4179 matches found
Vulnerabilities fixed in Siemens Scalance
Siemens has fixed several vulnerabilities in Scalance products. The vulnerabilities allow an unauthenticated remote malicious person may be able to launch attacks leading to the following categories of damage: Denial-of-Service DoS DNS cache poisoning Remote code execution possibly under elevated...
Vulnerabilities fixed in GRUB2
Vulnerabilities have been fixed in GRUB2. The vulnerabilities allow a local malicious person to execute arbitrary code resulting in the circumvention of "Secure Boot." Also, the vulnerabilities can be used to cause a denial-of-service cause. With the exception of the vulnerability with attribute...
Vulnerability fixed in Snort
A vulnerability has been fixed in Snort. The vulnerability allows an unauthenticated malicious party to cause a denial-of-service denial-of-service. The malicious party should be able to send rogue send Ethernet frames to a device that then then handles them. Cisco indicates that the...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure...
Vulnerability fixed in Cisco Webex Meetings
A vulnerability has been fixed in Cisco Webex Meetings. The vulnerability allows a malicious party to make changes to make changes to the distribution list of Cisco Webex Meetings belonging to another other user within the same organization. Cisco has released updates to fix the vulnerability. Mo...
Vulnerability fixed in Xerox products
A vulnerability has been fixed in Xerox Phaser, WorkCentre and VersaLink. The vulnerability allows a malicious person to execute arbitrary code under the user's privileges. Xerox did not release any substantive details about this vulnerability. No CVE attribute has been assigned to this...
Vulnerabilities fixed in Joomla
Several vulnerabilities have been fixed in Joomla. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure The vulnerability with...
Vulnerability fixed in Cisco IP Phones
A vulnerability has been fixed in Cisco IP Phones. The vulnerability allows a malicious party capable of sending rogue Cisco Discovery Protocol or LLDP packet to send to the IP Phone able to execute arbitrary code or cause a Denial-of-Service attack. Cisco has released updates to fix the...
Vulnerability fixed in wpa_supplicant
A vulnerability has been fixed in wpasupplicant when it is configured for P2P Wi-Fi Direct support. A malicious person within Wi-Fi range could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with root privileges. w1.fi has released updates to fix t...
Vulnerability fixed in FortiGate
Fortinet has fixed a vulnerability in FortiGate. The vulnerability allows an unauthenticated remote malicious person potentially able to bypass the proxy by sending non-HTTPS traffic such as SSH to port 80/443 of FortiGate. Fortinet has released updates to fix the vulnerability in FortiGate 6.4.3...
Vulnerability fixed in OpenSSH
A vulnerability has been fixed in OpenSSH. The vulnerability allows a malicious party with access to the SSH agent socket to cause a Denial-of-Service and potentially execute arbitrary code. execute. No CVE attribute has been reserved for this vulnerability yet. The developers of OpenSSH have...
Vulnerabilities fixed in Clustered Data ONTAP
NetApp has fixed two vulnerabilities in Clustered Data ONTAP. The vulnerabilities could be exploited by a malicious person to gather information about the vulnerable system or cause a denial-of-service. To cause a Denial-of-Service, the malicious party must be authenticated on the vulnerable...
Vulnerability fixed in Trend Micro products
Trend Micro has fixed a vulnerability in products that use the Virus Scan API VSAPI and/or the Advanced Threat Scan Engine ATSE. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. Trend Micro has released updates for numerous products ...
Vulnerability fixed in Cisco ESA and SMA
A vulnerability has been fixed in the web-based administrator interface Cisco AsyncOS for Cisco ESA and SMA. The vulnerability allows an authenticated remote malicious party to able to obtain sensitive data. Cisco has released updates to fix the vulnerability. More information can be found on the...
Vulnerability fixed in Juniper JunOS
A vulnerability has been fixed in Juniper JunOS. The vulnerability allows a malicious person with access to the network in which the system resides is able to cause a denial-of-service. Juniper has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in NetApp Active IQ Unified Manager and Snap Creator Framework
NetApp has fixed a vulnerability in JQuery as used in Active IQ Unified Manager and Snap Creator Framework, among others. The vulnerabilities allow an unauthenticated malicious person to to access sensitive data or manipulate data. NetApp has released updates to fix the vulnerabilities in Active ...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data As usual, Google...
Vulnerabilities fixed in Veritas Backup Exec
Veritas has fixed three vulnerabilities in Veritas Backup Exec. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to execute commands under SYSTEM privileges on systems on which a Veritas Backup Exec Agent is installed. In addition, the vulnerabilities can be...
Serious vulnerabilities fixed in Microsoft Exchange Server
Vulnerabilities have been fixed in Microsoft Exchange Server. A combination of several vulnerabilities allow a malicious person remotely able to execute arbitrary code under SYSTEM privileges Microsoft states that the vulnerabilities with attribute CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 a...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerability fixed in Redis
A vulnerability has been fixed in Redis. A malicious party could vulnerability potentially exploit it to cause a denial-of-service cause or execute arbitrary code under privileges of the Redis application. Only Redis installations with a bulk input size significantly higher than 512MB are...
Vulnerability fixed in Keycloak
A vulnerability has been fixed in Keycloak. The vulnerability allows a malicious party to bypass authentication. Red Hat has released updates to fix the vulnerability. More information can be found on the pages below: https://issues.jboss.org/browse/KEYCLOAK-14090...
Vulnerability fixed in Kaspersky Endpoint Security
Kaspersky has fixed a vulnerability in Kaspersky Endpoint Security and Kaspersky Rescue Disk. A local malicious person with administrator privileges or a malicious person with physical access to the vulnerable device could exploit the vulnerability to bypass of UEFI Secure Boot. This could allow...
Vulnerability fixed in Red Hat Satellite
A vulnerability has been fixed in Red Hat Satellite. The vulnerability allows an authenticated malicious person with access to the server to obtain sensitive data. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Salt
Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing authentication Bypassing security measur...
Vulnerability found in Rockwell Automation Logix Controllers
A vulnerability has been found in Rockwell Automation Logix Controllers. The vulnerability allows a malicious party to bypass authentication. After this, it is possible to modify the configuration of the vulnerable system and to execute arbitrary code execute. The attack should be performed from...
Vulnerabilities fixed in MongoDB
Vulnerabilities have been fixed in MongoDB. The vulnerabilities allow an unauthorized remote malicious person to obtain opportunity to obtain sensitive data. The malicious party must perform a successful man-in-the-middle attack that undoes the encryption of data is undone. Exploiting this...
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed vulnerabilities in Bridge. The vulnerabilities allow a remote malicious person to execute arbitrary execute arbitrary code under the victim's privileges. To exploit the vulnerability, the malicious party must cause the victim to induce malicious TTF files to be loaded. Adobe has...
Vulnerabilities fixed in LibTIFF
Vulnerabilities have been fixed in LibTIFF. The vulnerabilities enable an unauthenticated remote malicious agent to opportunity to cause a denial-of-service or potentially execute arbitrary code under user privileges. The malicious party to do this must induce the victim to open a rogue TIFF file...
Vulnerabilities fixed in Node.js
Node.js developers have fixed vulnerabilities. The vulnerabilities allow an unauthorized remote malicious person to remote user to cause a denial-of-service and to bypass a security measure. -= Debian =- Debian has made updates to nodejs available for to address the vulnerabilities. You can insta...
Vulnerability fixed in NetApp products
A vulnerability has been fixed in NetApp products. The vulnerability allows an unauthenticated remote malicious person able to use a so-called man-in-the-middle attack to obtain to obtain sensitive data. Exploiting this vulnerability requires expertise. NetApp has released updates to fix the...
Vulnerabilities fixed in Cisco Nexus 9000 series
Cisco has fixed vulnerabilities in Nexus 9000 Series Fabric Switches. The vulnerabilities allow an unauthenticated remote malicious party able to cause a denial-of-service cause and to bypass a security measure. Cisco categorizes these vulnerabilities according to the CVSSv3 method with a highest...
Vulnerabilities fixed in the Ubuntu kernel
Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...
Vulnerabilities fixed in Cisco NX-OS
Vulnerabilities have been fixed in NX-OS. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Cisco categorizes these vulnerabilities according to the CVSSv3...
Vulnerabilities fixed in Ansible
Vulnerabilities have been fixed in Ansible. The vulnerabilities allow a remote malicious party to obtain sensitive to obtain data and system information. RedHat categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 5. -= Red Hat =- Red Hat has made updates...
Vulnerabilities fixed in Cisco FXOS and NX-OS
Cisco has fixed vulnerabilities in FXOS and NX-OS. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service and to execute arbitrary code under root privileges. Cisco categorizes this vulnerability according to the CVSSv3 method with a score...
Large number of vulnerabilities fixed in Red Hat OpenShift container platform
Red Hat has released version 4.7.0 of its OpenShift Container Platform. In this update, a very large number of vulnerabilities have been fixed, both in OpenShift itself, underlying applications and in the underlying operating system. The underlying vulnerabilities were previously fixed at the...
Vulnerabilities fixed in VMware ESXi and vSpher
VMware has fixed vulnerabilities in ESXi and vCentre vSphere. The vulnerabilities allow a malicious person to execute arbitrary code on ESXi and vCentre. Also, the the vulnerabilities allow the malicious party to launch a Cross-Site Request Forgery attack on vCentre. It is good practice to unlock...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Vulnerabilities have been fixed in Aruba ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root privileges SQL Injection Increase...
Vulnerability fixed in Huawei S5700
A vulnerability has been fixed in the Huawei S5700 switch. The vulnerability allows a malicious party to cause a denial-of-service cause. Huawei has made little information made available. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in IBM Integration Bus
A vulnerability has been fixed in IBM Integration Bus. The vulnerability allows a remote malicious party to perform a denial-of-service attack. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6416609...
Vulnerabilities fixed in Intel BIOS
Intel has fixed vulnerabilities in the BIOS which is used along with specific Xeon and Atom processors. The vulnerabilities enable a locally authenticated malicious person to opportunity to obtain elevated privileges. The malicious party needs physical access to the vulnerable machine to do so...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing Accessin...
Vulnerabilities fixed in AirWave
Vulnerabilities have been fixed in the web-based management interface of AirWave. The vulnerabilities allow a malicious able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...
Vulnerabilities fixed in Citrix Hypervisor
Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a malicious person with administrator privileges within the guest VM to cause a denial-of-service on the host. Citrix has released updates to fix the vulnerabilities. More information can be found on the page belo...
Vulnerability fixed in Jenkins
A vulnerability has been fixed in Jenkins. The vulnerability allows an authenticated malicious person to obtain elevated privileges. obtain. Jenkins has released updates to fix the vulnerability. More information can be found on the page below: https://www.jenkins.io/security/advisory/2021-02-19/...
Vulnerabilities fixed in Ruby on Rails
Vulnerabilities have been fixed in Ruby on Rails. The vulnerabilities allow a malicious party to cause a denial-of-service cause and redirect a user to a rogue web page. The Ruby on Rails developers have released updates to fix the vulnerabilities. More information can be found on the pages below...
Vulnerability fixed in Atlassian Jira
A vulnerability has been fixed in Jira. The vulnerability allows unauthenticated a malicious person to gain access to system data Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/JRASERVER-72014...
Vulnerability fixed in OpenLDAP
A vulnerability has been fixed in OpenLDAP. The vulnerability allows an unauthenticated remote malicious party to cause a denial-of-service attack. The developers of OpenLDAP have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Python developers have indicated that the vulnerability with...