4197 matches found
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed two vulnerabilities in Exchange Server. A malicious party can exploit the vulnerabilities to impersonate impersonate another user. Microsoft Exchange Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS SQL Injection Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Bypassing...
Vulnerability fixed in Apache ActiveMQ
A vulnerability has been found in Apache ActiveMQ. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Apache has released updates to f...
Fixed vulnerabilities in Windows Defender and System Center Operations Manager
Microsoft has fixed vulnerabilities in Windows Defender and Microsoft System Center Operations Manager. A malicious party could vulnerabilities potentially exploit them to gain higher privileges. Windows Defender: |----------------|------|-------------------------------------| | CVE ID | CVSS |...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data, impersonate another user, and/or execute arbitrary code with user privileges. Below is a summary of the various vulnerabilities describe...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - cause a denial-of-service, - bypass security measures, - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data. Below is a summary of the...
Vulnerability fixed in Siemens TIA Portal
Siemens has fixed a vulnerability in TIA Portal. A local malicious party could potentially exploit the vulnerability to obtain elevated privileges and thus execute arbitrary code execute code with SYSTEM privileges. To exploit the vulnerability, the malicious party must have physical access to th...
Vulnerabilities fixed in Oracle Linux
Vulnerabilities have been fixed in the Oracle Linux kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Oracle has released updates t...
Vulnerabilities fixed in QEMU
Several vulnerabilities have been fixed in QEMU. A malicious person within a QEMU VM could potentially exploit the vulnerabilities to gaining access to sensitive data or to cause a denial-of-service. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS and...
Vulnerability fixed in PEAR
A vulnerability has been fixed in PEAR ArchiveTar. A malicious party could potentially exploit the vulnerability to run execute arbitrary PHP code under the privileges of the application. To do this, the malicious party must create a rogue .tar-, .tar.gz, .bz2, or .tlz file to be processed by the...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed two vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to impersonate as another user and potentially gain access to sensitive data. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in Roundcube Webmail
A vulnerability has been fixed in Roundcube Webmail. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. To do this, the malicious...
Vulnerability fixed in Simatic WinCC and PCS7
Siemens has fixed a vulnerability in Simatic WinCC Graphics Designer Tool and PCS7. a local malicious person could exploit it to gain access to a user, even any password-protected ones. To exploit the vulnerability, the malicious party needs physical access to the system where the vulnerable...
Vulnerabilities fixed in Siemens Scalance products
Siemens has fixed several vulnerabilities in SCALANCE switches. A malicious party could exploit the vulnerabilities to cause a denial-of-service, for obtaining sensitive data or to perform management actions under the privileges of the affected user. To cause a denial-of-service, or perform...
Vulnerabilities fixed in NetApp Active IQ
NetApp has fixed several vulnerabilities in Active IQ. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data NetApp has...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Red Hat has fixed multiple vulnerabilities in OpenShift Container Platform. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to...
Vulnerabilities fixed in Siemens Ruggedcom ROX
Siemens has fixed vulnerabilities in several Ruggedcom ROX products. A malicious party could exploit the vulnerabilities to causing a denial-of-service of the vulnerable systems, or for obtaining sensitive data. The malicious party must have access to the production environment. It is good practi...
Large number of vulnerabilities fixed in Xerox FreeFlow Print Server
Xerox has fixed a large number of vulnerabilities in Xerox FreeFlow Print Server. The vulnerabilities are in the following underlying components: Microsoft Windows 10 Java 8 Firefox Xerox has released updates to fix the vulnerabilities in Freeflow print server. For more information, see the...
Vulnerabilities fixed in Docker
Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code and for a denial-of-service attack. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...
Vulnerability fixed in Mozilla Firefox
Mozilla has fixed a vulnerability in Firefox and Firefox ESR. A remote malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the application's permissions. For now, there are few substantive details about the vulnerability...
Vulnerability fixed in VxWorks
In Wind River VxWorks, the memory allocator has a possible overflow when calculating the size of the memory block that should be allocated by calloc. The result is that the actual allocated memory is smaller than the buffer size specified by the arguments, leading to memory corruption. The...
Vulnerabilities fixed in OpenSUSE Linux kernel
Several vulnerabilities have been fixed in the Linux kernel as used by openSUSE. The vulnerabilities allow a local, authenticated malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution at the kernel level Access to sensiti...
Vulnerability fixed in IBM Integration Bus
IBM has fixed a vulnerability in the node.js component of Integration Bus. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. IBM has released updates to fix the vulnerability in Integration Bus V10.0.0.23. For more information, see:...
Vulnerabilities fixed in OpenLDAP
Vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated remote malicious person to cause a denial-of-service. The developers of OpenLDAP have released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerability fixed in PHP
A vulnerability has been fixed in PHP. The vulnerability allows an authenticated remote malicious party capable of causing a denial-of-service attack. PHP developers have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerability fixed in Webex Meetings and Meetings Server
A vulnerability has been fixed in Cisco Webex Meetings and Cisco Webex Meetings Server. The vulnerability allows an authenticated remote malicious party to add a rogue URL to the username field within a Webex invitation. Cisco has released updates to fix the vulnerability. More information can be...
Vulnerabilities fixed in Cisco IOS XR
Cisco has fixed several vulnerabilities in IOS XR. A unauthenticated malicious person could remotely exploit them to cause a denial-of-service, circumvent bypassing security measures or obtaining system information. The vulnerabilities marked CVE-2021-1288 and CVE-2021-1313 involve a...
Serious vulnerability fixed in SonicWall SMA100 Series
A vulnerability has been fixed in the SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to obtain login credentials to the system by executing an SQL injection. SonicWall has released updates to fix the vulnerability. fix. More information can be...
Vulnerability found in Adobe ColdFusion
A vulnerability has been found in Adobe ColdFusion. Due to an error in the permissions structure, a local malicious agent can place a specially prepared DLL file to execute arbitrary code under SYSTEM privileges. For more information, see the page below: https://www.kb.cert.org/vuls/id/125331 At...
Vulnerabilities fixed in GitLab Community and Enterprise Edition
GitLab has fixed a number of vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to execute arbitrary code. execute. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6408626...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...
Large number of vulnerabilities fixed in Xerox FreeFlow Print Server
Xerox has fixed a large number of vulnerabilities in Xerox FreeFlow Print Server. The vulnerabilities are in the following underlying components: Microsoft Windows 7 Java 8 Firefox Misuse of the vulnerabilities allow unauthenticated remote malicious actors to launch attacks that can result in the...
Serious vulnerabilities fixed in SolarWinds Orion
Vulnerabilities have been fixed in SolarWinds Orion. The vulnerability with reference CVE-2021-25274 allows an unauthenticated remote malicious person to execute arbitrary code with SYSTEM privileges. The vulnerability with attribute CVE-2021-25275 allows a local malicious person to access...
Vulnerabilities fixed in Red Hat AMQ
Vulnerabilities have been fixed in Red Hat AMQ. The vulnerability with reference CVE-2020-27216 allows a local malicious person to to obtain elevated privileges. The vulnerability with attribute CVE-2020-27218 allows a remote malicious person to gain access to system data. Red Hat has released...
Vulnerabilities fixed in Clustered Data ONTAP
NetApp has fixed two vulnerabilities. An unauthorized malicious party can use the vulnerabilities to discover the presence of data, which is stored outside his authorizations. stored. NetApp has released updates to fix the vulnerabilities in Clustered Data ONTAP. For more information, see:...
Vulnerabilities fixed in the Debian kernel
Vulnerabilities have been fixed in Debian's kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data Increased user privileges Debian has released...
Vulnerabilities fixed in Android
Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges As usual,...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed a large number of vulnerabilities in Apple iOS and iPadOS 14.4. A malicious party can exploit the vulnerabilities to cause the following types of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple =- Apple has made updates available ...
Vulnerabilities fixed in Apple macOS
Apple has fixed a large number of vulnerabilities in Apple MacOS Big Sur 11, Catalina 10.15 and Mojave 10.14. A malicious person can exploit the vulnerabilities to cause the following types of damage cause: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple...
Vulnerability fixed in Libgcrypt
A vulnerability has been fixed in Libgcrypt. The vulnerability allows a remote malicious person to execute arbitrary code execute under the user's privileges. The developers of GnuPG have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerability fixed in Atlassian Bamboo
A vulnerability has been fixed in Atlassian Bamboo. A unauthenticated malicious person could exploit the vulnerability to obtain system data. Atlassian has released updates to fix the vulnerability in Bamboo. For more information, see: https://confluence.atlassian.com/bamboo...
Vulnerabilities fixed in Apache ActiveMQ
Vulnerabilities have been fixed in Apache ActiveMQ. The vulnerabilities allow a malicious party to bypass authentication bypassing. Bypassing authentication is only possible when the optional LDAP login module is used. Apache has released updates to fix the vulnerability. More information can be...
Vulnerability fixed in WinSCP
A vulnerability has been fixed in WinSCP. A malicious party could potentially exploit the vulnerability to execute arbitrary code execute arbitrary code under a user's privileges. To do so, the user to visit a rogue URI that will open in WinSCP. WinSCP has released updates to fix the vulnerabilit...
Vulnerability fixed in Apple XCode
Apple has fixed a vulnerability in XCode. A malicious could potentially exploit the vulnerability to gain access to arbitrary files and thus sensitive data. The malicious party must entice the victim to install a malicious application. -= Apple =- Apple has made updates available for XCode to fix...
Vulnerabilities fixed in Xerox WorkCentre
Xerox has fixed a number of vulnerabilities in Xerox WorkCentre multifunction printers. Passwords, which are stored on the multifunctional are better encrypted, system accounts have been made visible and manageable, and the ability to use the included McAfee Embedded Control has been removed. One...
Vulnerability fixed in IBM WebSphere Application Server
A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows a malicious party to obtain sensitive information and to potentially cause a denial-of-service cause. The attack on this vulnerability is known as an External Entity Injection XXE attack in which rogue co...
Vulnerability fixed in Jenkins
A vulnerability has been fixed in Jenkins. A malicious party can exploit the vulnerability to obtain information from the system, potentially bypassing existing security measures. bypassing existing security measures. This vulnerability arose in the most recent version of Jenkins when the...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious person, possibly remotely, can exploit the vulnerabilities exploit them to execute arbitrary code or to obtain elevated privileges on the vulnerable system. Apple has made few substantive details publicly available, but...