Vulnerabilities fixed in Oracle Linux

Vulnerabilities have been fixed in Oracle Linux. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges Oracle has released updates to fix the vulnerabilities. More...

Vulnerabilities fixed in Ghostscript

Vulnerabilities have been fixed in Ghostscript. The vulnerabilities allow a malicious party to cause a denial-of-service cause and to execute arbitrary code under the privileges of the user. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS and 18.04 LTS to fix the...

Vulnerabilities fixed in IBM MQ

An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated malicious agent to obtain sensitive information and cause the initiation of a denial-of-service DoS IBM has released updates to fix the vulnerability. More information can be found on the page...

Vulnerability fixed in RSLinx Classic

A denial-of-service vulnerability exists in the Ethernet / IP server functionality of Rockwell Automation RSLinx Classic. A specially crafted network request can result in a denial of service. Rockwell Automation has released updates to address the vulnerabilities fixes in RSLinx Classic. For mor...

Vulnerabilities fixed in kernel Oracle Enterprice Linux

Oracle has fixed vulnerabilities in its kernel. The vulnerabilities allow a locally authenticated malicious agent to opportunity to obtain system data and to cause a denial-of-service. -= Oracle =- Oracle has made updates available for Oracle Linux 6 and 7. U can install these updates using the...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure As usual, Google reveals little information regarding the details of the...

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure The vulnerability with attribute CVE-2020-1971 can only be exploited be exploited...

Vulnerabilities fixed in Jackson databind

A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. These vulnerabilities are only in the 2.9 versions of Jackson databind. If you are using version 2.10 or higher mitigation measures are already included in the software. Faster:XML h...

Vulnerability fixed in ImageMagick

A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges, when using the "convert" program to convert a specially prepared file to convert it to a PDF file. ImageMagick has released updates to fix the vulnerability. fix. For more informatio...

Vulnerability fixed in FortiGate

A remotely authenticated malicious person is able to view the log entries of SSL VPN events from users in other VDOMs by executing "get vpn ssl monitor" from the command line. The sensitive data includes usernames, user groups and IP addresses. FortiGuard has made updates available to fix the...

Vulnerabilities found in Schneider Electric Modicon products

Schneider Electric has identified vulnerabilities in Modicon products. The vulnerabilities allow an authenticated remote malicious party the ability to cause a denial-of-service cause. Schneider Electric has proposed mitigation measures and indicates it will be coming out with updates in the near...

Serious vulnerability fixed in Mozilla Firefox

A serious vulnerability has been fixed in Mozilla Firefox. A malicious party, by modifying a COOKIE-ECHO chunk in an SCTP package potentially cause a use-after-free. Mozilla indicates that it is likely, with enough effort, that this vulnerability could lead to the execution of arbitrary code...

Vulnerabilities fixed in Ubuntu kernel

Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Increased user...

Multiple vulnerabilities fixed in F5 BIG-IP products

Multiple vulnerabilities have been identified in F5 BIG-IP, an external malicious person could exploit them to create a denial of service condition, spoofing, execution of external code, data manipulation, cross-site scripting and trigger security restrictions on the targeted system. F5 has...

Vulnerabilities fixed in Dovecot

A malicious party could exploit the vulnerabilities to cause a denial-of-service and to read e-mail from other users. Dovecot has released updates to fix the vulnerabilities. For more information, see the following pages: CVE-2020-24386:...

Fixed an issue in Citrix ADC and Citrix Gateway

Citrix has fixed an issue in ADC and Gateway which can lead to denial-of-service attacks. A malicious party could potentially potentially misuse DTLS to cause a Denial-of-Service. Abuse can only occur when DTLS is enabled. Citrix reports that limited scale attacks are currently being reported whi...

Vulnerabilities fixed in Android

Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges As usual,...

Vulnerability fixed in QNAP QTS

QNAP has fixed a vulnerability in QTS. A malicious party could potentially exploit the vulnerability to inject arbitrary commands into applications. QNAP has released updates to fix the vulnerability in QTS 4.5.1.1495 build 20201123. For more information, see:...

Vulnerabilities fixed in Huawei CloudEngine switches

Huawei has fixed multiple vulnerabilities in several CloudEngine switches. A remote malicious party could potentially exploit these vulnerabilities potentially exploit them to cause a denial-of-service DoS. In addition, a local malicious party that already in possession of elevated privileges can...

Vulnerability fixed in Grafana Enterprise

Several vulnerabilities have been fixed in Grafana. A malicious party could potentially exploit the vulnerabilities to bypassing authentication when Security Assertion Markup Language SAML is used as the authentication method. In addition the vulnerabilities could potentially be exploited for oth...

Vulnerability fixed in Zyxel products

Due to the lack of input string cleanup in the CGI program "chgexppwd", a malicious party can inject commands inject. Zyxel has released updates to fix the vulnerability. For more information see: https://www.zyxel.com/support /Zyxel-security-advisory-for-command-injection-vulnerability-of-f...

Actively exploited vulnerability fixed in SolarWinds Orion

SolarWinds has fixed a vulnerability in the Orion Platform. A malicious party could exploit this vulnerability to bypass authentication within the Orion API. Subsequently, the API can be used to compromise the Orion installation or underlying operating system. The vulnerability is actively...

Vulnerabilities fixed in Veritas products

Vulnerabilities have been fixed in Veritas Backup Exec and Veritas NetBackup. The vulnerabilities allow a local attacker to to obtain elevated privileges. The vulnerability makes it possible for the attacker to execute arbitrary code under SYSTEM or administrator. The vulnerabilities rated by...

Vulnerability fixed in Zimbra

Synacor has fixed a vulnerability in Zimbra in the way in which XML entities are processed in zm-saml-consumer-store. This vulnerability makes it possible for a malicious person to perform a Denial-of-Service attack. Attacks carried out via this vulnerability are also known as "billion laughs"...

Vulnerabilities fixed in Asterisk

New versions of Asterisk have been released, in which two vulnerabilities have been fixed. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Asterisk has released updates to address the vulnerabilities. fixes. For more information, see:...

Serious vulnerability fixed in Zyxel products

A vulnerability has been fixed in Zyxel products. A researcher found an undocumented user whose both the username and password could be found in plaintext were in firmware. This undocumented account has admin rights. Zyxel has released updates to fix the vulnerability. Zyxel indicated that for AP...

Vulnerability fixed in IBM Filenet Content Manager

IBM has fixed a vulnerability in Filenet Content Manager and Content Navigator. An authenticated malicious party could exploit the exploit the vulnerability for a cross-site scripting XSS attack and thus potentially obtain the login credentials of other users find out. IBM has released updates to...

Vulnerabilities fixed in HCL Lotus Notes

HCL has fixed two vulnerabilities in Lotus Notes. A malicious party could exploit the vulnerabilities for a Cross-Site-Scripting XSS attack, potentially running arbitrary execute arbitrary scripts in the victim's browser, or for the perform a denial-of-service DoS on the service. HCL has released...

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to cause a denial-of-service cause. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6386466...

Vulnerability found in Kubernetes

A vulnerability has been found in Kubernetes that allows a malicious person capable of performing a man-in-the-middle attack on the traffic within a cluster. By advertising an external IP address or by claiming a load balancer IP, traffic can be redirected to the attacker. However, the malicious...

Serious vulnerabilities fixed in Dell Wyse ThinOS

Vulnerabilities have been fixed in Dell Wyse ThinOS. A malicious person with access to a local FTP server could exploit the vulnerabilities to obtain sensitive information. The malicious party, by accessing this information and the ability to modify configuration files, the entire system. Dell ha...

Vulnerabilities fixed in WebKitGTK

Vulnerabilities have been fixed in WebKitGTK. The vulnerabilities allow a malicious person to execute arbitrary code execute under the user's privileges. The malicious party must victim to open a rogue page to exploit these vulnerabilities to be exploited. The developers of WebKitGTK have release...

Vulnerability fixed in Atlassian Crucible

A vulnerability has been fixed in Atlassian Crucible. The vulnerability allows a malicious party to perform a denial-of-service attack. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse...

Vulnerabilities fixed in Treck TCP/IP

Vulnerabilities have been fixed in the low-level TCP/IP stack of fabriant Treck Inc. The vulnerabilities allow a malicious person to able to perform attacks that potentially lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Acces...

Vulnerabilities fixed in MediaWiki

The developers of MediaWiki have fixed a number of vulnerabilities fixed in the latest software update. A malicious party could potentially exploit the vulnerabilities potentially exploit them to gain access to sensitive data, because in certain circumstances user data may end up in accessible...

Vulnerabilities fixed in Red Hat Openshift Container

Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerability with reference CVE-2020-8559 allows an authenticated malicious person with root privileges on a node to be able to gain elevated privileges on other nodes running in the same cluster running. With these...

Vulnerabilities fixed in Brocade Fabric OS

Broadcom has released updates to fix vulnerabilities in Brocade Fabric OS. An authenticated malicious person without the proper LDAP group memberships could log into a switch as a regular user. The switch is only vulnerable to this to this when it is active in "Virtual Fabric" mode. Also, a local...

Vulnerabilities fixed in XStream

Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Manipulation of data Access to sensitive data The vulnerabilities are exploitable only when using the defau...

Vulnerabilities fixed in LogRhythm SIEM

Vulnerabilities have been fixed in LogRhythm SIEM. The vulnerabilities allow a malicious person to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution Administrator/Root...

Vulnerability fixed in HPE Systems Insight Manager

A vulnerability has been fixed in HPE Systems Insight Manager. A malicious party could potentially exploit the vulnerability to execute arbitrary code under elevated privileges. The vulnerability is located in optional features called "Federated Search" and "Federated CMS Configuration." The...

Vulnerability fixed in Dell iDRAC

Dell has fixed a vulnerability in iDrac. A malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. iDRAC is a management environment. I...

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data F5 has released updates...

Vulnerabilities fixed in Arista EOS

Arista has fixed several vulnerabilities in EOS. The vulnerabilities marked CVE-2020-15897, CVE-2020-15898, CVE-2020-24360 and CVE-2020-26569 allow a malicious person to cause cause a denial-of-service DoS. To do this, rogue network traffic to the device. The vulnerability with reference...

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service Manipulation of data Access to sensitive data Red Hat has released updates to address the...

Vulnerability fixed in IBM Tivoli Netcool Impact

A vulnerability has been fixed in IBM Tivoli Netcool Impact. A malicious party can exploit the vulnerability to circumvent bypass security measures and obtain sensitive data via phishing. sensitive data. IBM has released updates to fix the vulnerability in Tivoli Netcool Impact 7.1.0.20. For more...

Vulnerability fixed in Cloudforms

RedHat has fixed a vulnerability in CloudForms Management Engine. Due to a flaw in Role Based authorizations, an authorized malicious person is able to execute commands with administrator privileges, or gain access to sensitive data. This vulnerability was previously reported as the vulnerability...

Vulnerabilities fixed in Citrix Hypervisor

Citrix has fixed vulnerabilities in Hypervisor. The vulnerabilities allow a malicious person with the right to execute code execute code in the guest be able to obtain system data, appropriate assign privileges on the host or cause a denial-of-service cause a Denial-of-Service on the host. Citrix...

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed several vulnerabilities in Firefox. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing sensitive data T...

Vulnerabilities fixed in Apple iOS and iPadOS

Vulnerabilities have been fixed in Apple iOS and iPadOS. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data App...

Vulnerability fixed in Apple Safari

A vulnerability has been fixed in Apple Safari. The vulnerability potentially allows a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to get the user to visit a rogue page. Apple has released updates to fix the vulnerability. More...