Vulnerability fixed in IBM WebSphere Application Server

IBM WebSphere Application Server can let an attacker remotely access folders access folders. An attacker can send a specially crafted URL request with "dot-dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. For more information, see:...

Vulnerability fixed in Atlassian Bitbucket

By placing a specially crafted DLL file in the Bitbucket installation directory, an unauthorized user can execute arbitrary code with SYSTEM privileges on a Windows system on which the vulnerable Bitbucket software is installed. Atlassian has released updates to fix the vulnerability. fix. For mo...

Vulnerabilities fixed in PHP

Several vulnerabilities have been fixed in PHP. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data -= Debian =- Debian has made updat...

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in the Jira Server for Slack plugin. An authenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code on the Jira server. No CVE number has yet been disclosed for the vulnerability. disclosed. Jira installations tha...

Vulnerability fixed in Xen

The developers of the Xen hypervisor have fixed a vulnerability fixed. A local malicious party within a guest system could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause on the host or to obtain elevated privileges. Versions of Xen equal to or high...

Vulnerability fixed in Cisco Anyconnect Client

Cisco has fixed a vulnerability in the Anyconnect client for Windows. A local, authenticated malicious party could exploit the exploit the vulnerability to perform a DLL hijack and thus potentially execute arbitrary code under SYSTEM privileges. Cisco has released updates to fix the vulnerability...

Vulnerability fixed in BIND

A vulnerability has been fixed in ISC BIND. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause. This vulnerability can only be exploited when BIND is configured to make use of GSS-TSIG. This is not the default configuration. In environments where BIND...

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Red Hat has fixed multiple vulnerabilities in OpenShift Container Platform. The vulnerabilities are in the applications Jenkins and Ant, and allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Cross-Site...

Vulnerabilities fixed in ClearPass Policy Manager

Vulnerabilities have been fixed in ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights SQL Injection Increased user...

Vulnerabilities fixed in OpenSSL

Vulnerabilities have been fixed in OpenSSL. The vulnerabilities allow a malicious party to remotely initiate a denial-of-service by offering a rogue certificate to to an SSL server or SSL client. When an SSL server still supports SSLv2, it is possible to inadvertently establish a connection and...

Vulnerabilities fixed in XEN

The developers of XEN have fixed a number of vulnerabilities. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service on the guest system and possibly even the entire virtualization environment. Also, a malicious person could possibly gain access to sensitive...

Vulnerability fixed in Foxit Reader and Foxit PhantomPDF

Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the privileges of the logged-in user. Foxit has released updates to fix the vulnerabilities. For more...

Multiple vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Access to system data -= Red Hat =- Red Hat has...

Vulnerability fixed in Red Hat kernel

Vulnerabilities have been fixed in the Red Hat kernel. The vulnerabilities allow a locally authenticated malicious agent to able to cause a denial-of-service and to launch a so-called chache-poisioning attack. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You ca...

Vulnerabilities fixed in IBM WebSphere Application Server

Vulnerabilities have been fixed in IBM WebSphere. The vulnerabilities with reference CVE-2020-2773, CVE-2020-14781 and CVE-2020-14782 have been previously described in the security advisories with attribute NCSC-2020-0279 and NCSC-2020-0856. The vulnerability with attribute CVE-2020-27221 allows ...

Vulnerabilities fixed in IBM Spectrum Protect Plus

Vulnerabilities have been fixed in IBM Spectrum Protect. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Circumvention of security measure IBM...

Vulnerabilities fixed in Jira

Vulnerabilities have been fixed in JIRA. The vulnerabilities allow a malicious person to perform a Cross-Site Scripting attack and to obtain system data. Atlassian categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 8.2. Atlassian has released updates to addre...

Vulnerability fixed in Apache Subversion (SVN)

Apache has fixed a vulnerability in Subversion SVN. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. Apache categorizes this vulnerability according to the CVSSv3 method with a score of 7.5. Apache has released updates to fix the...

Vulnerabilities fixed in PostgreSQL

Several vulnerabilities have been fixed in PostgreSQL. A malicious person with limited privileges could potentially exploit them to gain access to data stored in a PostgreSQL database. Developers have released updates to fix the vulnerabilities fixes in PostgreSQL 13.2, 12.6, 11.11, 10.16, 9.6.21...

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data No CVE numbers have yet been...

Vulnerability fixed in vSphere Replication

VMWare has fixed a vulnerability in vSphere Replicator. A malicious person with management privileges in Replicator can exploit the vulnerability exploit it to execute arbitrary code with system privileges on the underlying system. Because such an attack fits into the so-called "evil admin"...

Vulnerabilities fixed in SUSE Linux kernel

Several vulnerabilities have been fixed in SUSE Linux Enterprise Server. The vulnerabilities enable a malicious person remote or otherwise to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root...

Vulnerability fixed in IBM WebSphere Application Server

IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. An external attacker can exploit this security vulnerability to obtain obtain sensitive information. IBM has released updates to fix the vulnerability. For more information, see...

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. A unauthenticated remote malicious party can exploit the vulnerability exploit it to cause a denial-of-service. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.7.2 10.1.7 ifix2. For more information, see:...

Vulnerabilities fixed in Schneider Electric equipment

Vulnerabilities have been fixed in Schneider Electric devices. The vulnerabilities allow an unauthorized malicious person at remotely able to cause a denial-of-service and to obtain sensitive data Schneider Electric has released updates to address the vulnerabilities. fix. More information can be...

Multiple vulnerabilities fixed in F5 BIG-IP products

F5 has fixed several vulnerabilities in BIG-IP. Malicious parties can exploit the vulnerabilities to cause a denial-of-service or perform cross-site scripting attacks. Authenticated malicious actors can exploit some of the vulnerabilities exploit them to bypass security measures and gain access...

Vulnerabilities fixed in McAfee Endpoint Security

McAfee has fixed vulnerabilities in Endpoint Security for Windows. A local malicious agent could exploit the vulnerabilities to obtain elevated privileges and to execute arbitrary code with user privileges through a cross-site scripting XSS attack. In addition, the vulnerabilities can be exploite...

Vulnerabilities fixed in Xerox WorkCentre

Xerox has fixed several vulnerabilities in WorkCentre. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is...

Vulnerabilities fixed in Apple macOS

Vulnerabilities have been fixed in Apple macOS. The vulnerabilities allow a local malicious person to obtain elevated privileges to obtain or execute arbitrary code with kernel privileges. The vulnerability with attribute CVE-2021-3156 is known as the sudo vulnerability named "Baron Samedit." Mor...

Vulnerability fixed in the Ubuntu kernel

A vulnerability has been fixed in Ubuntu's kernel. The vulnerability allows a local malicious person to run programs run as administrator, execute arbitrary code as root or cause a denial-of-service. Canonical has released updates to fix the vulnerability. fix. More information can be found on th...

Vulnerabilities fixed in Adobe Acrobat

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates fix multiple critical and important vulnerabilities. Successful misuse can lead to execution of arbitrary code in the context of the current user or obtain elevated privileges. Adobe has received...

Vulnerabilities fixed in Siemens Scalance products

Siemens has fixed several vulnerabilities in SCALANCE switches. A malicious party could exploit the vulnerabilities to cause a denial-of-service, for obtaining sensitive data or to perform management actions under the privileges of the affected user. To cause a denial-of-service, or perform...

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Red Hat has fixed multiple vulnerabilities in OpenShift Container Platform. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to...

Vulnerability fixed in PEAR

A vulnerability has been fixed in PEAR ArchiveTar. A malicious party could potentially exploit the vulnerability to run execute arbitrary PHP code under the privileges of the application. To do this, the malicious party must create a rogue .tar-, .tar.gz, .bz2, or .tlz file to be processed by the...

Vulnerability fixed in Apache ActiveMQ

A vulnerability has been found in Apache ActiveMQ. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Apache has released updates to f...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data, impersonate another user, and/or execute arbitrary code with user privileges. Below is a summary of the various vulnerabilities describe...

Vulnerabilities fixed in QEMU

Several vulnerabilities have been fixed in QEMU. A malicious person within a QEMU VM could potentially exploit the vulnerabilities to gaining access to sensitive data or to cause a denial-of-service. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS and...

Vulnerability fixed in Roundcube Webmail

A vulnerability has been fixed in Roundcube Webmail. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. To do this, the malicious...

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed two vulnerabilities in Exchange Server. A malicious party can exploit the vulnerabilities to impersonate impersonate another user. Microsoft Exchange Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

Vulnerability fixed in Siemens TIA Portal

Siemens has fixed a vulnerability in TIA Portal. A local malicious party could potentially exploit the vulnerability to obtain elevated privileges and thus execute arbitrary code execute code with SYSTEM privileges. To exploit the vulnerability, the malicious party must have physical access to th...

Vulnerability fixed in Simatic WinCC and PCS7

Siemens has fixed a vulnerability in Simatic WinCC Graphics Designer Tool and PCS7. a local malicious person could exploit it to gain access to a user, even any password-protected ones. To exploit the vulnerability, the malicious party needs physical access to the system where the vulnerable...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed two vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to impersonate as another user and potentially gain access to sensitive data. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

Fixed vulnerabilities in Windows Defender and System Center Operations Manager

Microsoft has fixed vulnerabilities in Windows Defender and Microsoft System Center Operations Manager. A malicious party could vulnerabilities potentially exploit them to gain higher privileges. Windows Defender: |----------------|------|-------------------------------------| | CVE ID | CVSS |...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS SQL Injection Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Bypassing...

Vulnerabilities fixed in Siemens Ruggedcom ROX

Siemens has fixed vulnerabilities in several Ruggedcom ROX products. A malicious party could exploit the vulnerabilities to causing a denial-of-service of the vulnerable systems, or for obtaining sensitive data. The malicious party must have access to the production environment. It is good practi...

Vulnerabilities fixed in Docker

Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...

Vulnerabilities fixed in NetApp Active IQ

NetApp has fixed several vulnerabilities in Active IQ. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data NetApp has...

Vulnerabilities fixed in Oracle Linux

Vulnerabilities have been fixed in the Oracle Linux kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Oracle has released updates t...

Vulnerabilities fixed in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - cause a denial-of-service, - bypass security measures, - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data. Below is a summary of the...