4197 matches found
Vulnerability fixed in Adobe FrameMaker
Adobe has fixed a vulnerability in FrameMaker. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code under application privileges. As of yet, no substantive details about this vulnerability have been made publicly available. Adobe has released updates ...
Vulnerability fixed in Websphere Application Server
IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to gain access to sensitive data via Directory Traversal to gain access to sensitive data. IBM has released updates to fix the vulnerability in Websphere Application Server. For more...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed vulnerabilities in Adobe Connect. A malicious party could potentially exploit the vulnerabilities remotely to execute arbitrary code under the privileges of the application. In addition, the vulnerabilities can be exploited to performing a Cross-Site Scripting XSS attack. A such...
Vulnerability fixed in GNU git
GNU has fixed a vulnerability in git. A malicious person could exploit the vulnerability to create a rogue repository from which scripts are automatically executed upon check out. This allows the malicious party to execute arbitrary code with permissions of git on the vulnerable system. GNU has...
Vulnerabilities fixed in Oracle Enterprise Linux
Oracle has fixed vulnerabilities in Oracle Enterprise Linux. The vulnerabilities allow a local, authenticated malicious agent to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Code execution at the kernel level Increased user privileges -= Oracle ...
Vulnerabilitiesj fixed in Xerox AltaLink systems
Xerox has fixed vulnerabilities in AltaLink systems. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code on the system, circumvent a security measure bypass a security measure or gain access to sensitive data. No CVE ID of the vulnerabilities has been disclosed...
Vulnerability fixed in Microsoft Azure
A vulnerability has been fixed in Microsoft Azure. The vulnerability allows a malicious party to obtain sensitive data obtain sensitive data. Azure: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in Microsoft SQL Server
A vulnerability has been fixed in the Microsoft SQL product group. Server. The vulnerability is in the Power BI application. The vulnerability enables an authenticated remote malicious person to able to obtain sensitive information. Power BI:...
Vulnerability fixed in QEMU
A vulnerability has been fixed in QEMU. The vulnerability allows potentially allow a local malicious person from a guest system to execute arbitrary code on the host system under root permissions. Exploiting the vulnerability is no easy task. -= Red Hat =- Red Hat has made updates available for R...
Vulnerability fixed in Apple products
The WebKit module contains code that allows a Web browser to be realized. The WebKit module is found in several Apple products. Apple has fixed a vulnerability in the WebKit module. fixed. The vulnerability allows a remote malicious person to able to cause a denial-of-service with potentially the...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: Cause a denial-of-service, Bypass security measures, Execute arbitrary code, Obtain elevated privileges, Access sensitive data. The vulnerabilities marked CVE-2021-26867 CVSS...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Circumvention of security measure. Accessing sensitive data Executing arbitrary code User privileges...
Vulnerabilities fixed in Siemens Scalance
Siemens has fixed several vulnerabilities in Scalance products. The vulnerabilities allow an unauthenticated remote malicious person may be able to launch attacks leading to the following categories of damage: Denial-of-Service DoS DNS cache poisoning Remote code execution possibly under elevated...
Vulnerabilities fixed in Glibc
Vulnerabilities have been fixed in Glibc. The vulnerabilities allow an unauthenticated remote malicious agent the ability to launch a Denial-of-Service attack, possibly resulting in the execution of arbitrary code as a result. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS...
Vulnerabilities fixed in Microsoft Browsers
Two vulnerabilities have been fixed in Microsoft Internet Explorer. The vulnerabilities allow a malicious person to execute arbitrary code under a user's privileges. To exploit the vulnerabilities, an attacker must trick the entice the victim to open a rogue page. According to Microsoft, the...
Vulnerabilities fixed in Siemens Ruggedcom
Siemens has fixed multiple vulnerabilities in Ruggedcom products. A malicious party could potentially exploit them to cause a denial-of-service. To do so requires sending malicious network traffic to the vulnerable device. sent. In addition, the vulnerabilities can be exploited by a malicious be...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Bypassing authentication Bypassing security measure Remote code execution User Rights SAP designates...
Vulnerabilities fixed in Siemens Simatic
Siemens has fixed vulnerabilities in Simatic products. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Spoofing...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in Visual Studio and Visual Studio Code. The vulnerabilities allow a malicious person able to execute arbitrary code under the privileges of the user. The vulnerability with reference CVE-2021-21300 has been classified by Microsoft rated "Critical" the...
Vulnerability fixed in Snort
A vulnerability has been fixed in Snort. The vulnerability allows an unauthenticated malicious party to cause a denial-of-service denial-of-service. The malicious party should be able to send rogue send Ethernet frames to a device that then then handles them. Cisco indicates that the...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure...
Vulnerability fixed in Xerox products
A vulnerability has been fixed in Xerox Phaser, WorkCentre and VersaLink. The vulnerability allows a malicious person to execute arbitrary code under the user's privileges. Xerox did not release any substantive details about this vulnerability. No CVE attribute has been assigned to this...
Vulnerability fixed in Cisco Webex Meetings
A vulnerability has been fixed in Cisco Webex Meetings. The vulnerability allows a malicious party to make changes to make changes to the distribution list of Cisco Webex Meetings belonging to another other user within the same organization. Cisco has released updates to fix the vulnerability. Mo...
Vulnerabilities fixed in Joomla
Several vulnerabilities have been fixed in Joomla. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure The vulnerability with...
Vulnerabilities fixed in GRUB2
Vulnerabilities have been fixed in GRUB2. The vulnerabilities allow a local malicious person to execute arbitrary code resulting in the circumvention of "Secure Boot." Also, the vulnerabilities can be used to cause a denial-of-service cause. With the exception of the vulnerability with attribute...
Vulnerability fixed in Cisco ESA and SMA
A vulnerability has been fixed in the web-based administrator interface Cisco AsyncOS for Cisco ESA and SMA. The vulnerability allows an authenticated remote malicious party to able to obtain sensitive data. Cisco has released updates to fix the vulnerability. More information can be found on the...
Vulnerability fixed in Cisco IP Phones
A vulnerability has been fixed in Cisco IP Phones. The vulnerability allows a malicious party capable of sending rogue Cisco Discovery Protocol or LLDP packet to send to the IP Phone able to execute arbitrary code or cause a Denial-of-Service attack. Cisco has released updates to fix the...
Vulnerability fixed in OpenSSH
A vulnerability has been fixed in OpenSSH. The vulnerability allows a malicious party with access to the SSH agent socket to cause a Denial-of-Service and potentially execute arbitrary code. execute. No CVE attribute has been reserved for this vulnerability yet. The developers of OpenSSH have...
Vulnerability fixed in Trend Micro products
Trend Micro has fixed a vulnerability in products that use the Virus Scan API VSAPI and/or the Advanced Threat Scan Engine ATSE. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. Trend Micro has released updates for numerous products ...
Vulnerability fixed in FortiGate
Fortinet has fixed a vulnerability in FortiGate. The vulnerability allows an unauthenticated remote malicious person potentially able to bypass the proxy by sending non-HTTPS traffic such as SSH to port 80/443 of FortiGate. Fortinet has released updates to fix the vulnerability in FortiGate 6.4.3...
Vulnerabilities fixed in Clustered Data ONTAP
NetApp has fixed two vulnerabilities in Clustered Data ONTAP. The vulnerabilities could be exploited by a malicious person to gather information about the vulnerable system or cause a denial-of-service. To cause a Denial-of-Service, the malicious party must be authenticated on the vulnerable...
Vulnerability fixed in wpa_supplicant
A vulnerability has been fixed in wpasupplicant when it is configured for P2P Wi-Fi Direct support. A malicious person within Wi-Fi range could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with root privileges. w1.fi has released updates to fix t...
Vulnerability fixed in Juniper JunOS
A vulnerability has been fixed in Juniper JunOS. The vulnerability allows a malicious person with access to the network in which the system resides is able to cause a denial-of-service. Juniper has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in NetApp Active IQ Unified Manager and Snap Creator Framework
NetApp has fixed a vulnerability in JQuery as used in Active IQ Unified Manager and Snap Creator Framework, among others. The vulnerabilities allow an unauthenticated malicious person to to access sensitive data or manipulate data. NetApp has released updates to fix the vulnerabilities in Active ...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data As usual, Google...
Vulnerabilities fixed in Veritas Backup Exec
Veritas has fixed three vulnerabilities in Veritas Backup Exec. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to execute commands under SYSTEM privileges on systems on which a Veritas Backup Exec Agent is installed. In addition, the vulnerabilities can be...
Serious vulnerabilities fixed in Microsoft Exchange Server
Vulnerabilities have been fixed in Microsoft Exchange Server. A combination of several vulnerabilities allow a malicious person remotely able to execute arbitrary code under SYSTEM privileges Microsoft states that the vulnerabilities with attribute CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 a...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerability fixed in Red Hat Satellite
A vulnerability has been fixed in Red Hat Satellite. The vulnerability allows an authenticated malicious person with access to the server to obtain sensitive data. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Redis
A vulnerability has been fixed in Redis. A malicious party could vulnerability potentially exploit it to cause a denial-of-service cause or execute arbitrary code under privileges of the Redis application. Only Redis installations with a bulk input size significantly higher than 512MB are...
Vulnerability fixed in Keycloak
A vulnerability has been fixed in Keycloak. The vulnerability allows a malicious party to bypass authentication. Red Hat has released updates to fix the vulnerability. More information can be found on the pages below: https://issues.jboss.org/browse/KEYCLOAK-14090...
Vulnerability fixed in Kaspersky Endpoint Security
Kaspersky has fixed a vulnerability in Kaspersky Endpoint Security and Kaspersky Rescue Disk. A local malicious person with administrator privileges or a malicious person with physical access to the vulnerable device could exploit the vulnerability to bypass of UEFI Secure Boot. This could allow...
Vulnerabilities fixed in Salt
Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing authentication Bypassing security measur...
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed vulnerabilities in Bridge. The vulnerabilities allow a remote malicious person to execute arbitrary execute arbitrary code under the victim's privileges. To exploit the vulnerability, the malicious party must cause the victim to induce malicious TTF files to be loaded. Adobe has...
Vulnerabilities fixed in LibTIFF
Vulnerabilities have been fixed in LibTIFF. The vulnerabilities enable an unauthenticated remote malicious agent to opportunity to cause a denial-of-service or potentially execute arbitrary code under user privileges. The malicious party to do this must induce the victim to open a rogue TIFF file...
Vulnerabilities fixed in MongoDB
Vulnerabilities have been fixed in MongoDB. The vulnerabilities allow an unauthorized remote malicious person to obtain opportunity to obtain sensitive data. The malicious party must perform a successful man-in-the-middle attack that undoes the encryption of data is undone. Exploiting this...
Vulnerability found in Rockwell Automation Logix Controllers
A vulnerability has been found in Rockwell Automation Logix Controllers. The vulnerability allows a malicious party to bypass authentication. After this, it is possible to modify the configuration of the vulnerable system and to execute arbitrary code execute. The attack should be performed from...
Vulnerabilities fixed in Node.js
Node.js developers have fixed vulnerabilities. The vulnerabilities allow an unauthorized remote malicious person to remote user to cause a denial-of-service and to bypass a security measure. -= Debian =- Debian has made updates to nodejs available for to address the vulnerabilities. You can insta...
Vulnerabilities fixed in Cisco NX-OS
Vulnerabilities have been fixed in NX-OS. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Cisco categorizes these vulnerabilities according to the CVSSv3...
Vulnerabilities fixed in Ansible
Vulnerabilities have been fixed in Ansible. The vulnerabilities allow a remote malicious party to obtain sensitive to obtain data and system information. RedHat categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 5. -= Red Hat =- Red Hat has made updates...