Vulnerabilities fixed in SolarWinds Orion

SolarWinds has fixed multiple vulnerabilities in the Orion Platform. An authenticated remote malicious party could potentially exploit the vulnerabilities potentially exploit them to execute execute arbitrary code. In addition, vulnerabilities have been fixed that allow a Tabnabbing attack and...

Vulnerabilities fixed in FreeBSD

Several vulnerabilities have been fixed in FreeBSD. The vulnerabilities allow a malicious person, potentially unauthenticated remote, be able to carry out attacks resulting in the following categories of damage: Bypassing authentication Bypassing security measure Accessing sensitive data Access t...

Vulnerabilities fixed in McAfee ePolicy Orchestrator

McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privilege...

Vulnerability found in Keycloak

A vulnerability has been found in Keycloak. The vulnerability allows a malicious person to use the new-account console to execute to execute arbitrary code. Red Hat reports that the vulnerability in version 13 of Keycloak has been fixed. At Keycloak itself, this information cannot be found found...

Vulnerability fixed in Apple iOS and iPadOS

A vulnerability has been fixed in Apple iOS and Apple iPadOS. The vulnerability is located in the WebKit component and is referred to as Universal Cross-site Scripting UXSS. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under browser privileges. The...

Vulnerability fixed in Micro Focus products

A vulnerability has been fixed in several Micro Focus products. A malicious party could, by exploiting this vulnerability obtain the permissions with which the Operations Agent is is running on the vulnerable system. For Linux and Windows, these are root and SYSTEM users, respectively. Too little...

Vulnerabilities fixed in XStream

Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights Access to sensitive data The...

Vulnerabilities fixed in NetApp products

NetApp has fixed multiple vulnerabilities in various Netapp products. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data NetApp ha...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Access to sensiti...

Vulnerabilities fixed in OpenSSL

Two vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerability with reference CVE-2021-3449 potentially exploit it to cause a denial-of-service. To do this requires sending a specially prepared "renegotiation ClientHello" message needs to be sent fro...

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...

Vulnerability fixed in Adobe ColdFusion

Adobe has released updates to fix a vulnerability in ColdFusion. A malicious party could potentially exploit it to execute arbitrary code under the privileges of the application. Very limited details are currently available about the vulnerability. Adobe has released updates to fix the...

Vulnerabilities fixed in Red Hat Certificate System

Several vulnerabilities have been fixed in Red Hat Certificate System. A malicious party can exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Red Hat has made...

Vulnerabilities fixed in Tivoli Netcool/OMNIbus

IBM Tivoli Netcool / OMNIbusGUI is vulnerable to stored cross-site scripting XSS. This security vulnerability CVE-2021-20336 allows users insert arbitrary JavaScript code into the Web interface, thereby altering the intended functionality, potentially lead to the release of login credentials with...

Vulnerabilities fixed in Grafana Enterprise

Several vulnerabilities have been fixed in Grafana Enterprise. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to obtain elevated privileges obtain elevated privileges within the application. Grafana Labs has released updates to address the...

Vulnerability found in ProFTPd

A vulnerability has been found in ProFTPd. An unauthenticated malicious party can remotely exploit the vulnerability to cause a denial-of-service attack. No CVE ID issued. ProFTP has not yet released updates to address the vulnerability. fix in ProFTPd...

Vulnerabilities fixed in Xerox ColorQube systems

Xerox has fixed vulnerabilities in ColorQube systems. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to provide access to the file system. No details have been made available about the latter vulnerability made available, nor has a CVE attribute be...

Vulnerability fixed in GitLab

GitLab developers have fixed a serious vulnerability fixed in GitLab Community Edition and Enterprise Edition. The vulnerability allows an authenticated malicious person to execute arbitrary code on the server. A CVE ID has been requested for this vulnerability but has not yet been assigned. GitL...

Vulnerabilities fixed in Red Hat kernel

Vulnerabilities have been fixed in the kernel of Red Hat Enterprise Linux 7. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution User...

Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform

Vulnerabilities have been fixed in JBoss Enterprise Application Platform. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing system data Red Hat has made...

Vulnerabilities fixed in the Ubuntu kernel

Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights -= Ubuntu =- Canonical...

Vulnerabilities fixed in TYPO3

The TYPO3 Association has fixed several vulnerabilities in TYPO3. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data T...

Vulnerability fixed in Elasticsearch

Elastic has fixed a vulnerability in Elasticsearch. A remote malicious party could potentially exploit the vulnerability to gain access to sensitive data. The vulnerability is in the way Document or Field permissions are applied. A malicious party can view recently modified documents because they...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...

Vulnerabilities fixed in NetBSD

The developers of NetBSD have fixed a number of vulnerabilities fixed in NetBSD's IP stack. Because packet IDs are not randomly are not randomly generated by default, a malicious party can predict the IP traffic. predict, allowing the malicious party to launch a man-in-the-middle attack to obtain...

Vulnerabilities fixed in IBM DB2

IBM has fixed two vulnerabilities in DB2. A local malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the underlying system with root privileges. To do this, however, the malicious party must have local access to the vulnerable system. IBM...

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed multiple vulnerabilities in its BIG-IP product line. The vulnerabilities allow a potentially unauthenticated remote malicious person is able to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

Vulnerabilities fixed in F5 BIG-IQ

F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...

Vulnerabilities fixed in Schneider Electric PowerLogic

Schneider Electric has fixed vulnerabilities in a number of PowerLogic products. An unauthenticated malicious person at remote could potentially exploit the vulnerabilities to cause a denial-of-service or to execute arbitrary code. Schneider Electric has released updates to address the...

Vulnerabilities fixed in Red Hat OpenShift Virtualization

Red Hat has released updates to address multiple vulnerabilities fixes in OpenShift Virtualization. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities in OpenShift Virtualization. For more...

Vulnerability fixed in GNU git

GNU has fixed a vulnerability in git. A malicious person could exploit the vulnerability to create a rogue repository from which scripts are automatically executed upon check out. This allows the malicious party to execute arbitrary code with permissions of git on the vulnerable system. GNU has...

Vulnerability fixed in Squid

Squid's developers have fixed a vulnerability. A authenticated user can exploit the vulnerability via an HTTP-Request Smuggling attack to still gain access gain access to services and websites that should be shielded. Squid has released updates to fix the vulnerability in Squid v 4.14 and 5.0.5...

Vulnerability fixed in Websphere Application Server

IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to gain access to sensitive data via Directory Traversal to gain access to sensitive data. IBM has released updates to fix the vulnerability in Websphere Application Server. For more...

Vulnerabilities fixed in Adobe Connect

Adobe has fixed vulnerabilities in Adobe Connect. A malicious party could potentially exploit the vulnerabilities remotely to execute arbitrary code under the privileges of the application. In addition, the vulnerabilities can be exploited to performing a Cross-Site Scripting XSS attack. A such...

Vulnerabilities fixed in Adobe Creative Cloud

Adobe has fixed vulnerabilities in Creative Cloud Desktop Application. A malicious party can exploit the vulnerabilities to injecting system commands which are then executed by the application. Also, the vulnerabilities can be exploited to obtain elevated privileges and to overwrite arbitrary...

Vulnerability fixed in Adobe FrameMaker

Adobe has fixed a vulnerability in FrameMaker. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code under application privileges. As of yet, no substantive details about this vulnerability have been made publicly available. Adobe has released updates ...

Vulnerabilities fixed in Oracle Enterprise Linux

Oracle has fixed vulnerabilities in Oracle Enterprise Linux. The vulnerabilities allow a local, authenticated malicious agent to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Code execution at the kernel level Increased user privileges -= Oracle ...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Bypassing authentication Bypassing security measure Remote code execution User Rights SAP designates...

Vulnerability fixed in Microsoft SQL Server

A vulnerability has been fixed in the Microsoft SQL product group. Server. The vulnerability is in the Power BI application. The vulnerability enables an authenticated remote malicious person to able to obtain sensitive information. Power BI:...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Circumvention of security measure. Accessing sensitive data Executing arbitrary code User privileges...

Vulnerabilities fixed in Microsoft Browsers

Two vulnerabilities have been fixed in Microsoft Internet Explorer. The vulnerabilities allow a malicious person to execute arbitrary code under a user's privileges. To exploit the vulnerabilities, an attacker must trick the entice the victim to open a rogue page. According to Microsoft, the...

Vulnerabilitiesj fixed in Xerox AltaLink systems

Xerox has fixed vulnerabilities in AltaLink systems. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code on the system, circumvent a security measure bypass a security measure or gain access to sensitive data. No CVE ID of the vulnerabilities has been disclosed...

Vulnerability fixed in Apple products

The WebKit module contains code that allows a Web browser to be realized. The WebKit module is found in several Apple products. Apple has fixed a vulnerability in the WebKit module. fixed. The vulnerability allows a remote malicious person to able to cause a denial-of-service with potentially the...

Vulnerabilities fixed in Siemens Simatic

Siemens has fixed vulnerabilities in Simatic products. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Spoofing...

Vulnerabilities fixed in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: Cause a denial-of-service, Bypass security measures, Execute arbitrary code, Obtain elevated privileges, Access sensitive data. The vulnerabilities marked CVE-2021-26867 CVSS...

Vulnerability fixed in Microsoft Azure

A vulnerability has been fixed in Microsoft Azure. The vulnerability allows a malicious party to obtain sensitive data obtain sensitive data. Azure: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

Vulnerabilities fixed in Siemens Ruggedcom

Siemens has fixed multiple vulnerabilities in Ruggedcom products. A malicious party could potentially exploit them to cause a denial-of-service. To do so requires sending malicious network traffic to the vulnerable device. sent. In addition, the vulnerabilities can be exploited by a malicious be...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in Visual Studio and Visual Studio Code. The vulnerabilities allow a malicious person able to execute arbitrary code under the privileges of the user. The vulnerability with reference CVE-2021-21300 has been classified by Microsoft rated "Critical" the...

Vulnerability fixed in QEMU

A vulnerability has been fixed in QEMU. The vulnerability allows potentially allow a local malicious person from a guest system to execute arbitrary code on the host system under root permissions. Exploiting the vulnerability is no easy task. -= Red Hat =- Red Hat has made updates available for R...

Vulnerabilities fixed in Glibc

Vulnerabilities have been fixed in Glibc. The vulnerabilities allow an unauthenticated remote malicious agent the ability to launch a Denial-of-Service attack, possibly resulting in the execution of arbitrary code as a result. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS...