4197 matches found
Vulnerabilities fixed in Atlassian Jira
Atlassian has fixed several vulnerabilities in Jira. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure Accessing sensitive data Accessing...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...
Vulnerability fixed in netmask
Netmask is a widely used component in various open source projects. This component contains a vulnerability. By incorrectly processing ipv4 addresses, attacks such as server-side request forgery SSRF, remote file inclusion RFI and local file inclusion LFI are made possible. The makers of Netmask...
Vulnerabilities fixed in Citrix Hypervisor (Xen)
Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a local malicious person with elevated permissions on a guest system able to cause the host system to crash. Citrix has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerabilities fixed in Oracle Linux
Oracle has fixed multiple vulnerabilities in the Unbreakable Enterprise kernel for Oracle Enterprise Linux. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code executi...
Vulnerabilities fixed in LDB
Several vulnerabilities have been fixed in LDB. LDB is an embedded database in line with LDAP and is used among other things by SAMBA. An unauthenticated remote malicious party could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service on LDB cause. This...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL.The vulnerabilities allow a remote malicious person the ability to obtain sensitive information obtain. To do so, the malicious party must induce the victim to visit a server under the control of the malicious party. -= Debian =- Debian has made updates to...
Vulnerability fixed in Foxit products
A vulnerability has been fixed in Foxit products. The vulnerability allows an unauthenticated remote malicious person able to cause a denial-of-service with potentially the execution of arbitrary code under privileges of the victim. To do this, the malicious party must induce the victim to open a...
Vulnerabilities fixed in Zabbix
SUSE has fixed vulnerabilities in its Zabbix packages. The vulnerabilities relate to an incorrectly implemented mechanism that protects against cross-site request forgery CSRF attacks and on insecure password hashing. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to cause a denial-of-service or to obtain system data obtain. To do so, the malicious party must induce the victim to to visit a rogue website. Google has released updates to fix the vulnerabilities...
Vulnerabilities fixed in Esri ArcGIS Server
Esri has fixed several vulnerabilities in ArcGIS Server. A authenticated remote malicious party can exploit the vulnerabilities potentially exploit them to execute arbitrary code under privileges of the service account. Esri has released updates to fix the vulnerabilities. For more information,...
Vulnerabilities fixed in Samsung products
Vulnerabilities have been fixed in several Samsung products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing system data Samsun...
Vulnerabilities fixed in VMware vRealize Operations
VMware has fixed two vulnerabilities in vRealize Operations, vRealize Suite Lifecycle Manager and Cloud Foundation. A unauthenticated malicious party can exploit the vulnerability with attribute CVE-2021-21975 to gain access to authentication credentials of administrators. The vulnerability with...
Vulnerabilities fixed in Zimbra
Vulnerabilities have been fixed in Zimbra. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to system data Zimbra has released updates to...
Vulnerability fixed in OpenAM
A vulnerability has been fixed in OpenAM. The vulnerability allows an unauthenticated remote malicious person to use of an LDAP injection attack to obtain sensitive information. Updates have been released to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Esri ArcReader
Esri has fixed multiple vulnerabilities in ArcReader, ArcGIS Desktop, ArcGIS Engine and ArcGIS Pro. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code execute arbitrary code under application privileges. To do so, the malicious party needs to induce an...
Vulnerability fixed in Mitel MiContact Center
Mitel has fixed a vulnerability in MiContact Center. The vulnerability allows an authenticated malicious party with access to the Enterprise License Manager portal is able to obtain system data obtain. Mitel has released updates to fix the vulnerability. More information can be found on the page...
Vulnerability fixed in Apple iOS and iPadOS
A vulnerability has been fixed in Apple iOS and Apple iPadOS. The vulnerability is located in the WebKit component and is referred to as Universal Cross-site Scripting UXSS. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under browser privileges. The...
Vulnerability found in Keycloak
A vulnerability has been found in Keycloak. The vulnerability allows a malicious person to use the new-account console to execute to execute arbitrary code. Red Hat reports that the vulnerability in version 13 of Keycloak has been fixed. At Keycloak itself, this information cannot be found found...
Vulnerabilities fixed in FreeBSD
Several vulnerabilities have been fixed in FreeBSD. The vulnerabilities allow a malicious person, potentially unauthenticated remote, be able to carry out attacks resulting in the following categories of damage: Bypassing authentication Bypassing security measure Accessing sensitive data Access t...
Vulnerability fixed in SpamAssassin
The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...
Vulnerabilities fixed in SolarWinds Orion
SolarWinds has fixed multiple vulnerabilities in the Orion Platform. An authenticated remote malicious party could potentially exploit the vulnerabilities potentially exploit them to execute execute arbitrary code. In addition, vulnerabilities have been fixed that allow a Tabnabbing attack and...
Vulnerabilities fixed in McAfee ePolicy Orchestrator
McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privilege...
Vulnerability fixed in Micro Focus products
A vulnerability has been fixed in several Micro Focus products. A malicious party could, by exploiting this vulnerability obtain the permissions with which the Operations Agent is is running on the vulnerable system. For Linux and Windows, these are root and SYSTEM users, respectively. Too little...
Vulnerabilities fixed in NetApp products
NetApp has fixed multiple vulnerabilities in various Netapp products. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data NetApp ha...
Vulnerabilities fixed in XStream
Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights Access to sensitive data The...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Access to sensiti...
Vulnerabilities fixed in OpenSSL
Two vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerability with reference CVE-2021-3449 potentially exploit it to cause a denial-of-service. To do this requires sending a specially prepared "renegotiation ClientHello" message needs to be sent fro...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...
Vulnerabilities fixed in Tivoli Netcool/OMNIbus
IBM Tivoli Netcool / OMNIbusGUI is vulnerable to stored cross-site scripting XSS. This security vulnerability CVE-2021-20336 allows users insert arbitrary JavaScript code into the Web interface, thereby altering the intended functionality, potentially lead to the release of login credentials with...
Vulnerability fixed in Adobe ColdFusion
Adobe has released updates to fix a vulnerability in ColdFusion. A malicious party could potentially exploit it to execute arbitrary code under the privileges of the application. Very limited details are currently available about the vulnerability. Adobe has released updates to fix the...
Vulnerabilities fixed in Red Hat Certificate System
Several vulnerabilities have been fixed in Red Hat Certificate System. A malicious party can exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Red Hat has made...
Vulnerabilities fixed in Xerox ColorQube systems
Xerox has fixed vulnerabilities in ColorQube systems. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to provide access to the file system. No details have been made available about the latter vulnerability made available, nor has a CVE attribute be...
Vulnerabilities fixed in Grafana Enterprise
Several vulnerabilities have been fixed in Grafana Enterprise. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to obtain elevated privileges obtain elevated privileges within the application. Grafana Labs has released updates to address the...
Vulnerability found in ProFTPd
A vulnerability has been found in ProFTPd. An unauthenticated malicious party can remotely exploit the vulnerability to cause a denial-of-service attack. No CVE ID issued. ProFTP has not yet released updates to address the vulnerability. fix in ProFTPd...
Vulnerability fixed in GitLab
GitLab developers have fixed a serious vulnerability fixed in GitLab Community Edition and Enterprise Edition. The vulnerability allows an authenticated malicious person to execute arbitrary code on the server. A CVE ID has been requested for this vulnerability but has not yet been assigned. GitL...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in the kernel of Red Hat Enterprise Linux 7. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution User...
Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform
Vulnerabilities have been fixed in JBoss Enterprise Application Platform. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing system data Red Hat has made...
Vulnerabilities fixed in TYPO3
The TYPO3 Association has fixed several vulnerabilities in TYPO3. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data T...
Vulnerabilities fixed in the Ubuntu kernel
Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights -= Ubuntu =- Canonical...
Vulnerability fixed in Elasticsearch
Elastic has fixed a vulnerability in Elasticsearch. A remote malicious party could potentially exploit the vulnerability to gain access to sensitive data. The vulnerability is in the way Document or Field permissions are applied. A malicious party can view recently modified documents because they...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...
Vulnerabilities fixed in NetBSD
The developers of NetBSD have fixed a number of vulnerabilities fixed in NetBSD's IP stack. Because packet IDs are not randomly are not randomly generated by default, a malicious party can predict the IP traffic. predict, allowing the malicious party to launch a man-in-the-middle attack to obtain...
Vulnerabilities fixed in IBM DB2
IBM has fixed two vulnerabilities in DB2. A local malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the underlying system with root privileges. To do this, however, the malicious party must have local access to the vulnerable system. IBM...
Vulnerabilities fixed in F5 BIG-IQ
F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...
Vulnerabilities fixed in Schneider Electric PowerLogic
Schneider Electric has fixed vulnerabilities in a number of PowerLogic products. An unauthenticated malicious person at remote could potentially exploit the vulnerabilities to cause a denial-of-service or to execute arbitrary code. Schneider Electric has released updates to address the...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed multiple vulnerabilities in its BIG-IP product line. The vulnerabilities allow a potentially unauthenticated remote malicious person is able to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...
Vulnerabilities fixed in Red Hat OpenShift Virtualization
Red Hat has released updates to address multiple vulnerabilities fixes in OpenShift Virtualization. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities in OpenShift Virtualization. For more...
Vulnerabilities fixed in Adobe Creative Cloud
Adobe has fixed vulnerabilities in Creative Cloud Desktop Application. A malicious party can exploit the vulnerabilities to injecting system commands which are then executed by the application. Also, the vulnerabilities can be exploited to obtain elevated privileges and to overwrite arbitrary...
Vulnerability fixed in Squid
Squid's developers have fixed a vulnerability. A authenticated user can exploit the vulnerability via an HTTP-Request Smuggling attack to still gain access gain access to services and websites that should be shielded. Squid has released updates to fix the vulnerability in Squid v 4.14 and 5.0.5...