4179 matches found
Vulnerabilities fixed in Adobe products
Adobe has released security updates for Adobe Acrobat Reader and Adobe Acrobat DC for Windows and macOS. These updates fix multiple critical and important vulnerabilities. Successful misuse can lead to execution of arbitrary code in the context of the current user, obtaining elevated privileges...
Vulnerability fixed in Citrix Workspace
A vulnerability has been fixed in Citrix Workspace that could cause cause a local user to escalate his or her privilege level escalates to SYSTEM on the computer running the Citrix Workspace app for Windows is running. Citrix has made an update available to fix the vulnerability. fix. For more...
Vulnerabilities fixed in Xerox WorkCentre
Vulnerabilities have been fixed in Xerox WorkCentre. The vulnerabilities allow a remote malicious person to execute arbitrary code. There are no known CVE numbers for these vulnerabilities. Xerox has released updates to fix the vulnerabilities. More information can be found on the page below:...
BlackBerry UEM
Vulnerabilities have been fixed in BlackBerry UEM. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data BlackBerry categorizes these...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Spoofing Remote code execution User rights Access to sensitive data Below is a summary of the various...
Vulnerability fixed in Microsoft Dynamics 365 for Finance and Operations
A vulnerability has been fixed in Dynamics 365 for Finance and Operations. An authenticated malicious party can exploit the vulnerability exploit it to perform Cross-Site-Scripting XSS on a logged-in user. Such an attack could result in the execution of arbitrary script code in the browser used t...
Vulnerabilities fixed in Siemens SCALANCE W1750D (Aruba Instant Access Points)
Vulnerabilities have been fixed in Siemens SCALANCE W1750D. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication Circumvention of security measure Remote code...
Vulnerabilities fixed in Squid
Vulnerabilities have been fixed in Squid. The vulnerabilities allow a remote malicious person to perform attacks that lead to a denial-of-service. The developers of Squid categorize these vulnerabilities according to the CVSSv3 method with a highest score of 8.8. The developers of Squid have...
Vulnerability fixed in Microsoft Internet Explorer
Microsoft has fixed a vulnerability in Internet Explorer. A malicious person could exploit the vulnerability to execute arbitrary code in the context of the browser. The malicious needs to entice the user to visit a web page which contains the malicious code. Microsoft has made updates available...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: Cause a denial-of-service, Bypass security measures, Execute arbitrary code, Obtain elevated privileges, Access sensitive data, Impersonate another user. The vulnerabilities...
Vulnerabilities fixed in Microsoft Exchange
Vulnerabilities have been fixed in Microsoft Exchange. A malicious party could exploit the vulnerabilities to execute arbitrary code under the application's privileges, or possibly impersonate possibly impersonate another user. For the vulnerability with attribute CVE-2021-31207, Proof-of-Concept...
Vulnerability fixed in SAP NetWeaver
A vulnerability has been fixed in SAP NetWeaver. The vulnerability allows a malicious party to remotely execute arbitrary code execute. As usual, SAP is making few details publicly available. SAP has released updates to fix the vulnerabilities. More information can be found at:...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Increased user privileges .NET Core & Visual Studio:...
Vulnerabilities fixed in Google Chrome for desktop
Vulnerabilities have been fixed in Google Chrome for desktop. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data As usual, Google makes few...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Increased user privileges Siemens categorizes...
Vulnerabilities fixed in Xerox WorkCentre
Vulnerabilities have been fixed in Xerox WorkCentre. The vulnerabilities allow a remote malicious person to access to sensitive data and cause a denial-of-service cause. Xerox has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in Foxit products
A vulnerability has been fixed in Foxit products. The vulnerability allows an unauthenticated remote malicious person able to cause a denial-of-service with potentially the execution of arbitrary code under user privileges. The malicious party to do this must induce the victim to open a rogue fil...
Vulnerabilities fixed in Atlassian Confluence
Vulnerabilities have been fixed in Atlassian Confluence Server. The vulnerabilities allow an authenticated remote malicious agent to remote user to gain access to system data and to execute arbitrary code under the user's privileges. Atlassian has released updates to address the vulnerabilities...
Vulnerabilities fixed in MariaDB
Vulnerabilities have been fixed in MariaDB. An authenticated malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. MariaDB has released updates to fix the vulnerabilities in 10.2.38 and 10.3.29. For more information, see:...
Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client
Vulnerabilities have been fixed in Cisco AnyConnect Secure Mobility Client. The vulnerability with CVE attribute CVE-2021-1519 allows a local malicious person able to overwrite VPN profiles. The remaining vulnerabilities apply only to the Windows client, whereby a local malicious agent, by...
Vulnerabilities fixed in Cisco Unified Communications Manager
Vulnerabilities have been fixed in Cisco Unified Communications Manager. An authenticated malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-1478 potentially exploit it to cause a Denial-of-Service attack. To do so, the Java Management Extensions JMX network...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit them to cause a denial-of-service or execute arbitrary execute arbitrary code with the privileges of the logged-in user. The vulnerability with CVE attribute CVE-2021-29951...
Vulnerabilities fixed in Cisco Content Security Management Appliance
Vulnerabilities have been fixed in several Cisco security appliances. A malicious party could exploit the vulnerability to obtain sensitive information or to execute commands execute commands on the underlying system under root privileges. To exploit this latter vulnerability, the malicious party...
Vulnerabilities fixed in Redis
Two vulnerabilities have been fixed in Redis. A malicious person could potentially exploit the vulnerability to cause a denial-of-service cause or potentially execute arbitrary code with the privileges of the application. Redis has released updates to fix the vulnerabilities. For more information...
Vulnerabilities fixed in libxml2
Several vulnerabilities have been fixed in libxml2. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service in an application that uses of this library by submitting a rogue XML file for processing. submit. -= SUSE =- SUSE has made updates available to fix the...
Vulnerability found in Dell firmware update driver
A vulnerability has been fixed in the Dell dbutil23.sys driver for Windows systems. This driver has been installed by default on all Dell laptop and desktop systems since 2009. A local malicious person could, by exploiting this vulnerability to gain SYSTEM privileges on the vulnerable system. For...
Vulnerabilities fixed in Exim
Vulnerabilities have been fixed in Exim. Collectively, these vulnerabilities named "21nails." The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Remote code executio...
Vulnerability fixed in Apple products
Vulnerabilities have been fixed in several Apple products. The vulnerabilities potentially allow a remote malicious person to able to execute arbitrary code in the context of the application if he manages to get the user to visit a rogue page visit. The vulnerabilities with CVE characteristics...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerabilities fixed in Samsung products
Several vulnerabilities have been fixed in various Android-based products from Samsung. The vulnerabilities allow a malicious person, remotely or otherwise, to carry out attacks that lead to the following categories of damage: Manipulation of data Circumvention of security measure Remote code...
Vulnerabilities fixed in Sophos UTM
Several vulnerabilities have been fixed in Sophos UTM. A malicious party could potentially exploit these vulnerabilities to cause a Denial-of-Service or execute arbitrary code with the application's permissions. Sophos has released updates to fix the vulnerabilities in UTM 9.706. For more...
Vulnerabilities fixed in GitLab CE and EE
GitLab has fixed several vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive da...
Vulnerabilities fixed in BIND
ISC has fixed vulnerabilities in BIND. The vulnerabilities can be be exploited by a remote malicious person to cause a denial-of-service or, in limited circumstances, executing arbitrary code under the privileges of named. Execution of arbitrary code is not possible with the default configuration...
Vulnerability fixed in Moxa NPort 5110 firmware
Moxa has fixed a vulnerability in the NP5110 firmware. The vulnerability potentially allows a malicious party to use the device to forward IP traffic to network segments that the initially did not have access to because the NPort devices facilitated IP forwarding. Moxa has released updates to fix...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. The vulnerability allows a malicious person to execute arbitrary code in the context of the browser if it manages to get the user to visit a rogue page to visit a vulnerable Drupal site. Drupal has released updates to fix the vulnerability. For more...
Vulnerability fixed in Snort
Cisco has fixed a vulnerability in Snort. A unauthenticated remote malicious agent could potentially exploit it to bypass a configured policy for HTTP traffic bypassing. As a result, rogue traffic might be not be properly processed by Snort. Cisco has released updates to fix the vulnerability in...
Vulnerabilities fixed in F5 BIG-IP
Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Cisco ASA and FTD
Vulnerabilities have been fixed in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service or execute arbitrary commands execute in the underlying operating system with the privilege...
Vulnerabilities fixed in the Linux kernel
Fedora has fixed vulnerabilities in the Linux kernel and associated tooling. A malicious person could exploit them to cause a denial-of-service, or gain access to information in kernel memory. -= Fedora =- Fedora has made updates available for Fedora 32 and 33. You can install these updates using...
Vulnerabilities fixed in Apple iOS and iPadOS
The vulnerabilities enable a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root rights Remote code execution User rights Spoofing Accessing sensitive data Access to system data...
Vulnerabilities fixed in Apple Safari
Vulnerabilities have been fixed in Apple Safari. The vulnerabilities potentially allow a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to induce the user to visit a rogue page. Also, a malicious party in this way can cause the syst...
Vulnerability fixed in Citrix ShareFile
A vulnerability has been fixed in the storage zones controller of Citrix ShareFile. The vulnerability allows an unauthenticated remote malicious party to obtain a sensitive data obtain. It is good practice to place these storage zone controllers in the in-house network with DMZ tooling to protect...
Vulnerability fixed in DB2
IBM has fixed a vulnerability in DB2 including DB2 Connect Server. Because of incorrect file permissions, a local malicious party is able to manipulate arbitrary files and gain access to system data and sensitive data. IBM has released updates to fix the vulnerability in DB2. For more information...
Vulnerabilities fixed in macOS
Apple has fixed a large number of vulnerabilities in Apple macOS Big Sur 11, Catalina 10.15 and Mojave 10.14. A malicious person can exploit the vulnerabilities to cause the following categories of damage cause: Circumvention of security measure. Remote code execution Administrator/Root rights...
Multiple vulnerabilities fixed in RedHat OpenShift
Red Hat has fixed multiple vulnerabilities in the jackson databind of their OpenShift Container platform for RHEL 8. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data or execute arbitrary code under the privileges of the application. Many of t...
Vulnerabilities fixed in NVidia drivers and tools
NVidia has fixed several vulnerabilities in the drivers and tools of GPU video cards. Malicious parties can exploit the vulnerabilities exploit them to cause a denial-of-service, obtain obtain system data, or execute arbitrary code under the GPU's privileges. Because GPU drivers sit very close to...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...
Vulnerability fixed in OpenVPN
A vulnerability has been fixed in OpenVPN. A malicious party could exploit the vulnerability to bypass authentication on an OpenVPN server configured to use "deferred authentication." Also, the malicious party can gain access gain access to information about the VPN settings. See the page below f...
Vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed several vulnerabilities in Spectrum Protect and added third-party tools. A malicious party can exploit the exploit vulnerabilities to cause the following types of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code execution User...
Update mechanism Passwordstate compromised
Click Studios, the manufacturer of Passwordstate, has announced announced that its automatic update mechanism has been abused to offer malicious files for download. If you meet these criteria: - you are currently using version 9.1 build 9117, - Passwordstate applies updates automatically, - and t...