4199 matches found
Vulnerabilities fixed in SAP Netweaver
Vulnerabilities have been fixed in SAP Netweaver. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Remote code execution User rights...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities in Siemens SIMATIC NET
Siemens has identified a number of vulnerabilities in the SIMATIC NET CP 443-1 OPC UA Communication Processor for S7 systems. The vulnerabilities are all located in the NTP implementation and enable an unauthenticated malicious person to able to cause a Denial-of-Service, or potentially execute...
Vulnerabilities fixed in Microsoft .NET Core and Visual Studio
Microsoft has fixed vulnerabilities in .NET Core, Visual Studio and Visual Studio Code. An unauthenticated malicious person at remote user could potentially exploit it to cause a denial-of-service. The vulnerability with attribute CVE-2021-31938 could potentially be exploited by a local malicious...
Vulnerabilities fixed in Apache
Apache has released version 2.4.48 of the Apache Web server. In this version a number of vulnerabilities have been fixed, which can be exploited by an unauthenticated remote malicious person could be exploited to cause a denial-of-service. A vulnerability has also been fixed, which can be exploit...
Vulnerabilities fixed in the linux kernel
Canonical has fixed a number of vulnerabilities in the Linux kernel. The vulnerabilities allow an authenticated malicious person able to cause a denial-of-service, or potentially execute arbitrary code with root privileges. The vulnerabilities are known to be exploitable only locally or through...
Vulnerability fixed in Red Hat Enterprise Linux
Red Hat has fixed a vulnerability in the Public Key Infrastructure PKI Core package. A component of this package writes out the administrator password during installation to a log file that is unjustifiably readable by any local user. A local malicious person with knowledge of the location of thi...
Vulnerability fixed in Huawei S5700 devices
Huawei has fixed a vulnerability in S5700 devices. A authenticated remote malicious person can exploit the vulnerability potentially exploit it to inject system commands. There are few substantive details about the vulnerability disclosed. Huawei has released updates to fix the vulnerability. The...
Vulnerability fixed in HPE OneView for VMware vCenter
HPE has fixed a vulnerability in OneView for VMware vCenter. An unauthenticated remote malicious agent could exploit it to perform a Cross-Site Scripting XSS attack. Such an attack could result in the execution of arbitrary script code in the browser used to visit the application visited. HPE has...
Vulnerabilities fixed in Mozilla Thunderbird
Mozilla has fixed vulnerabilities in Thunderbird. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code execute with the application's permissions. Mozilla has released updates to fix the vulnerabilities in Thunderbird 78.11...
Vulnerabilities fixed in Cisco ASR 5000 series
Cisco has fixed vulnerabilities in StarOS as used by ASR 5000-series devices. The vulnerabilities allow an authenticated remote malicious party able to further authentication to bypass and execute restricted unauthenticated commands execute. To do this, the malicious party must send rogue SSH...
Vulnerabilities fixed in Cisco Webex Player and Webex Network Recording Player
Cisco has fixed vulnerabilities in Webex Player and Webex Network Recording Player. The vulnerabilities allow an unauthenticated remote malicious party potentially capable of perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in GitLab Community Edition and GitLab Enterprise Edition. The vulnerabilities allow a remote malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...
Vulnerability fixed in Redis
A vulnerability has been fixed in Redis. A malicious person at remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code under application privileges. The vulnerability is caused by an integer overflow that can be triggered via the command "STRALGO LCS" c...
Vulnerabilities fixed in Cisco Webex Meetings and Webex Server
Cisco has fixed vulnerabilities in Webex Meetings, Webex Meetings Server, Webex Teams and Webex client software. The vulnerabilities allow a malicious person, possibly remotely, to able to launch attacks that result in the following categories of damage: Circumvention of security measure. Remote...
Vulnerability fixed in FortiGate SSL VPN Portal
FortiGuard has fixed a vulnerability in e FortiGate SSL VPN portal. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...
Vulnerability fixed in Cisco products
Cisco has fixed a vulnerability in the following products: Cisco Adaptive Security Appliance ASA Cisco Content Security Management Appliance SMA Cisco Email Security Appliance ESA Cisco Firepower Threat Defense FTD. Cisco FXOS Cisco Web Security Appliance WSA The vulnerability potentially allows ...
Vulnerability fixed in F5 BIG-IQ Centralized Management
F5 has fixed a vulnerability in BIG-IQ Centralized Management. An authenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code under root privileges. The vulnerability is located in the BIG-IQ Configuration utility. Successful...
Vulnerability fixed in WhatsApp
A vulnerability has been fixed in the Android versions of WhatsApp and WhatsApp Business. It involves a path-traversal vulnerability which could potentially be exploited remotely to overwrite files used by WhatsApp. There few substantive details of the vulnerability have been made publicly...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights...
Vulnerability fixed in NetApp Clustered Data ONTAP
NetApp has fixed a vulnerability in Clustered Data ONTAP. A remote malicious party could potentially exploit it to cause a denial-of-service. Few substantive details about the vulnerability publicly available made available. NetApp has released updates to fix the vulnerability in Clustered Data...
Vulnerabilities fixed in Red Hat Openshift Container Platform
Red Hat has released updates to a large number of packages for its OpenShift Container Platform. The packages include several applications for which security advisories have previously been written, but for which Red Hat is now releasing a bundle for OpenShift 4.7.13 Malicious parties can exploit...
Vulnerability fixed in Squid
A vulnerability has been fixed in Squid. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause cause a denial-of-service. To do this, a rogue HTTP response message should be sent to the Squid service. The developers have released updates to fix the...
Vulnerability fixed in Linux kernel
A vulnerability has been fixed in the Linux kernel. A local, authenticated malicious person can, by exploiting this vulnerability to gain root privileges on the vulnerable system. -= Fedora =- Fedora has made updates available for Fedora 33 and 34. You can install these updates using the command...
Vulnerabilities fixed in IBM Cognos
IBM has fixed vulnerabilities in Cognos Analytics. The vulnerabilities allow an unauthenticated malicious person, possibly remotely, be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access...
Vulnerabilities fixed in XWiki
Vulnerabilities have been fixed in XWiki. The vulnerabilities allow an authenticated malicious person to execute scripts without having the necessary permissions to do so. In addition, a malicious person with inactive account could bypass a security measure that allows access to the account to be...
Vulnerability fixed in Siemens SIMATIC
Siemens has fixed a vulnerability in several SIMATIC products. An unauthenticated malicious person with access to TCP port 102 could potentially exploit the vulnerability to manipulate system memory, execute arbitrary code and gain access to system data. Siemens has released updates to fix the...
Vulnerability fixed in DHCP
A vulnerability has been fixed in DHCP. The vulnerability allows a remote malicious party to cause a denial-of-service. cause. ISC has released updates to fix the vulnerability. More information can be found on the page below: https://kb.isc.org/docs/cve-2021-25217 -= Ubuntu =- Canonical has made...
Vulnerability fixed in SonicWall Network Security Manager
A vulnerability has been fixed in the SonicWall Network Security Manager. The vulnerability allows an authenticated malicious person remotely capable of injecting OS commands by sending a specially-prepared HTTP request. SonicWall has released updates to fix the vulnerability. fix. More informati...
Vulnerability fixed in cURL
A vulnerability has been fixed in cURL. A malicious person at remote user could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party needs to entice a victim to execute a cURL request towar...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. The vulnerability is located in CKEditor and can be exploited by a malicious person abused to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application visited...
Vulnerabilities verhopen in IBM WebSphere Appliction Server
IBM has fixed a vulnerability in WebSphere Application Server Java Batch. A malicious party could potentially exploit it to cause a denial-of-service or to gaining access to sensitive data. To do so, the malicious party induces the server to process a rogue XML file. processing. IBM has released...
Vulnerabilities fixed in Joomla!
Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Access to system data Joomla! has released updates to fix the vulnerabilities. More...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a remote malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Accessing...
Vulnerabilities fixed in the Linux kernel
Vulnerabilities have been fixed in the linux kernel. The vulnerabilities allow a local malicious agent to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Increased user privileges -= Ubuntu =...
Vulnerabilities fixed in Synology DiskStation Manager
Vulnerabilities have been fixed in Synology DiskStation Manager. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Spoofing Access to sensitive data Synology has...
Vulnerability fixed in Salt
A vulnerability has been fixed in Salt. A malicious person could vulnerability potentially exploit it to execute execute arbitrary code. To do this, the malicious party must have the ability to place a rogue file on a Salt monitored device. This file should then be passed through the Snapper modu...
Vulnerabilities fixed in Dell Precision products
Vulnerabilities have been fixed in Dell Precision products. The vulnerabilities allow a local malicious person to obtain elevated rights or to cause a denial-of-service. Dell has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in VMware vCenter Server
Vulnerabilities have been fixed in VMware vCenter Server. The vulnerability with reference CVE-2021-21985 allows an unauthenticated malicious person with access to port 443 of the vSphere HTML5 Client to execute under elevated privileges execute arbitrary code on both the vCenter Server and the...
Vulnerability fixed in Nginx
A vulnerability has been fixed in Nginx. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause and potentially execute arbitrary code by sending a specially prepared DNS response. Nginx is only vulnerable if the "resolver directive" is used in the...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been fixed in runc, a component of Red Hat OpenShift Container Platform. The vulnerability allows a malicious user under certain circumstances to themselves, through a rogue container image, to gain access to the host's file system. For more information about the vulnerability...
Vulnerabilities found in Bluetooth specifications
Researchers have discovered seven vulnerabilities in two components of the Bluetooth standard. Specifically, these are the Bluetooth Core Specification and Bluetooth Mesh Specification 1.0 and 1.0.1. The vulnerabilities allow a malicious person to spoof Bluetooth devices during the pairing proces...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities allow a malicious person possibly unauthenticated and remote to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. The vulnerabilities allow a malicious person possibly unauthenticated and remote able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Circumvention of security measure Remote code executi...
Vulnerability fixed in Apache Cassandra
A vulnerability has been found in Apache Cassandra. The vulnerability allows a local malicious person to obtain to obtain sensitive information. Apache categorizes this vulnerability according to the CVSSv3 method with a score of 5.9. Apache has released updates to fix the vulnerability. More...
Vulnerability fixed in Huawei S5700 switch series
Huawei has fixed a vulnerability in its S5700 switch series. A remote malicious person could exploit the vulnerability to cause a denial-of-service attack. Huawei categorizes this vulnerability according to the CVSSv3 method with a score of 6.5. Huawei has released updates to fix the vulnerabilit...
Vulnerability fixed in QNAP QTS
QNAP has fixed a vulnerability in the QTS operating system. The vulnerability allows a local malicious person to perform a so-called path-traversal attack. In the event of a successful attack, a malicious party can compromise the integrity of files. QNAP has released updates to fix the...
Vulnerability fixed in Confluence
A vulnerability has been fixed in JIRA. The vulnerability allows a local malicious agent the ability to execute arbitrary code execute under application privileges. JIRA has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability found in Mozilla Firefox
Researchers have found a vulnerability in Mozilla Firefox. The vulnerability allows a remote malicious person to execute arbitrary JavaScript code in the context of the web browser. To exploit this vulnerability, a malicious person to induce the victim to visit a rogue server. visit. Then, the...