Vulnerabilities fixed in IBM Spectrum Protect Client

Vulnerabilities have been fixed in IBM Spectrum Protect Client. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code with the application's permissions. IBM has released updates to fix the vulnerabilities. For more information, see:...

Vulnerability fixed in OTRS

A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to send a rogue email message that must then be sent by the OTRS application to process. OTRS has released...

Vulnerability fixed in SonicOS

SonicWall has fixed a vulnerability in SonicOS as used by several SonicWall products. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause a denial-of-service. To do this, a rogue HTTP request to the management interface of the SonicOS device needs to be ...

Vulnerabilities fixed in Nagios XI

Vulnerabilities have been fixed in Nagios XI. A malicious party can exploit the vulnerability to perform an SQL injection or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Few substantive...

Vulnerability fixed in IBM Integration Bus

A vulnerability has been fixed in IBM Integration Bus. A malicious party could potentially exploit the vulnerability in the Javascript lodash module potentially exploit it to execute arbitrary commands on the underlying system. IBM has released updates to fix the vulnerability. For more...

Vulnerabilities fixed in Docker

Vulnerabilities have been fixed in Docker. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges Successful misuse requires the...

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. A remote malicious party could, by exploiting this vulnerability to gain elevated privileges within the application server. This vulnerability is only exploitable when using SAML Web Inbound Trust Association Interceptor TAI. IBM...

Vulnerabilities fixed in McAfee Agent for Windows

Vulnerabilities have been fixed in McAfee Agent for Windows. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-31840 potentially exploit it to execute arbitrary code with elevated privileges via a "DLL preloading" attack. The vulnerability with CVE attribut...

Vulnerability fixed in polkit

A vulnerability has been fixed in polkit, an integral part of several Linux distributions. A local malicious person could gain root privileges by exploiting this vulnerability on the vulnerable system. GitHub has published more information about this vulnerability. For more information see:...

Vulnerability fixed in RabbitMQ

A vulnerability has been fixed in RabbitMQ. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause by sending a rogue AMQP message to the RabbitMQ server that can receive AMQP 1.0 messages. VMware Tanzu has released updates to fix the vulnerability fix in...

Vulnerability fixed in Rockwell Automation FactoryTalk

A vulnerability has been fixed in Rockwell Automation FactoryTalk Services Platform. The vulnerability allows an authenticated remote malicious person able to assume the same rights as a locally logged on user. Rockwell Automation has released updates and mitigating measures released to address t...

Vulnerabilities fixed in IBM Spectrum Protect Server

Vulnerabilities have been fixed in IBM DB2 as used in IBM Spectrum Protect. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to system data T...

Vulnerabilities fixed in Bosch IP Cameras

Bosch has fixed vulnerabilities in IP cameras CPP4, CPP6, CPP7, CPP13 and AVIOTEC. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, obtaining sensitive information, manipulating manipulate camera settings or perform a cross-site scripting...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights To do this, the malicious party must induce the victim to...

Vulnerabilities fixed in Cisco Finesse

Cisco has fixed two vulnerabilities in Finesse. A unauthenticated remote malicious person could exploit the vulnerability with reference CVE-2021-1245 to perform a cross-site scripting XSS attack. Such an attack can lead to the execution of arbitrary code in the context of the browser of the...

Vulnerabilities fixed in RSA NetWitness

Vulnerabilities have been fixed in RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of authentication. Remote code execution...

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in Xen. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges The vulnerabilities with CVE core core CVE-2021-0089 and CVE-2021-28692...

Vulnerability fixed in Schneider Electric Modicon

A vulnerability has been found in the firmware of Schneider Electric Modicon X80 devices. A malicious party can exploit the exploit the vulnerability to obtain configuration data from the device. To do this, a malicious person must make a rogue request towards the web server of the system. It is...

Vulnerabilities fixed in Adobe products

Several vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The exact damage varies by...

Vulnerability fixed in Citrix Cloud Connector

Citrix has discovered a vulnerability in the Cloud Connector client application. When the client is installed using command line parameters, these parameters are stored in readable text in the installation log file. These parameters may contain sensitive data, which a malicious person with access...

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Spoofing Increased user privileges -= SUSE =- SUSE has made updates available to address the...

Fixed vulnerabilities in various Intel processors, chipsets, firmware, drivers and tools

Intel has fixed a sizable number of vulnerabilities in a range of processors, chipsets, firmware, drivers and tools. Many of the named chipsets are integrated and mostly present in systems built with Intel hardware. The associated tooling is generally included and installed by default. A maliciou...

Vulnerabilities fixed in the linux kernel

Canonical has fixed a number of vulnerabilities in the Linux kernel. The vulnerabilities allow an authenticated malicious person able to cause a denial-of-service, or potentially execute arbitrary code with root privileges. The vulnerabilities are known to be exploitable only locally or through...

Vulnerabilities fixed in Microsoft applications

Microsoft has fixed vulnerabilities in 3D Viewer, Paint 3D and Intune Management Extension. A malicious party could potentially exploit the vulnerabilities in 3D Viewer and Paint 3D potentially exploit them to gain access to sensitive data or to execute arbitrary code. To do this, the malicious...

Vulnerabilities in Siemens SIMATIC NET

Siemens has identified a number of vulnerabilities in the SIMATIC NET CP 443-1 OPC UA Communication Processor for S7 systems. The vulnerabilities are all located in the NTP implementation and enable an unauthenticated malicious person to able to cause a Denial-of-Service, or potentially execute...

Vulnerability fixed in ESRI ArcGIS Server

A vulnerability has been fixed in Esri ArcGIS Server. The vulnerability allows a remote malicious person to perform a SQL-Injection attack. Esri has released updates to fix the vulnerabilities. For more information, see: https://www.esri.com/arcgis-blog/products/arcgis-enterprise...

Vulnerabilities Fixed in Microsoft Malware Protection Engine

Microsoft has fixed vulnerabilities in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. A local malicious agent could vulnerabilities potentially exploit them to cause a denial-of-service cause or to execute code under elevated...

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed vulnerabilities in Jira Server. A remote malicious party could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. Atlassian has released updates to addre...

Vulnerability fixed in Xerox AltaLink systems

Xerox has fixed a vulnerability in AltaLink systems. A remote malicious person could exploit the vulnerability to conduct execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to access the system. No CVE vulnerability h...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Circumvention of security measure Remote cod...

Vulnerabilities fixed in Citrix ADC and Citrix Gateway

Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2020-8299 potentially exploit it to cause a denial-of-service from the same local network segment. The vulnerability with CVE attribute...

Vulnerabilities fixed in Microsoft Office products

Microsoft has fixed vulnerabilities in several Office products. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Executing arbitrary code User privileges. Impersonating another user Accessing sensitive data Below is a summary of the...

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...

Vulnerabilities fixed in Apache

Apache has released version 2.4.48 of the Apache Web server. In this version a number of vulnerabilities have been fixed, which can be exploited by an unauthenticated remote malicious person could be exploited to cause a denial-of-service. A vulnerability has also been fixed, which can be exploit...

Vulnerabilities fixed in SAP Netweaver

Vulnerabilities have been fixed in SAP Netweaver. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Remote code execution User rights...

Vulnerabilities fixed in Microsoft .NET Core and Visual Studio

Microsoft has fixed vulnerabilities in .NET Core, Visual Studio and Visual Studio Code. An unauthenticated malicious person at remote user could potentially exploit it to cause a denial-of-service. The vulnerability with attribute CVE-2021-31938 could potentially be exploited by a local malicious...

Vulnerability fixed in Huawei S5700 devices

Huawei has fixed a vulnerability in S5700 devices. A authenticated remote malicious person can exploit the vulnerability potentially exploit it to inject system commands. There are few substantive details about the vulnerability disclosed. Huawei has released updates to fix the vulnerability. The...

Vulnerability fixed in Red Hat Enterprise Linux

Red Hat has fixed a vulnerability in the Public Key Infrastructure PKI Core package. A component of this package writes out the administrator password during installation to a log file that is unjustifiably readable by any local user. A local malicious person with knowledge of the location of thi...

Vulnerabilities fixed in Mozilla Thunderbird

Mozilla has fixed vulnerabilities in Thunderbird. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code execute with the application's permissions. Mozilla has released updates to fix the vulnerabilities in Thunderbird 78.11...

Vulnerability fixed in HPE OneView for VMware vCenter

HPE has fixed a vulnerability in OneView for VMware vCenter. An unauthenticated remote malicious agent could exploit it to perform a Cross-Site Scripting XSS attack. Such an attack could result in the execution of arbitrary script code in the browser used to visit the application visited. HPE has...

Vulnerabilities fixed in Cisco Webex Meetings and Webex Server

Cisco has fixed vulnerabilities in Webex Meetings, Webex Meetings Server, Webex Teams and Webex client software. The vulnerabilities allow a malicious person, possibly remotely, to able to launch attacks that result in the following categories of damage: Circumvention of security measure. Remote...

Vulnerabilities fixed in Cisco Webex Player and Webex Network Recording Player

Cisco has fixed vulnerabilities in Webex Player and Webex Network Recording Player. The vulnerabilities allow an unauthenticated remote malicious party potentially capable of perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab Community Edition and GitLab Enterprise Edition. The vulnerabilities allow a remote malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...

Vulnerabilities fixed in Cisco ASR 5000 series

Cisco has fixed vulnerabilities in StarOS as used by ASR 5000-series devices. The vulnerabilities allow an authenticated remote malicious party able to further authentication to bypass and execute restricted unauthenticated commands execute. To do this, the malicious party must send rogue SSH...

Vulnerability fixed in Redis

A vulnerability has been fixed in Redis. A malicious person at remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code under application privileges. The vulnerability is caused by an integer overflow that can be triggered via the command "STRALGO LCS" c...

Vulnerability fixed in WhatsApp

A vulnerability has been fixed in the Android versions of WhatsApp and WhatsApp Business. It involves a path-traversal vulnerability which could potentially be exploited remotely to overwrite files used by WhatsApp. There few substantive details of the vulnerability have been made publicly...

Vulnerability fixed in FortiGate SSL VPN Portal

FortiGuard has fixed a vulnerability in e FortiGate SSL VPN portal. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights...

Vulnerability fixed in Cisco products

Cisco has fixed a vulnerability in the following products: Cisco Adaptive Security Appliance ASA Cisco Content Security Management Appliance SMA Cisco Email Security Appliance ESA Cisco Firepower Threat Defense FTD. Cisco FXOS Cisco Web Security Appliance WSA The vulnerability potentially allows ...

Vulnerability fixed in F5 BIG-IQ Centralized Management

F5 has fixed a vulnerability in BIG-IQ Centralized Management. An authenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code under root privileges. The vulnerability is located in the BIG-IQ Configuration utility. Successful...