4199 matches found
Vulnerabilities fixed in Cisco NX-OS
Vulnerabilities have been fixed in NX-OS. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Cisco categorizes these vulnerabilities according to the CVSSv3...
Vulnerabilities fixed in Ansible
Vulnerabilities have been fixed in Ansible. The vulnerabilities allow a remote malicious party to obtain sensitive to obtain data and system information. RedHat categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 5. -= Red Hat =- Red Hat has made updates...
Vulnerabilities fixed in Cisco FXOS and NX-OS
Cisco has fixed vulnerabilities in FXOS and NX-OS. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service and to execute arbitrary code under root privileges. Cisco categorizes this vulnerability according to the CVSSv3 method with a score...
Vulnerabilities fixed in Cisco Nexus 9000 series
Cisco has fixed vulnerabilities in Nexus 9000 Series Fabric Switches. The vulnerabilities allow an unauthenticated remote malicious party able to cause a denial-of-service cause and to bypass a security measure. Cisco categorizes these vulnerabilities according to the CVSSv3 method with a highest...
Vulnerabilities fixed in the Ubuntu kernel
Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...
Vulnerability fixed in NetApp products
A vulnerability has been fixed in NetApp products. The vulnerability allows an unauthenticated remote malicious person able to use a so-called man-in-the-middle attack to obtain to obtain sensitive data. Exploiting this vulnerability requires expertise. NetApp has released updates to fix the...
Large number of vulnerabilities fixed in Red Hat OpenShift container platform
Red Hat has released version 4.7.0 of its OpenShift Container Platform. In this update, a very large number of vulnerabilities have been fixed, both in OpenShift itself, underlying applications and in the underlying operating system. The underlying vulnerabilities were previously fixed at the...
Vulnerabilities fixed in Citrix Hypervisor
Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a malicious person with administrator privileges within the guest VM to cause a denial-of-service on the host. Citrix has released updates to fix the vulnerabilities. More information can be found on the page belo...
Vulnerability fixed in IBM Integration Bus
A vulnerability has been fixed in IBM Integration Bus. The vulnerability allows a remote malicious party to perform a denial-of-service attack. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6416609...
Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing Accessin...
Vulnerability fixed in Huawei S5700
A vulnerability has been fixed in the Huawei S5700 switch. The vulnerability allows a malicious party to cause a denial-of-service cause. Huawei has made little information made available. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in VMware ESXi and vSpher
VMware has fixed vulnerabilities in ESXi and vCentre vSphere. The vulnerabilities allow a malicious person to execute arbitrary code on ESXi and vCentre. Also, the the vulnerabilities allow the malicious party to launch a Cross-Site Request Forgery attack on vCentre. It is good practice to unlock...
Vulnerabilities fixed in Aruba ClearPass Policy Manager
Vulnerabilities have been fixed in Aruba ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root privileges SQL Injection Increase...
Vulnerabilities fixed in Intel BIOS
Intel has fixed vulnerabilities in the BIOS which is used along with specific Xeon and Atom processors. The vulnerabilities enable a locally authenticated malicious person to opportunity to obtain elevated privileges. The malicious party needs physical access to the vulnerable machine to do so...
Vulnerabilities fixed in AirWave
Vulnerabilities have been fixed in the web-based management interface of AirWave. The vulnerabilities allow a malicious able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...
Vulnerabilities fixed in Ruby on Rails
Vulnerabilities have been fixed in Ruby on Rails. The vulnerabilities allow a malicious party to cause a denial-of-service cause and redirect a user to a rogue web page. The Ruby on Rails developers have released updates to fix the vulnerabilities. More information can be found on the pages below...
Vulnerability fixed in Atlassian Jira
A vulnerability has been fixed in Jira. The vulnerability allows unauthenticated a malicious person to gain access to system data Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/JRASERVER-72014...
Vulnerability fixed in Jenkins
A vulnerability has been fixed in Jenkins. The vulnerability allows an authenticated malicious person to obtain elevated privileges. obtain. Jenkins has released updates to fix the vulnerability. More information can be found on the page below: https://www.jenkins.io/security/advisory/2021-02-19/...
Vulnerability fixed in OpenLDAP
A vulnerability has been fixed in OpenLDAP. The vulnerability allows an unauthenticated remote malicious party to cause a denial-of-service attack. The developers of OpenLDAP have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Python developers have indicated that the vulnerability with...
Vulnerability fixed in IBM WebSphere Application Server
IBM WebSphere Application Server can let an attacker remotely access folders access folders. An attacker can send a specially crafted URL request with "dot-dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in Atlassian Bitbucket
By placing a specially crafted DLL file in the Bitbucket installation directory, an unauthorized user can execute arbitrary code with SYSTEM privileges on a Windows system on which the vulnerable Bitbucket software is installed. Atlassian has released updates to fix the vulnerability. fix. For mo...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in the Jira Server for Slack plugin. An authenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code on the Jira server. No CVE number has yet been disclosed for the vulnerability. disclosed. Jira installations tha...
Vulnerability fixed in Xen
The developers of the Xen hypervisor have fixed a vulnerability fixed. A local malicious party within a guest system could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause on the host or to obtain elevated privileges. Versions of Xen equal to or high...
Vulnerability fixed in Cisco Anyconnect Client
Cisco has fixed a vulnerability in the Anyconnect client for Windows. A local, authenticated malicious party could exploit the exploit the vulnerability to perform a DLL hijack and thus potentially execute arbitrary code under SYSTEM privileges. Cisco has released updates to fix the vulnerability...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Red Hat has fixed multiple vulnerabilities in OpenShift Container Platform. The vulnerabilities are in the applications Jenkins and Ant, and allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Cross-Site...
Vulnerability fixed in BIND
A vulnerability has been fixed in ISC BIND. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause. This vulnerability can only be exploited when BIND is configured to make use of GSS-TSIG. This is not the default configuration. In environments where BIND...
Vulnerabilities fixed in PHP
Several vulnerabilities have been fixed in PHP. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data -= Debian =- Debian has made updat...
Vulnerability fixed in Foxit Reader and Foxit PhantomPDF
Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the privileges of the logged-in user. Foxit has released updates to fix the vulnerabilities. For more...
Multiple vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...
Vulnerabilities fixed in XEN
The developers of XEN have fixed a number of vulnerabilities. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service on the guest system and possibly even the entire virtualization environment. Also, a malicious person could possibly gain access to sensitive...
Vulnerabilities fixed in ClearPass Policy Manager
Vulnerabilities have been fixed in ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights SQL Injection Increased user...
Vulnerability fixed in Red Hat kernel
Vulnerabilities have been fixed in the Red Hat kernel. The vulnerabilities allow a locally authenticated malicious agent to able to cause a denial-of-service and to launch a so-called chache-poisioning attack. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You ca...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Access to system data -= Red Hat =- Red Hat has...
Vulnerabilities fixed in OpenSSL
Vulnerabilities have been fixed in OpenSSL. The vulnerabilities allow a malicious party to remotely initiate a denial-of-service by offering a rogue certificate to to an SSL server or SSL client. When an SSL server still supports SSLv2, it is possible to inadvertently establish a connection and...
Vulnerabilities fixed in IBM WebSphere Application Server
Vulnerabilities have been fixed in IBM WebSphere. The vulnerabilities with reference CVE-2020-2773, CVE-2020-14781 and CVE-2020-14782 have been previously described in the security advisories with attribute NCSC-2020-0279 and NCSC-2020-0856. The vulnerability with attribute CVE-2020-27221 allows ...
Vulnerabilities fixed in IBM Spectrum Protect Plus
Vulnerabilities have been fixed in IBM Spectrum Protect. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Circumvention of security measure IBM...
Vulnerabilities fixed in Jira
Vulnerabilities have been fixed in JIRA. The vulnerabilities allow a malicious person to perform a Cross-Site Scripting attack and to obtain system data. Atlassian categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 8.2. Atlassian has released updates to addre...
Vulnerability fixed in Apache Subversion (SVN)
Apache has fixed a vulnerability in Subversion SVN. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. Apache categorizes this vulnerability according to the CVSSv3 method with a score of 7.5. Apache has released updates to fix the...
Vulnerability fixed in vSphere Replication
VMWare has fixed a vulnerability in vSphere Replicator. A malicious person with management privileges in Replicator can exploit the vulnerability exploit it to execute arbitrary code with system privileges on the underlying system. Because such an attack fits into the so-called "evil admin"...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data No CVE numbers have yet been...
Vulnerabilities fixed in PostgreSQL
Several vulnerabilities have been fixed in PostgreSQL. A malicious person with limited privileges could potentially exploit them to gain access to data stored in a PostgreSQL database. Developers have released updates to fix the vulnerabilities fixes in PostgreSQL 13.2, 12.6, 11.11, 10.16, 9.6.21...
Multiple vulnerabilities fixed in F5 BIG-IP products
F5 has fixed several vulnerabilities in BIG-IP. Malicious parties can exploit the vulnerabilities to cause a denial-of-service or perform cross-site scripting attacks. Authenticated malicious actors can exploit some of the vulnerabilities exploit them to bypass security measures and gain access...
Vulnerability fixed in IBM Spectrum Protect Plus
IBM has fixed a vulnerability in Spectrum Protect Plus. A unauthenticated remote malicious party can exploit the vulnerability exploit it to cause a denial-of-service. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.7.2 10.1.7 ifix2. For more information, see:...
Vulnerabilities fixed in SUSE Linux kernel
Several vulnerabilities have been fixed in SUSE Linux Enterprise Server. The vulnerabilities enable a malicious person remote or otherwise to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root...
Vulnerabilities fixed in Schneider Electric equipment
Vulnerabilities have been fixed in Schneider Electric devices. The vulnerabilities allow an unauthorized malicious person at remotely able to cause a denial-of-service and to obtain sensitive data Schneider Electric has released updates to address the vulnerabilities. fix. More information can be...
Vulnerability fixed in IBM WebSphere Application Server
IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. An external attacker can exploit this security vulnerability to obtain obtain sensitive information. IBM has released updates to fix the vulnerability. For more information, see...
Vulnerabilities fixed in McAfee Endpoint Security
McAfee has fixed vulnerabilities in Endpoint Security for Windows. A local malicious agent could exploit the vulnerabilities to obtain elevated privileges and to execute arbitrary code with user privileges through a cross-site scripting XSS attack. In addition, the vulnerabilities can be exploite...
Vulnerabilities fixed in Xerox WorkCentre
Xerox has fixed several vulnerabilities in WorkCentre. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is...
Vulnerabilities fixed in Adobe Acrobat
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates fix multiple critical and important vulnerabilities. Successful misuse can lead to execution of arbitrary code in the context of the current user or obtain elevated privileges. Adobe has received...