Large number of vulnerabilities fixed in Xerox FreeFlow Print Server

Xerox has fixed a large number of vulnerabilities in Xerox FreeFlow Print Server. The vulnerabilities are in the following underlying components: Microsoft Windows 10 Java 8 Firefox Xerox has released updates to fix the vulnerabilities in Freeflow print server. For more information, see the...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code and for a denial-of-service attack. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...

Vulnerability fixed in VxWorks

In Wind River VxWorks, the memory allocator has a possible overflow when calculating the size of the memory block that should be allocated by calloc. The result is that the actual allocated memory is smaller than the buffer size specified by the arguments, leading to memory corruption. The...

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox and Firefox ESR. A remote malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the application's permissions. For now, there are few substantive details about the vulnerability...

Vulnerabilities fixed in OpenSUSE Linux kernel

Several vulnerabilities have been fixed in the Linux kernel as used by openSUSE. The vulnerabilities allow a local, authenticated malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution at the kernel level Access to sensiti...

Vulnerability fixed in PHP

A vulnerability has been fixed in PHP. The vulnerability allows an authenticated remote malicious party capable of causing a denial-of-service attack. PHP developers have released updates to fix the vulnerability. More information can be found at the page below:...

Vulnerabilities fixed in OpenLDAP

Vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated remote malicious person to cause a denial-of-service. The developers of OpenLDAP have released updates to fix the vulnerabilities. More information can be found on the pages below:...

Vulnerability fixed in IBM Integration Bus

IBM has fixed a vulnerability in the node.js component of Integration Bus. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. IBM has released updates to fix the vulnerability in Integration Bus V10.0.0.23. For more information, see:...

Serious vulnerability fixed in SonicWall SMA100 Series

A vulnerability has been fixed in the SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to obtain login credentials to the system by executing an SQL injection. SonicWall has released updates to fix the vulnerability. fix. More information can be...

Vulnerability found in Adobe ColdFusion

A vulnerability has been found in Adobe ColdFusion. Due to an error in the permissions structure, a local malicious agent can place a specially prepared DLL file to execute arbitrary code under SYSTEM privileges. For more information, see the page below: https://www.kb.cert.org/vuls/id/125331 At...

Vulnerability fixed in Webex Meetings and Meetings Server

A vulnerability has been fixed in Cisco Webex Meetings and Cisco Webex Meetings Server. The vulnerability allows an authenticated remote malicious party to add a rogue URL to the username field within a Webex invitation. Cisco has released updates to fix the vulnerability. More information can be...

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed several vulnerabilities in IOS XR. A unauthenticated malicious person could remotely exploit them to cause a denial-of-service, circumvent bypassing security measures or obtaining system information. The vulnerabilities marked CVE-2021-1288 and CVE-2021-1313 involve a...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

Vulnerabilities fixed in GitLab Community and Enterprise Edition

GitLab has fixed a number of vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data...

Serious vulnerabilities fixed in SolarWinds Orion

Vulnerabilities have been fixed in SolarWinds Orion. The vulnerability with reference CVE-2021-25274 allows an unauthenticated remote malicious person to execute arbitrary code with SYSTEM privileges. The vulnerability with attribute CVE-2021-25275 allows a local malicious person to access...

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to execute arbitrary code. execute. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6408626...

Vulnerabilities fixed in Red Hat AMQ

Vulnerabilities have been fixed in Red Hat AMQ. The vulnerability with reference CVE-2020-27216 allows a local malicious person to to obtain elevated privileges. The vulnerability with attribute CVE-2020-27218 allows a remote malicious person to gain access to system data. Red Hat has released...

Large number of vulnerabilities fixed in Xerox FreeFlow Print Server

Xerox has fixed a large number of vulnerabilities in Xerox FreeFlow Print Server. The vulnerabilities are in the following underlying components: Microsoft Windows 7 Java 8 Firefox Misuse of the vulnerabilities allow unauthenticated remote malicious actors to launch attacks that can result in the...

Vulnerabilities fixed in Clustered Data ONTAP

NetApp has fixed two vulnerabilities. An unauthorized malicious party can use the vulnerabilities to discover the presence of data, which is stored outside his authorizations. stored. NetApp has released updates to fix the vulnerabilities in Clustered Data ONTAP. For more information, see:...

Vulnerabilities fixed in Android

Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges As usual,...

Vulnerabilities fixed in the Debian kernel

Vulnerabilities have been fixed in Debian's kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data Increased user privileges Debian has released...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed a large number of vulnerabilities in Apple iOS and iPadOS 14.4. A malicious party can exploit the vulnerabilities to cause the following types of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple =- Apple has made updates available ...

Vulnerabilities fixed in Apple macOS

Apple has fixed a large number of vulnerabilities in Apple MacOS Big Sur 11, Catalina 10.15 and Mojave 10.14. A malicious person can exploit the vulnerabilities to cause the following types of damage cause: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple...

Vulnerability fixed in Libgcrypt

A vulnerability has been fixed in Libgcrypt. The vulnerability allows a remote malicious person to execute arbitrary code execute under the user's privileges. The developers of GnuPG have released updates to fix the vulnerability. More information can be found at the page below:...

Vulnerability fixed in Atlassian Bamboo

A vulnerability has been fixed in Atlassian Bamboo. A unauthenticated malicious person could exploit the vulnerability to obtain system data. Atlassian has released updates to fix the vulnerability in Bamboo. For more information, see: https://confluence.atlassian.com/bamboo...

Vulnerabilities fixed in Apache ActiveMQ

Vulnerabilities have been fixed in Apache ActiveMQ. The vulnerabilities allow a malicious party to bypass authentication bypassing. Bypassing authentication is only possible when the optional LDAP login module is used. Apache has released updates to fix the vulnerability. More information can be...

Vulnerability fixed in WinSCP

A vulnerability has been fixed in WinSCP. A malicious party could potentially exploit the vulnerability to execute arbitrary code execute arbitrary code under a user's privileges. To do so, the user to visit a rogue URI that will open in WinSCP. WinSCP has released updates to fix the vulnerabilit...

Vulnerability fixed in Jenkins

A vulnerability has been fixed in Jenkins. A malicious party can exploit the vulnerability to obtain information from the system, potentially bypassing existing security measures. bypassing existing security measures. This vulnerability arose in the most recent version of Jenkins when the...

Vulnerabilities fixed in Xerox WorkCentre

Xerox has fixed a number of vulnerabilities in Xerox WorkCentre multifunction printers. Passwords, which are stored on the multifunctional are better encrypted, system accounts have been made visible and manageable, and the ability to use the included McAfee Embedded Control has been removed. One...

Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform

Red Hat has made updates available for JBoss Enterprise Application Platform. A malicious party could potentially exploit them to cause a denial-of-service or for obtaining sensitive information. This also fixes the vulnerabilities described in NCSC-2020-0968 and NCSC-2020-1010. Red Hat has made...

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows a malicious party to obtain sensitive information and to potentially cause a denial-of-service cause. The attack on this vulnerability is known as an External Entity Injection XXE attack in which rogue co...

Vulnerability fixed in Apple XCode

Apple has fixed a vulnerability in XCode. A malicious could potentially exploit the vulnerability to gain access to arbitrary files and thus sensitive data. The malicious party must entice the victim to install a malicious application. -= Apple =- Apple has made updates available for XCode to fix...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious person, possibly remotely, can exploit the vulnerabilities exploit them to execute arbitrary code or to obtain elevated privileges on the vulnerable system. Apple has made few substantive details publicly available, but...

Vulnerability fixed in Linux kernel

A vulnerability has been fixed in the Linux kernel. A malicious party can exploit the vulnerability to obtain sensitive information via a "path traversal" attack that allows security measures can be bypassed. The vulnerability can only be exploited when the target system provides a file system to...

Vulnerabilities fixed in sudo

Several vulnerabilities have been fixed in sudo. A local malicious party can, by exploiting these vulnerabilities, gain gain root privileges on the vulnerable system. The developers of sudo have released updates to fix the vulnerability marked CVE-2021-3156 in version 1.9.5p2. The vulnerabilities...

Vulnerabilities fixed in Mozilla Firefox ESR

Mozilla has fixed several vulnerabilities in Firefox ESR. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system...

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed several vulnerabilities in Firefox. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitive...

Vulnerabilities fixed in Mozilla Thunderbird

Mozilla has fixed several vulnerabilities in Thunderbird. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system...

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to bypass a security measure and perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers of MIS...

Vulnerabilities fixed in OpenShift Container Platform

Red Hat has fixed multiple vulnerabilities in OpenShift Container Platform. A remote malicious party can exploit the exploit the vulnerabilities to gain access to sensitive information. Red Hat has released updates to fix the vulnerabilities in OpenShift Container Platform 3.11.374. For more...

Vulnerabilities fixed in Oracle Virtualization

Vulnerabilities have been fixed in Oracle Virtualization/Virtualbox. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Oracle Supply Chain Products Suite

Oracle has fixed multiple vulnerabilities in Supply Chain Products Suite. The vulnerabilities potentially enable a malicious person able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Remote code execution User Rights Access to...

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure SQL Injection Accessing sensitive data Accessing...

Vulnerability fixed in IBM Integration Bus

A vulnerability has been fixed in IBM Integration Bus. The vulnerability allows a remote malicious party to cause a Denial-of-Service or execute arbitrary code under the user's privileges. IBM has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerability fixed in Oracle Java SE

Oracle has fixed vulnerabilities in the following Oracle Java products: Java SE JDK and JRE The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to system data. Only applications that execute untrusted code e.g., using third-party...

Vulnerabilities fixed in Cisco Unified Communications

Cisco has fixed multiple vulnerabilities in several Unified Communications products. An authenticated malicious person remote can exploit the vulnerabilities to gain access data on the underlying file system or in the underlying database. This includes hashed passwords stored in this database...

Vulnerability fixed in Cisco Security Appliances

Cisco has fixed multiple vulnerabilities in Cisco Email Security Appliance, Cisco Content Security Management Appliance and Cisco Web Security Appliance. A malicious party could exploit it to obtain information about the system. Cisco has released updates to fix the vulnerability. For more...

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data Access to system data...

Vulnerabilities fixed in Cisco Data Center Network Manager

Cisco has fixed multiple vulnerabilities in several Data Center Network Manager components. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Bypassing authentication Circumvention of...

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following Oracle Database Server products: Database - Enterprise Edition Text Advanced Networking Option Application Express APEX PERL The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to...