4179 matches found
Vulnerability fixed in Linux kernel
A vulnerability has been fixed in the Linux kernel. A local, authenticated malicious person can, by exploiting this vulnerability to gain root privileges on the vulnerable system. -= Fedora =- Fedora has made updates available for Fedora 33 and 34. You can install these updates using the command...
Vulnerability fixed in NetApp Clustered Data ONTAP
NetApp has fixed a vulnerability in Clustered Data ONTAP. A remote malicious party could potentially exploit it to cause a denial-of-service. Few substantive details about the vulnerability publicly available made available. NetApp has released updates to fix the vulnerability in Clustered Data...
Vulnerability fixed in Squid
A vulnerability has been fixed in Squid. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause cause a denial-of-service. To do this, a rogue HTTP response message should be sent to the Squid service. The developers have released updates to fix the...
Vulnerabilities fixed in Red Hat Openshift Container Platform
Red Hat has released updates to a large number of packages for its OpenShift Container Platform. The packages include several applications for which security advisories have previously been written, but for which Red Hat is now releasing a bundle for OpenShift 4.7.13 Malicious parties can exploit...
Vulnerabilities fixed in XWiki
Vulnerabilities have been fixed in XWiki. The vulnerabilities allow an authenticated malicious person to execute scripts without having the necessary permissions to do so. In addition, a malicious person with inactive account could bypass a security measure that allows access to the account to be...
Vulnerabilities fixed in IBM Cognos
IBM has fixed vulnerabilities in Cognos Analytics. The vulnerabilities allow an unauthenticated malicious person, possibly remotely, be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access...
Vulnerability fixed in SonicWall Network Security Manager
A vulnerability has been fixed in the SonicWall Network Security Manager. The vulnerability allows an authenticated malicious person remotely capable of injecting OS commands by sending a specially-prepared HTTP request. SonicWall has released updates to fix the vulnerability. fix. More informati...
Vulnerability fixed in Siemens SIMATIC
Siemens has fixed a vulnerability in several SIMATIC products. An unauthenticated malicious person with access to TCP port 102 could potentially exploit the vulnerability to manipulate system memory, execute arbitrary code and gain access to system data. Siemens has released updates to fix the...
Vulnerability fixed in cURL
A vulnerability has been fixed in cURL. A malicious person at remote user could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party needs to entice a victim to execute a cURL request towar...
Vulnerability fixed in DHCP
A vulnerability has been fixed in DHCP. The vulnerability allows a remote malicious party to cause a denial-of-service. cause. ISC has released updates to fix the vulnerability. More information can be found on the page below: https://kb.isc.org/docs/cve-2021-25217 -= Ubuntu =- Canonical has made...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. The vulnerability is located in CKEditor and can be exploited by a malicious person abused to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application visited...
Vulnerability fixed in Salt
A vulnerability has been fixed in Salt. A malicious person could vulnerability potentially exploit it to execute execute arbitrary code. To do this, the malicious party must have the ability to place a rogue file on a Salt monitored device. This file should then be passed through the Snapper modu...
Vulnerabilities fixed in VMware vCenter Server
Vulnerabilities have been fixed in VMware vCenter Server. The vulnerability with reference CVE-2021-21985 allows an unauthenticated malicious person with access to port 443 of the vSphere HTML5 Client to execute under elevated privileges execute arbitrary code on both the vCenter Server and the...
Vulnerabilities verhopen in IBM WebSphere Appliction Server
IBM has fixed a vulnerability in WebSphere Application Server Java Batch. A malicious party could potentially exploit it to cause a denial-of-service or to gaining access to sensitive data. To do so, the malicious party induces the server to process a rogue XML file. processing. IBM has released...
Vulnerabilities fixed in Dell Precision products
Vulnerabilities have been fixed in Dell Precision products. The vulnerabilities allow a local malicious person to obtain elevated rights or to cause a denial-of-service. Dell has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Joomla!
Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Access to system data Joomla! has released updates to fix the vulnerabilities. More...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a remote malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Accessing...
Vulnerabilities fixed in Synology DiskStation Manager
Vulnerabilities have been fixed in Synology DiskStation Manager. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Spoofing Access to sensitive data Synology has...
Vulnerabilities fixed in the Linux kernel
Vulnerabilities have been fixed in the linux kernel. The vulnerabilities allow a local malicious agent to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Increased user privileges -= Ubuntu =...
Vulnerability fixed in Nginx
A vulnerability has been fixed in Nginx. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause and potentially execute arbitrary code by sending a specially prepared DNS response. Nginx is only vulnerable if the "resolver directive" is used in the...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been fixed in runc, a component of Red Hat OpenShift Container Platform. The vulnerability allows a malicious user under certain circumstances to themselves, through a rogue container image, to gain access to the host's file system. For more information about the vulnerability...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. The vulnerabilities allow a malicious person possibly unauthenticated and remote able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Circumvention of security measure Remote code executi...
Vulnerabilities found in Bluetooth specifications
Researchers have discovered seven vulnerabilities in two components of the Bluetooth standard. Specifically, these are the Bluetooth Core Specification and Bluetooth Mesh Specification 1.0 and 1.0.1. The vulnerabilities allow a malicious person to spoof Bluetooth devices during the pairing proces...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities allow a malicious person possibly unauthenticated and remote to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...
Vulnerability fixed in Apache Cassandra
A vulnerability has been found in Apache Cassandra. The vulnerability allows a local malicious person to obtain to obtain sensitive information. Apache categorizes this vulnerability according to the CVSSv3 method with a score of 5.9. Apache has released updates to fix the vulnerability. More...
Vulnerability fixed in Confluence
A vulnerability has been fixed in JIRA. The vulnerability allows a local malicious agent the ability to execute arbitrary code execute under application privileges. JIRA has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability found in Mozilla Firefox
Researchers have found a vulnerability in Mozilla Firefox. The vulnerability allows a remote malicious person to execute arbitrary JavaScript code in the context of the web browser. To exploit this vulnerability, a malicious person to induce the victim to visit a rogue server. visit. Then, the...
Vulnerability fixed in Huawei S5700 switch series
Huawei has fixed a vulnerability in its S5700 switch series. A remote malicious person could exploit the vulnerability to cause a denial-of-service attack. Huawei categorizes this vulnerability according to the CVSSv3 method with a score of 6.5. Huawei has released updates to fix the vulnerabilit...
Vulnerability fixed in QNAP QTS
QNAP has fixed a vulnerability in the QTS operating system. The vulnerability allows a local malicious person to perform a so-called path-traversal attack. In the event of a successful attack, a malicious party can compromise the integrity of files. QNAP has released updates to fix the...
Vulnerability fixed in Xerox printer drivers
Xerox has fixed a vulnerability in its printer driver for Windows. A remote malicious person could, by exploiting of this vulnerability obtain elevated privileges on the vulnerable system. Few substantive details about the vulnerability have been made publicly available. Xerox has released update...
Vulnerability fixed in Redis
A vulnerability in Redis has been fixed. The vulnerability allows a local malicious agent to cause a denial-of-service cause, potentially executing arbitrary code under rights of the application as a result. Redis developers categorize this vulnerability according to the CVSSv3 method with a scor...
Vulnerabilities fixed in Cisco products
Cisco has fixed a local file inclusion vulnerability in ADE-OS as used to deploy Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE and Cisco Prime Infrastructure. The vulnerability with attribute CVE-2021-1306 enables a local, authenticated malicious party to able...
Vulnerabilities fixed in the Linux kernel
Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a local malicious agent to obtain elevated privileges or cause a denial-of-service cause. Fedora has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Cisco Finesse
Vulnerabilities have been fixed in Cisco Finesse. The vulnerability with reference CVE-2021-1254 allows an authenticated malicious person remotely capable of executing a Cross-Site scripting attack and thereby executing arbitrary code under the privileges of the user. The vulnerability with...
Hiding vulnerabilities in python3
Vulnerabilities have been fixed in python3. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights -= Red Hat =- Red Hat has made updates available...
Vulnerability fixed in Dell Remote Access Controller (iDRAC).
A vulnerability has been fixed in Dell Remote Access Controller iDRAC. The vulnerability allows a remote malicious person to able to bypass authentication. With exploiting this vulnerability, the malicious party gains access to the virtual console of iDRAC. iDRAC is a management environment. It i...
Vulnerability fixed in Huawei S5700 switch series
Huawei has fixed a vulnerability in its S5700 switch series. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a Denial-of-Service. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Keycloak
A vulnerability has been fixed in Keycloak. The vulnerability allows a malicious party to obtain sensitive data and potentially gain elevated privileges as well. Keycloak's developers have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerability fixed in Huawei CloudEngine
A vulnerability has been fixed in several Huawei CloudEngine products. The vulnerability allows a malicious party to capable of causing a denial-of-service. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Vulnerabilities have been fixed in Red Hat OpenShift. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing sensitive data Accessing...
Vulnerabilities fixed in QEMU and libvirt
Vulnerabilities have been fixed in QEMU and libvirt. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges -= Red Hat =- Red Hat...
Vulnerabilities fixed in Red Hat kernel
Red Hat has fixed vulnerabilities in its kernel. The vulnerabilities allow a local malicious party to circumvent a security measure to bypass and to cause a denial-of-service cause. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can install these updates usin...
Vulnerabilities fixed in Liferay Portal
Vulnerabilities have been fixed in Liferay Portal. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure...
Vulnerabilities fixed in Wordpress
Wordpress has fixed two vulnerabilities in the standard included PHPMailer module. A remote malicious party can exploit the exploit the vulnerabilities to execute arbitrary code under the application's permissions, potentially gaining access gain access to sensitive information within the scope o...
Vulnerability fixed in Graphviz
Graphviz developers have fixed a vulnerability. A malicious party could exploit the vulnerability to execute arbitrary code with the rights of the calling process. The malicious party needs to submit a rogue file to Graphviz to do this. to Graphviz. If Graphviz is used in a web environment, this...
Vulnerabilities fixed in AWStats
Vulnerabilities have been fixed in AWStats. An unauthenticated malicious party could exploit the vulnerabilities to perform a path traversal attack that could gain access to arbitrary files. In doing so, the vulnerabilities can only exploited only to read key/value pairs that can be parsed by...
Vulnerabilities fixed in Adobe products
Adobe has fixed several vulnerabilities in After Effects, Creative Cloud, Illustrator, InDesign and Media Encoder. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access...
Legal vulnerabilities fixed in RedHat AMQ Streams
Red Hat has fixed vulnerabilities in AMQ Stream 1.6.4. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access via path-traversal to potentially sensitive data. -= Red Hat =- Red Hat has made updates available for Red Hat AMQ Stream. U can install these...
Vulnerabilities fixed in Schneider Electric products
Vulnerabilities have been fixed in Schneider Electric products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Administrator/Root...