to...
Vulnerabilities fixed in RSA NetWitness
Vulnerabilities have been fixed in RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of authentication. Remote code execution...
Vulnerability fixed in Schneider Electric Modicon
A vulnerability has been found in the firmware of Schneider Electric Modicon X80 devices. A malicious party can exploit the exploit the vulnerability to obtain configuration data from the device. To do this, a malicious person must make a rogue request towards the web server of the system. It is...
Vulnerability fixed in Citrix Cloud Connector
Citrix has discovered a vulnerability in the Cloud Connector client application. When the client is installed using command line parameters, these parameters are stored in readable text in the installation log file. These parameters may contain sensitive data, which a malicious person with access...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in Xen. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges The vulnerabilities with CVE core core CVE-2021-0089 and CVE-2021-28692...
Vulnerabilities fixed in Adobe products
Several vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The exact damage varies by...
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Spoofing Increased user privileges -= SUSE =- SUSE has made updates available to address the...
Fixed vulnerabilities in various Intel processors, chipsets, firmware, drivers and tools
Intel has fixed a sizable number of vulnerabilities in a range of processors, chipsets, firmware, drivers and tools. Many of the named chipsets are integrated and mostly present in systems built with Intel hardware. The associated tooling is generally included and installed by default. A maliciou...
Vulnerabilities fixed in Citrix ADC and Citrix Gateway
Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2020-8299 potentially exploit it to cause a denial-of-service from the same local network segment. The vulnerability with CVE attribute...
Vulnerability fixed in Xerox AltaLink systems
Xerox has fixed a vulnerability in AltaLink systems. A remote malicious person could exploit the vulnerability to conduct execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to access the system. No CVE vulnerability h...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed vulnerabilities in Jira Server. A remote malicious party could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. Atlassian has released updates to addre...
Vulnerabilities Fixed in Microsoft Malware Protection Engine
Microsoft has fixed vulnerabilities in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. A local malicious agent could vulnerabilities potentially exploit them to cause a denial-of-service cause or to execute code under elevated...
Vulnerabilities fixed in Microsoft Office products
Microsoft has fixed vulnerabilities in several Office products. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Executing arbitrary code User privileges. Impersonating another user Accessing sensitive data Below is a summary of the...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Circumvention of security measure Remote cod...
Vulnerability fixed in ESRI ArcGIS Server
A vulnerability has been fixed in Esri ArcGIS Server. The vulnerability allows a remote malicious person to perform a SQL-Injection attack. Esri has released updates to fix the vulnerabilities. For more information, see: https://www.esri.com/arcgis-blog/products/arcgis-enterprise...
Vulnerabilities fixed in Microsoft applications
Microsoft has fixed vulnerabilities in 3D Viewer, Paint 3D and Intune Management Extension. A malicious party could potentially exploit the vulnerabilities in 3D Viewer and Paint 3D potentially exploit them to gain access to sensitive data or to execute arbitrary code. To do this, the malicious...