4197 matches found
Vulnerabilities fixed in McAfee Endpoint Security
Due to cleartext transfer of sensitive information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers that use DNS use, a remote attacker can view ENS requests and responses from GTI via DNS. McAfee has released...
Vulnerabilities fixed in WordPress
WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform an XML External Entity XXE attack. This vulnerability is located in the way uploaded MP3 files are processed ...
Vulnerability fixed in Cisco IOS XR
Due to a vulnerability in the CLI of Cisco IOS XR 64-bit software allows an authenticated, local attacker to inject arbitrary commands inject arbitrary commands executed with root privileges on the underlying Linux operating system OS of an affected device. Cisco has released updates to fix the...
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed several vulnerabilities in Jira. A unauthenticated remote malicious person can exploit the vulnerabilities exploit them to gain access to information about the system or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed several vulnerabilities in BIG-IP. A unauthenticated malicious party could potentially exploit them to cause a denial-of-service. F5 has released updates to fix the vulnerabilities. For more information, see: CVE-2021-22975: https://support.f5.com/csp/article/K21971977 CVE-2021-22977...
Vulnerabilities fixed in Juniper JunOS
A Race Condition vulnerability in the firewall process dfwd of Juniper Networks Junos OS allows an attacker to bypass the firewall rulesets to bypass CVE-2021-0247. A vulnerability in the forwarding of TCPv6 transit packets received on the Ethernet management interface of Juniper Networks Junos O...
Vulnerabilities fixed in SUSE Linux Enterprise kernel
SUSE developers have fixed several vulnerabilities in the Linux kernel as used in SUSE Linux Enterprise. The vulnerabilities potentially enable a local malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...
Vulnerabilities fixed in PAN-OS
A security vulnerability exists regarding log files in Palo Alto Networks PAN-OS software, in which the connection details for a scheduled configuration export are recorded recorded in system logs. PAN-OS developers have issued updates to PAN-OS to address the vulnerabilities. More information...
Vulnerability fixed in DELL PowerEdge and X-series
DELL has fixed a vulnerability in the firmware of their PowerEdge and X-series systems. Weak encryption allowed an unauthenticated malicious person to obtain the login credentials of another user and thereby gain elevated privileges. DELL has released updates to fix the vulnerability in PowerEdge...
Vulnerability fixed in Cisco AnyConnect Secure Mobility Client
A vulnerability in the IPC channel of Cisco AnyConnect Secure Mobility Client, an authenticated, local attacker can cause a Denial-of-Service DoS exploit on an affected device. To exploit this security vulnerability, the attacker must have have valid login credentials on the device. Cisco has...
Vulnerabilities fixed in GitLab CE and EE
GitLab has fixed two vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities could be exploited by a malicious person with rights to upload files could be exploited to execute arbitrary code with permissions from the GitLab Service. A CVE ID is not yet known for on...
Vulnerability fixed in NetApp products
Several NetApp products include Lodash. Lodash versions up to and including 4.17.15 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information, the addition or modification of data, or Denial of Service DoS. NetApp has released update...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the permissions of the application or gain access to sensitive data in the context of the application. To do so, the malicious party...
Vulnerability fixed in Mendix
The latest updates to Mendix fix a vulnerability that allows malicious authorized users can increase their privileges increase their privileges. Remove the authority to manage user roles for non-administrator roles to mitigate this security vulnerability for non-administrator users as a mitigatin...
Vulnerabilities fixed in Juniper Junos OS
Juniper has fixed vulnerabilities in Junos OS. The vulnerabilities allow a remote malicious person to to bypass a security measure and to cause a denial-of-service cause Juniper has released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerability fixed in Tomcat
Two vulnerabilities have been discovered in the Tomcat servlet and the JSP engine, which could lead to information disclosure or denial of service. -= Debian =- Debian has made updates to tomcat9 available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages ...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the rights of the application. To do this, the malicious party needs to victim to visit a rogue Web page. Google has indicated that for...
Vulnerabilities fixed in Microsoft Exchange Server
Vulnerabilities have been fixed in Microsoft Exchange Server. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code on the system. |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Accessing sensitive data. Execution of arbitrary code User Rights Denial-of-Service Below is a summary of the...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Impersonating another user Access to sensitive data Increased use...
Vulnerabilities fixed in Microsoft Azure products
Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities allow an unauthenticated remote malicious person to remote user to execute arbitrary code and obtain elevated permissions. Open Source Software: |----------------|------|-------------------------------------| | CVE ID | CV...
Vulnerabilities fixed in SAP Netweaver products
Several vulnerabilities have been fixed in SAP Netweaver products. By exploiting the vulnerabilities, a malicious party within the local network to bypass authentication, view sensitive information or cause cross-site scripting and Denial-of-Service. SAP has made updates available to address the...
Vulnerabilities fixed in Microsoft Windows
Vulnerabilities have been fixed in Windows. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Impersonating another user Access to sensitive...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution Administrator/Root right...
Vulnerabilities fixed in SonicWall Email Security
Vulnerabilities have been fixed in SonicWall Email Security. The vulnerabilities allow a local malicious person to obtain elevated permissions and to execute arbitrary code under the user's privileges. SonicWall has released updates to address the vulnerabilities. fixes. More information can be...
Vulnerability fixed in Tableau Server
A vulnerability has been fixed in Tableau Server. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website redirect when sharing a "view." Salesforce has released updates to fix the vulnerability fix in Tableau Server...
Vulnerability fixed in Forcepoint Web Security
A vulnerability has been fixed in Forcepoint Web Security. A malicious party can exploit the vulnerability to launch an XML External Entity Injection XXE attack when processing of XML data. An external attacker could exploit it to obtain sensitive information. Forcepoint has released updates to...
Vulnerability fixed in WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6441433...
Vulnerability fixed in dnsmasq
A vulnerability has been fixed in dnsmasq.The vulnerability allows a malicious party the ability to perform a DNS Cache Poisoning attack execute on a dnsmasq server. dnsmasq has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in WebSphere Application Server
IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6441063...
Vulnerability fixed in FreeBSD
A vulnerability has been fixed in FreeBSD. The vulnerability allows a locally authenticated malicious person to obtain to obtain system credentials. -= FreeBSD =- FreeBSD has made updates available to fix the vulnerability fix in kernel. More information about these updates can be found at:...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 12 and 15. fixes in SUSE...
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in SUSE kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Live...
Vulnerabilities concealment in Oracle Linux
Vulnerabilities have been fixed in Oracle Linux. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Increased user rights -= Oracle =- Oracle has made updates...
Vulnerabilities fixed in ClamAV
Vulnerabilities have been fixed in ClamAV. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the permissions with which the service is running. By exploiting the vulnerability with CVE attribute CVE-2021-1386, a...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to system data Software in the...
Vulnerabilities found in Cisco Unified Communications Manager
Vulnerabilities have been found in Cisco Unified Communications Manager. The vulnerabilities allow a malicious party to manipulate data and obtain sensitive information. Cisco has not yet released updates to address the vulnerabilities. fix. More information can be found on the pages below:...
Vulnerability fixed in Cisco IOS XR
A vulnerability has been fixed in Cisco IOS XR. A authenticated malicious party could potentially exploit it to execute arbitrary commands with root privileges on the underlying operating system. Cisco has released updates to fix the vulnerability in IOS XR. For more information, see:...
Vulnerability fixed in FortiWeb
A vulnerability has been fixed in FortiWeb. An authenticated malicious party could exploit the vulnerability to obtain plaintext passwords for systems configured via a Web Vulnerability Scan profile. FortiNet has released updates to fix the vulnerability in FortiWeb. For more information, see:...
Vulnerabilities fixed in xen
Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in SU...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in Red Hat kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Increased user privileges -= Red Hat...
Vulnerabilities fixed in WhatsApp
Vulnerabilities have been fixed in WhatsApp. A malicious party could potentially exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service. The vulnerability with CVE attribute CVE-2021-24027 only applies to applicable to WhatsApp for Android and WhatsApp Busines...
Vulnerabilities fixed in MediaWiki
Vulnerabilities have been fixed in MediaWiki. One vulnerability makes it impossible for a blocked user to reset the security token reset. This is problematic when the security token falls into wrong hands. The other two vulnerabilities involve a so-called Cross-Site Scripting XSS. MediaWiki has...
Vulnerability fixed in Huawei CloudEngine switches
A vulnerability has been fixed in Huawei CloudEngine switches. A malicious party could potentially exploit the vulnerability to cause a denial-of-service attack. Huawei has released updates to fix the vulnerability in CloudEngine 5800, 6800, 7800 and 12800 switches. For more information, see:...
Vulnerabilities fixed in Samsung products
Vulnerabilities have been fixed in several Samsung products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Red Hat OpenShift container platform
Red Hat has released version 4.7.5 of its OpenShift Container Platform. A malicious party could potentially exploit them to cause a denial-of-service or execute arbitrary execute arbitrary code with root privileges. -= Red Hat =- Red Hat has made updates available for OpenShift Container Platform...
Vulnerability fixed in Android
Vulnerabilities have been fixed in Android Operating System. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution User rights. Access to system data Increased user privileges The vulnerabilities...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to obtain sensitive data. This security advisory addresses two OpenSSL vulnerabilities that also appear in security advisory NCSC-2021-0259. For this reason, they are not included in the probability damage...
Vulnerability discovered in Ansible
A vulnerability has been found in Ansible. The vulnerability allows a locally authenticated malicious person to obtain sensitive information. Certain information such as private keys is displayed in log files even when the system is so configured that this should not be possible. Ansible has not...
Vulnerability fixed in HP Integrated Lights Out Amplifier Pack
HP has fixed a vulnerability in Integrated Lights Out Amplifier Pack. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the...