4197 matches found
Vulnerabilities fixed in GitLab CE and EE
GitLab has fixed several vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive da...
Vulnerability fixed in Moxa NPort 5110 firmware
Moxa has fixed a vulnerability in the NP5110 firmware. The vulnerability potentially allows a malicious party to use the device to forward IP traffic to network segments that the initially did not have access to because the NPort devices facilitated IP forwarding. Moxa has released updates to fix...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. The vulnerability allows a malicious person to execute arbitrary code in the context of the browser if it manages to get the user to visit a rogue page to visit a vulnerable Drupal site. Drupal has released updates to fix the vulnerability. For more...
Vulnerabilities fixed in F5 BIG-IP
Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Cisco ASA and FTD
Vulnerabilities have been fixed in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service or execute arbitrary commands execute in the underlying operating system with the privilege...
Vulnerabilities fixed in BIND
ISC has fixed vulnerabilities in BIND. The vulnerabilities can be be exploited by a remote malicious person to cause a denial-of-service or, in limited circumstances, executing arbitrary code under the privileges of named. Execution of arbitrary code is not possible with the default configuration...
Vulnerability fixed in DB2
IBM has fixed a vulnerability in DB2 including DB2 Connect Server. Because of incorrect file permissions, a local malicious party is able to manipulate arbitrary files and gain access to system data and sensitive data. IBM has released updates to fix the vulnerability in DB2. For more information...
Vulnerabilities fixed in Apple Safari
Vulnerabilities have been fixed in Apple Safari. The vulnerabilities potentially allow a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to induce the user to visit a rogue page. Also, a malicious party in this way can cause the syst...
Vulnerabilities fixed in NVidia drivers and tools
NVidia has fixed several vulnerabilities in the drivers and tools of GPU video cards. Malicious parties can exploit the vulnerabilities exploit them to cause a denial-of-service, obtain obtain system data, or execute arbitrary code under the GPU's privileges. Because GPU drivers sit very close to...
Vulnerability fixed in Citrix ShareFile
A vulnerability has been fixed in the storage zones controller of Citrix ShareFile. The vulnerability allows an unauthenticated remote malicious party to obtain a sensitive data obtain. It is good practice to place these storage zone controllers in the in-house network with DMZ tooling to protect...
Vulnerabilities fixed in macOS
Apple has fixed a large number of vulnerabilities in Apple macOS Big Sur 11, Catalina 10.15 and Mojave 10.14. A malicious person can exploit the vulnerabilities to cause the following categories of damage cause: Circumvention of security measure. Remote code execution Administrator/Root rights...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...
Vulnerabilities fixed in Apple iOS and iPadOS
The vulnerabilities enable a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root rights Remote code execution User rights Spoofing Accessing sensitive data Access to system data...
Vulnerabilities fixed in the Linux kernel
Fedora has fixed vulnerabilities in the Linux kernel and associated tooling. A malicious person could exploit them to cause a denial-of-service, or gain access to information in kernel memory. -= Fedora =- Fedora has made updates available for Fedora 32 and 33. You can install these updates using...
Multiple vulnerabilities fixed in RedHat OpenShift
Red Hat has fixed multiple vulnerabilities in the jackson databind of their OpenShift Container platform for RHEL 8. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data or execute arbitrary code under the privileges of the application. Many of t...
Vulnerability fixed in OpenVPN
A vulnerability has been fixed in OpenVPN. A malicious party could exploit the vulnerability to bypass authentication on an OpenVPN server configured to use "deferred authentication." Also, the malicious party can gain access gain access to information about the VPN settings. See the page below f...
Update mechanism Passwordstate compromised
Click Studios, the manufacturer of Passwordstate, has announced announced that its automatic update mechanism has been abused to offer malicious files for download. If you meet these criteria: - you are currently using version 9.1 build 9117, - Passwordstate applies updates automatically, - and t...
Vulnerabilities fixed in IBM Spectrum Protect
IBM has fixed several vulnerabilities in Spectrum Protect and added third-party tools. A malicious party can exploit the exploit vulnerabilities to cause the following types of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code execution User...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. An unauthenticated remote malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. For this vulnerabilit...
Vulnerability fixed in IBM WebSphere
IBM has fixed a vulnerability in WebSphere Application Server. A remote malicious person could exploit the vulnerability to obtain sensitive information or cause a denial-of-service DoS. To do this, the malicious party must attach a rogue XML file to the WebSphere Application Server. offer. IBM h...
Vulnerability fixed in SonicWall Email Security
SonicWall has fixed a vulnerability in Email Security. A authenticated malicious party can exploit the vulnerability to be able to read arbitrary files on the vulnerable system. SonicWall has released updates to fix the vulnerability in Email Security on Premise and Hosted v10.0.9. For more...
Vulnerabilities fixed in Oracle Supply Chain
Vulnerabilities have been fixed in Oracle Supply Chain Suite. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle E-Business Suite
Vulnerabilities have been fixed in Oracle E-Business Suite. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...
Vulnerabilities fixed in Oracle VirtualBox
Vulnerabilities have been fixed in Oracle Virtualization. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to sensitive...
Vulnerabilities fixed in Oracle Solaris
Vulnerabilities have been fixed in Oracle Solaris. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Communications
Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Increased user...
Vulnerabilities fixed in Oracle Java SE
Vulnerabilities have been fixed in Oracle Java. The vulnerabilities allow an unauthenticated remote malicious person to obtain system data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------|...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Aruba has fixed multiple vulnerabilities in ClearPass Policy Manager. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...
Vulnerability fixed in Oracle SQL developer
A vulnerability has been fixed in Oracle SQL Developer. The vulnerability allows an unauthenticated remote malicious person able to access and manipulate sensitive data. data to be manipulated. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to...
Vulnerabilities fixed in Aruba AirWave Management Platform
Aruba Networks has fixed multiple vulnerabilities in AirWave Management Platform. The vulnerabilities allow a remote malicious remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges SQL...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to sensitive data Access to system da...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the rights of the application or cause a denial-of-service. To do this, the malicious party must induce the victim to visit a malicious...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious person to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...
Vulnerabilities fixed in Oracle Enterprise Manager
Vulnerabilities have been fixed in Oracle Enterprise Manager. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Accessing...
Vulnerabilities fixed in Oracle PeopleSoft
Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Actively exploited vulnerability found in Pulse Connect Secure
A vulnerability has been found in Pulse Connect Secure. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Pulse Connect Secure system. The vulnerability has a CVSS3.1 score of 10. Pulse Secure...
Vulnerability fixed in x.org
A vulnerability has been fixed in X.org. A malicious person could exploit the vulnerability to appropriate elevated privileges within the X server and thus potentially execute arbitrary code with application privileges. Under usual circumstances, an X server runs with limited permissions. -= Debi...
Vulnerability fixed in IBM WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. It involves an XML External Entity Injection XXE vulnerability. An unauthenticated remote malicious person could potentially exploit the vulnerability to gain access to sensitive data. In addition, the vulnerability could be exploited...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR and Thunderbird. The vulnerabilities can be exploited by a malicious be exploited to cause a denial-of-service, access gain access to data in the context of the application, or to potentially execute arbitrary code with application...
Vulnerabilities fixed in Node.js
Several vulnerabilities have been fixed in Node.js. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. In addition, the vulnerabilities could be exploited to perform a prototype pollution attack. Depending on the Node.js application, this could...
Vulnerabilities fixed in QEMU
Several vulnerabilities have been fixed in QEMU. A malicious person can exploit the vulnerabilities to cause a denial-of-service cause, both in the guest system and the host system. Also a malicious party could potentially access memory that is allocated to guest systems other than his own. -= SU...
Vulnerability fixed in VMware NSX-T
VMware has fixed a vulnerability in NSX-T. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. VMware has released updates to fix the vulnerability in NSX-T 3.1.2. For more information, see:...
Vulnerability fixed in LibreOffice
LibreOffice has fixed a vulnerability. A malicious party can bypass the deny-list in the Windows version and execute arbitrary code execute under user privileges by inserting a rogue hyperlink into a document. The Document Foundation has released updates to fix the vulnerability in LibreOffice...
Vulnerabilities fixed in Juniper Junos OS
Juniper Networks has fixed multiple vulnerabilities in Junos OS and Junos OS Evolved for SRX and NFX series devices, among others. The vulnerabilities potentially enable a malicious party to execute attacks that result in the categories of damage. For each category, the CVE features that are...
Vulnerabilities fixed in Juniper Junos Space
Juniper Networks has fixed vulnerabilities in Junos Space. The include vulnerabilities in Junos Space itself as well as vulnerabilities in third-party software. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Si...