Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. An unauthenticated remote malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. For this vulnerabilit...

Vulnerability fixed in IBM WebSphere

IBM has fixed a vulnerability in WebSphere Application Server. A remote malicious person could exploit the vulnerability to obtain sensitive information or cause a denial-of-service DoS. To do this, the malicious party must attach a rogue XML file to the WebSphere Application Server. offer. IBM h...

Vulnerabilities fixed in Oracle Supply Chain

Vulnerabilities have been fixed in Oracle Supply Chain Suite. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Oracle Solaris

Vulnerabilities have been fixed in Oracle Solaris. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Oracle Financial Services Applications

Vulnerabilities have been fixed in Oracle Financial Services Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive data...

Vulnerability fixed in SonicWall Email Security

SonicWall has fixed a vulnerability in Email Security. A authenticated malicious party can exploit the vulnerability to be able to read arbitrary files on the vulnerable system. SonicWall has released updates to fix the vulnerability in Email Security on Premise and Hosted v10.0.9. For more...

Vulnerabilities fixed in Aruba AirWave Management Platform

Aruba Networks has fixed multiple vulnerabilities in AirWave Management Platform. The vulnerabilities allow a remote malicious remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges SQL...

Vulnerability fixed in Oracle SQL developer

A vulnerability has been fixed in Oracle SQL Developer. The vulnerability allows an unauthenticated remote malicious person able to access and manipulate sensitive data. data to be manipulated. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...

Vulnerabilities fixed in Oracle Java SE

Vulnerabilities have been fixed in Oracle Java. The vulnerabilities allow an unauthenticated remote malicious person to obtain system data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------|...

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Increased user...

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Aruba has fixed multiple vulnerabilities in ClearPass Policy Manager. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the rights of the application or cause a denial-of-service. To do this, the malicious party must induce the victim to visit a malicious...

Vulnerabilities fixed in Oracle VirtualBox

Vulnerabilities have been fixed in Oracle Virtualization. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to sensitive...

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to...

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data...

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Accessing...

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious person to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Oracle JD Edwards

Vulnerabilities have been fixed in Oracle JD Edwards. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Oracle MySQL

Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to sensitive data Access to system da...

Actively exploited vulnerability found in Pulse Connect Secure

A vulnerability has been found in Pulse Connect Secure. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Pulse Connect Secure system. The vulnerability has a CVSS3.1 score of 10. Pulse Secure...

Vulnerabilities fixed in Node.js

Several vulnerabilities have been fixed in Node.js. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. In addition, the vulnerabilities could be exploited to perform a prototype pollution attack. Depending on the Node.js application, this could...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR and Thunderbird. The vulnerabilities can be exploited by a malicious be exploited to cause a denial-of-service, access gain access to data in the context of the application, or to potentially execute arbitrary code with application...

Vulnerability fixed in IBM WebSphere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. It involves an XML External Entity Injection XXE vulnerability. An unauthenticated remote malicious person could potentially exploit the vulnerability to gain access to sensitive data. In addition, the vulnerability could be exploited...

Vulnerability fixed in x.org

A vulnerability has been fixed in X.org. A malicious person could exploit the vulnerability to appropriate elevated privileges within the X server and thus potentially execute arbitrary code with application privileges. Under usual circumstances, an X server runs with limited permissions. -= Debi...

Vulnerabilities fixed in QEMU

Several vulnerabilities have been fixed in QEMU. A malicious person can exploit the vulnerabilities to cause a denial-of-service cause, both in the guest system and the host system. Also a malicious party could potentially access memory that is allocated to guest systems other than his own. -= SU...

Vulnerability fixed in LibreOffice

LibreOffice has fixed a vulnerability. A malicious party can bypass the deny-list in the Windows version and execute arbitrary code execute under user privileges by inserting a rogue hyperlink into a document. The Document Foundation has released updates to fix the vulnerability in LibreOffice...

Vulnerability fixed in VMware NSX-T

VMware has fixed a vulnerability in NSX-T. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. VMware has released updates to fix the vulnerability in NSX-T 3.1.2. For more information, see:...

Vulnerabilities fixed in Juniper Junos OS

Juniper Networks has fixed multiple vulnerabilities in Junos OS and Junos OS Evolved for SRX and NFX series devices, among others. The vulnerabilities potentially enable a malicious party to execute attacks that result in the categories of damage. For each category, the CVE features that are...

Vulnerabilities fixed in Juniper Junos Space

Juniper Networks has fixed vulnerabilities in Junos Space. The include vulnerabilities in Junos Space itself as well as vulnerabilities in third-party software. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Si...

Vulnerabilities fixed in McAfee Endpoint Security

Due to cleartext transfer of sensitive information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers that use DNS use, a remote attacker can view ENS requests and responses from GTI via DNS. McAfee has released...

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform an XML External Entity XXE attack. This vulnerability is located in the way uploaded MP3 files are processed ...

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed several vulnerabilities in BIG-IP. A unauthenticated malicious party could potentially exploit them to cause a denial-of-service. F5 has released updates to fix the vulnerabilities. For more information, see: CVE-2021-22975: https://support.f5.com/csp/article/K21971977 CVE-2021-22977...

Vulnerability fixed in Cisco IOS XR

Due to a vulnerability in the CLI of Cisco IOS XR 64-bit software allows an authenticated, local attacker to inject arbitrary commands inject arbitrary commands executed with root privileges on the underlying Linux operating system OS of an affected device. Cisco has released updates to fix the...

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed several vulnerabilities in Jira. A unauthenticated remote malicious person can exploit the vulnerabilities exploit them to gain access to information about the system or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code...

Vulnerabilities fixed in Juniper JunOS

A Race Condition vulnerability in the firewall process dfwd of Juniper Networks Junos OS allows an attacker to bypass the firewall rulesets to bypass CVE-2021-0247. A vulnerability in the forwarding of TCPv6 transit packets received on the Ethernet management interface of Juniper Networks Junos O...

Vulnerabilities fixed in SUSE Linux Enterprise kernel

SUSE developers have fixed several vulnerabilities in the Linux kernel as used in SUSE Linux Enterprise. The vulnerabilities potentially enable a local malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the permissions of the application or gain access to sensitive data in the context of the application. To do so, the malicious party...

Vulnerabilities fixed in Juniper Junos OS

Juniper has fixed vulnerabilities in Junos OS. The vulnerabilities allow a remote malicious person to to bypass a security measure and to cause a denial-of-service cause Juniper has released updates to fix the vulnerabilities. More information can be found on the pages below:...

Vulnerability fixed in Cisco AnyConnect Secure Mobility Client

A vulnerability in the IPC channel of Cisco AnyConnect Secure Mobility Client, an authenticated, local attacker can cause a Denial-of-Service DoS exploit on an affected device. To exploit this security vulnerability, the attacker must have have valid login credentials on the device. Cisco has...

Vulnerability fixed in DELL PowerEdge and X-series

DELL has fixed a vulnerability in the firmware of their PowerEdge and X-series systems. Weak encryption allowed an unauthenticated malicious person to obtain the login credentials of another user and thereby gain elevated privileges. DELL has released updates to fix the vulnerability in PowerEdge...

Vulnerabilities fixed in PAN-OS

A security vulnerability exists regarding log files in Palo Alto Networks PAN-OS software, in which the connection details for a scheduled configuration export are recorded recorded in system logs. PAN-OS developers have issued updates to PAN-OS to address the vulnerabilities. More information...

Vulnerabilities fixed in GitLab CE and EE

GitLab has fixed two vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities could be exploited by a malicious person with rights to upload files could be exploited to execute arbitrary code with permissions from the GitLab Service. A CVE ID is not yet known for on...

Vulnerability fixed in NetApp products

Several NetApp products include Lodash. Lodash versions up to and including 4.17.15 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information, the addition or modification of data, or Denial of Service DoS. NetApp has released update...

Vulnerability fixed in Mendix

The latest updates to Mendix fix a vulnerability that allows malicious authorized users can increase their privileges increase their privileges. Remove the authority to manage user roles for non-administrator roles to mitigate this security vulnerability for non-administrator users as a mitigatin...

Vulnerability fixed in Tomcat

Two vulnerabilities have been discovered in the Tomcat servlet and the JSP engine, which could lead to information disclosure or denial of service. -= Debian =- Debian has made updates to tomcat9 available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages ...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the rights of the application. To do this, the malicious party needs to victim to visit a rogue Web page. Google has indicated that for...

Vulnerabilities fixed in Microsoft Azure products

Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities allow an unauthenticated remote malicious person to remote user to execute arbitrary code and obtain elevated permissions. Open Source Software: |----------------|------|-------------------------------------| | CVE ID | CV...