Vulnerability fixed in VLC

A vulnerability has been fixed in VLC. The vulnerability allows a malicious party capable of causing a denial-of-service and possibly executing arbitrary code under the privileges of the user. To exploit the vulnerability, a user must open a malicious file open. VLC has released updates to fix th...

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in the following Oracle Hyperion products: Hyperion Infrastructure Technology Hyperion Financial Reporting The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that...

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following Oracle Database Server products: Database - Enterprise Edition Text Advanced Networking Option Application Express APEX PERL The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to...

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in the following Oracle JD Edwards products: JD Edwards EnterpriseOne Tools JD Edwards EnterpriseOne Orchestrator The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attac...

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed several vulnerabilities in PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Data manipulation. Remote code execution User Righ...

Vulnerability fixed in Oracle Siebel

Oracle has fixed several vulnerabilities in Siebel. The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service Manipulation of data...

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed multiple vulnerabilities in Oracle Enterprise Manager. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Access to...

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Workbench MySQL Server MySQL Enterprise Monitor The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in th...

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data Access to system data...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Fusion Middleware products. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

Vulnerability fixed in NetApp products

A vulnerability has been fixed in NetApp products. The vulnerability allows a malicious party to obtain sensitive data obtain sensitive data. NetApp has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerability fixed in Juniper QFX switches

Juniper has fixed a vulnerability in Junos OS for network switches in the QFX10K series. A remote malicious party could potentially exploit the vulnerability to cause a denial-of-service cause. To do so, rogue multicast network traffic should be sent to the vulnerable switch be sent. Juniper has...

Vulnerability fixed in Red Hat kernel

A vulnerability has been fixed in the Red Hat kernel. The vulnerability allows a local malicious agent to cause a denial-of-service and to modify data. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerabilities fixed in Red Hat OpenShift Virtualization

Red Hat has fixed multiple vulnerabilities in OpenShift Virtualization. The vulnerabilities potentially enable a malicious person able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges Red Hat has released...

Vulnerability fixed in Atlassian Confluence

A vulnerability has been fixed in Atlassian Confluence. The vulnerability allows a malicious party to cause a denial-of-service cause. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/CONFSERVER-60854...

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. When it is possible for a user is able to submit XML files to the application delivery, the vulnerability could potentially be exploited to execute shell commands under application privileges. Only applications using the default blacklist functionality,...

Vulnerability fixed in McAfee Agent

McAfee has fixed a vulnerability in McAfee Agent. Due to a flaw in the permissions structure, a local malicious agent can disrupt the operation of Agent by manipulating a directory used by Agent used for temporary files. The result of this is that Agent continues to work, but no longer processes...

DNSpooq vulnerabilities fixed in dnsmasq

The developers of dnsmasq have fixed vulnerabilities in the dnsmasq application. Dnsmasq is widely used open source software for caching and forwarding DNS traffic. Although the DNS functionality is widely supported, dnsmasq is designed specifically for modest networks. Dnsmasq is commonly found,...

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in Red Hat OpenShift Container Platform. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Server-side Request Forgery SSRF Denial-of-Service DoS. Access to sensitive data Access to system data Red Hat...

Vulnerability fixed in the Fedora Linux kernel

Fedora developers have fixed a vulnerability in the Linux kernel they use. The vulnerability allows an authenticated remote malicious person to obtain to obtain sensitive information and to manipulate data. -= Fedora =- Fedora has made updates available for Fedora 32 and 33. You can install these...

Vulnerability fixed in Atlassian Crucible

A vulnerability has been fixed in Atlassian Crucible. The vulnerability allows a malicious party to obtain system data obtain. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/CRUC-8496...

Vulnerability fixed in Elasticsearch

A vulnerability has been fixed in Elasticsearch. The vulnerability allows a malicious person to obtain system data. Elastic has released updates to fix the vulnerability. More information can be found on the page below: https://discuss.elastic.co/t/elasticsearch-7-10-2-security-update /261164...

Vulnerabilities fixed in SolarWinds Network Performance Monitor

Vulnerabilities have been fixed in SolarWinds Network Performance Monitor. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased user privileges To...

Vulnerability fixed in Ubuntu kernel

Canonical has fixed a vulnerability in the Ubuntu kernel. The vulnerability allows an authenticated remote malicious party to opportunity to obtain sensitive information and to manipulate data manipulate. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS...

Vulnerabilities fixed in openSUSE kernel

Vulnerabilities have been fixed in openSUSE. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive data Increased user rights -= openSUSE =- T...

Vulnerabilities fixed in Nagios XI

Vulnerabilities have been fixed in Nagios XI. The vulnerabilities allow a malicious person to perform attacks that lead to Cross-Site Scripting XSS and Remote code execution User Rights. Nagios has released updates to fix the vulnerabilities in Nagios XI 5.8.0. For more information, see:...

Vulnerabilities fixed in Jenkins

Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Jenkins has released updates to...

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto has fixed a vulnerability in PAN-OS. The vulnerability allows a locally authenticated malicious person to opportunity to obtain sensitive data. Palo Alto has released updates to fix the vulnerability. fix. More information can be found on the page below:...

Vulnerability discovered in Schneider Electric EcoStruxure Control Expert

Vulnerabilities have been discovered in Schneider Electric EcoStruxure Control Expert. The vulnerabilities allow a local malicious able to cause a denial-of-service and to execute arbitrary execute arbitrary code by opening a rogue file. Schneider Electric categorizes this vulnerability according...

Vulnerabilities fixed in Juniper Junos OS

Juniper has fixed vulnerabilities in Junos OS. The vulnerabilities allow a remote malicious person to to bypass a security measure and to cause a denial-of-service cause. Juniper categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 8.8. Juniper has released...

Vulnerabilities fixed in Oracle Unbreakable Enterprise kernel

Oracle has fixed vulnerabilities in the Unbreakable Enterprise kernel. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user privileges -= Oracl...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution User Rights...

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges SUSE has released updates to fix the...

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in several products from Adobe. The vulnerabilities allow a locally authenticated malicious party to execute arbitrary code under permissions of the application or to obtain elevated privileges. Adobe has released updates to fix the vulnerabilities. More informatio...

Vulnerability fixed in Roundcube

A vulnerability has been found in Roundcube. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. With the exploitation of this...

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a remote malicious party to launch a Cross-site scripting attack and to obtain system data. Updates have been released to fix the vulnerabilities. More information can be found on the pages below: CVE-2021-23123:...

Vulnerabilities fixed in Aruba Airwave Glass

Vulnerabilities have been fixed in Aruba Airwave Glass. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root privileges...

Vulnerability fixed in Cacti

A vulnerability has been fixed in Cacti. The vulnerability allows a remote malicious person the ability to launch an SQL-Injection attack execute. Cacti has released updates to fix the vulnerability. More information can be found on the page below: https://github.com/Cacti/cacti/issues/4022...

Vulnerabilities found in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - cause a denial-of-service, - bypass security measures, - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data. Below is a summary of the...

Vulnerabilities fixed in Siemens Scalance products

Siemens has fixed vulnerabilities in Scalance products. The vulnerabilities allow a malicious party to perform a denial-of-service and to bypass a security measure. circumvention. Siemens categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 9.1. Siemens has...

Vulnerability fixed in Microsoft Edge

There is a vulnerability in Microsoft Edge. The vulnerability allows a malicious party to execute arbitrary execute arbitrary code with user privileges. The vulnerability arises by improper handling of objects in memory. Microsoft has made updates available that fix the described vulnerabilities...

Vulnerability fixed in Microsoft Azure Active Directory Pod Identity

There is a vulnerability in Azure Active Directory AAD Pod Identity. The vulnerability allows a malicious person to impersonate another user. The AAD pod identity allows users to assign identities to pods in Kubernetes clusters by querying them with regular Azure Instance Metadata Services IMDS...

Vulnerability fixed in Microsoft SQL server

There is a vulnerability in Microsoft SQL Server. A authenticated malicious party can send data over a network to an affected SQL Server when it is configured to running an Extended Event session. SQL Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed several vulnerabilities in Microsoft Office and Microsoft SharePoint. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges...

Vulnerability fixed in Microsoft Malware Protection Engine

Microsoft has fixed a vulnerability in Microsoft System Center Operations Manager. A remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code with user privileges or to access gain access to, and manipulate, sensitive information. Microso...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed several vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with user privileges. Visual Studio: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Access to system da...

Vulnerabilities fixed in NVIDIA GPU Display Driver

Vulnerabilities have been fixed in NVIDIA GPU Display Driver. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to system data Increased user privileges NVIDIA has...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious party to access sensitive data gain access to sensitive data and to cause a denial-of-service. One of the vulnerabilities allows a remote attacker to obtain API access tokens. GitLab rates this vulnerability as "high...