4179 matches found
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Accessing sensitive data. Execution of arbitrary code User Rights Denial-of-Service Below is a summary of the...
Vulnerabilities fixed in SAP Netweaver products
Several vulnerabilities have been fixed in SAP Netweaver products. By exploiting the vulnerabilities, a malicious party within the local network to bypass authentication, view sensitive information or cause cross-site scripting and Denial-of-Service. SAP has made updates available to address the...
Vulnerabilities fixed in Microsoft Exchange Server
Vulnerabilities have been fixed in Microsoft Exchange Server. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code on the system. |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Windows
Vulnerabilities have been fixed in Windows. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Impersonating another user Access to sensitive...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Impersonating another user Access to sensitive data Increased use...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution Administrator/Root right...
Vulnerabilities fixed in SonicWall Email Security
Vulnerabilities have been fixed in SonicWall Email Security. The vulnerabilities allow a local malicious person to obtain elevated permissions and to execute arbitrary code under the user's privileges. SonicWall has released updates to address the vulnerabilities. fixes. More information can be...
Vulnerability fixed in Forcepoint Web Security
A vulnerability has been fixed in Forcepoint Web Security. A malicious party can exploit the vulnerability to launch an XML External Entity Injection XXE attack when processing of XML data. An external attacker could exploit it to obtain sensitive information. Forcepoint has released updates to...
Vulnerability fixed in WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6441433...
Vulnerability fixed in Tableau Server
A vulnerability has been fixed in Tableau Server. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website redirect when sharing a "view." Salesforce has released updates to fix the vulnerability fix in Tableau Server...
Vulnerability fixed in dnsmasq
A vulnerability has been fixed in dnsmasq.The vulnerability allows a malicious party the ability to perform a DNS Cache Poisoning attack execute on a dnsmasq server. dnsmasq has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in FreeBSD
A vulnerability has been fixed in FreeBSD. The vulnerability allows a locally authenticated malicious person to obtain to obtain system credentials. -= FreeBSD =- FreeBSD has made updates available to fix the vulnerability fix in kernel. More information about these updates can be found at:...
Vulnerability fixed in WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6441063...
Vulnerabilities found in Cisco Unified Communications Manager
Vulnerabilities have been found in Cisco Unified Communications Manager. The vulnerabilities allow a malicious party to manipulate data and obtain sensitive information. Cisco has not yet released updates to address the vulnerabilities. fix. More information can be found on the pages below:...
Vulnerability fixed in Cisco IOS XR
A vulnerability has been fixed in Cisco IOS XR. A authenticated malicious party could potentially exploit it to execute arbitrary commands with root privileges on the underlying operating system. Cisco has released updates to fix the vulnerability in IOS XR. For more information, see:...
Vulnerabilities fixed in ClamAV
Vulnerabilities have been fixed in ClamAV. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the permissions with which the service is running. By exploiting the vulnerability with CVE attribute CVE-2021-1386, a...
Vulnerabilities concealment in Oracle Linux
Vulnerabilities have been fixed in Oracle Linux. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Increased user rights -= Oracle =- Oracle has made updates...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 12 and 15. fixes in SUSE...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to system data Software in the...
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in SUSE kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Live...
Vulnerabilities fixed in WhatsApp
Vulnerabilities have been fixed in WhatsApp. A malicious party could potentially exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service. The vulnerability with CVE attribute CVE-2021-24027 only applies to applicable to WhatsApp for Android and WhatsApp Busines...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in Red Hat kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Increased user privileges -= Red Hat...
Vulnerabilities fixed in xen
Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in SU...
Vulnerability fixed in Huawei CloudEngine switches
A vulnerability has been fixed in Huawei CloudEngine switches. A malicious party could potentially exploit the vulnerability to cause a denial-of-service attack. Huawei has released updates to fix the vulnerability in CloudEngine 5800, 6800, 7800 and 12800 switches. For more information, see:...
Vulnerabilities fixed in MediaWiki
Vulnerabilities have been fixed in MediaWiki. One vulnerability makes it impossible for a blocked user to reset the security token reset. This is problematic when the security token falls into wrong hands. The other two vulnerabilities involve a so-called Cross-Site Scripting XSS. MediaWiki has...
Vulnerability fixed in FortiWeb
A vulnerability has been fixed in FortiWeb. An authenticated malicious party could exploit the vulnerability to obtain plaintext passwords for systems configured via a Web Vulnerability Scan profile. FortiNet has released updates to fix the vulnerability in FortiWeb. For more information, see:...
Vulnerabilities fixed in Samsung products
Vulnerabilities have been fixed in several Samsung products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerability fixed in Android
Vulnerabilities have been fixed in Android Operating System. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution User rights. Access to system data Increased user privileges The vulnerabilities...
Vulnerabilities fixed in Red Hat OpenShift container platform
Red Hat has released version 4.7.5 of its OpenShift Container Platform. A malicious party could potentially exploit them to cause a denial-of-service or execute arbitrary execute arbitrary code with root privileges. -= Red Hat =- Red Hat has made updates available for OpenShift Container Platform...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to obtain sensitive data. This security advisory addresses two OpenSSL vulnerabilities that also appear in security advisory NCSC-2021-0259. For this reason, they are not included in the probability damage...
Vulnerability fixed in HP Integrated Lights Out Amplifier Pack
HP has fixed a vulnerability in Integrated Lights Out Amplifier Pack. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the...
Vulnerability discovered in Ansible
A vulnerability has been found in Ansible. The vulnerability allows a locally authenticated malicious person to obtain sensitive information. Certain information such as private keys is displayed in log files even when the system is so configured that this should not be possible. Ansible has not...
Vulnerabilities fixed in LDB
Several vulnerabilities have been fixed in LDB. LDB is an embedded database in line with LDAP and is used among other things by SAMBA. An unauthenticated remote malicious party could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service on LDB cause. This...
Vulnerability fixed in netmask
Netmask is a widely used component in various open source projects. This component contains a vulnerability. By incorrectly processing ipv4 addresses, attacks such as server-side request forgery SSRF, remote file inclusion RFI and local file inclusion LFI are made possible. The makers of Netmask...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed several vulnerabilities in Jira. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure Accessing sensitive data Accessing...
Vulnerabilities fixed in Citrix Hypervisor (Xen)
Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a local malicious person with elevated permissions on a guest system able to cause the host system to crash. Citrix has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Oracle Linux
Oracle has fixed multiple vulnerabilities in the Unbreakable Enterprise kernel for Oracle Enterprise Linux. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code executi...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL.The vulnerabilities allow a remote malicious person the ability to obtain sensitive information obtain. To do so, the malicious party must induce the victim to visit a server under the control of the malicious party. -= Debian =- Debian has made updates to...
Vulnerabilities fixed in Samsung products
Vulnerabilities have been fixed in several Samsung products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing system data Samsun...
Vulnerabilities fixed in Esri ArcGIS Server
Esri has fixed several vulnerabilities in ArcGIS Server. A authenticated remote malicious party can exploit the vulnerabilities potentially exploit them to execute arbitrary code under privileges of the service account. Esri has released updates to fix the vulnerabilities. For more information,...
Vulnerability fixed in Foxit products
A vulnerability has been fixed in Foxit products. The vulnerability allows an unauthenticated remote malicious person able to cause a denial-of-service with potentially the execution of arbitrary code under privileges of the victim. To do this, the malicious party must induce the victim to open a...
Vulnerabilities fixed in VMware vRealize Operations
VMware has fixed two vulnerabilities in vRealize Operations, vRealize Suite Lifecycle Manager and Cloud Foundation. A unauthenticated malicious party can exploit the vulnerability with attribute CVE-2021-21975 to gain access to authentication credentials of administrators. The vulnerability with...
Vulnerabilities fixed in Zabbix
SUSE has fixed vulnerabilities in its Zabbix packages. The vulnerabilities relate to an incorrectly implemented mechanism that protects against cross-site request forgery CSRF attacks and on insecure password hashing. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE...
Vulnerabilities fixed in Zimbra
Vulnerabilities have been fixed in Zimbra. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to system data Zimbra has released updates to...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to cause a denial-of-service or to obtain system data obtain. To do so, the malicious party must induce the victim to to visit a rogue website. Google has released updates to fix the vulnerabilities...
Vulnerability fixed in Mitel MiContact Center
Mitel has fixed a vulnerability in MiContact Center. The vulnerability allows an authenticated malicious party with access to the Enterprise License Manager portal is able to obtain system data obtain. Mitel has released updates to fix the vulnerability. More information can be found on the page...
Vulnerability fixed in OpenAM
A vulnerability has been fixed in OpenAM. The vulnerability allows an unauthenticated remote malicious person to use of an LDAP injection attack to obtain sensitive information. Updates have been released to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Esri ArcReader
Esri has fixed multiple vulnerabilities in ArcReader, ArcGIS Desktop, ArcGIS Engine and ArcGIS Pro. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code execute arbitrary code under application privileges. To do so, the malicious party needs to induce an...
Vulnerability fixed in SpamAssassin
The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...