4197 matches found
Vulnerabilities fixed in WebKitGTK
Vulnerabilities have been fixed in WebKitGTK. The vulnerabilities allow a malicious person to execute arbitrary code execute under the user's privileges. The malicious party must victim to open a rogue page to exploit these vulnerabilities to be exploited. The developers of WebKitGTK have release...
Vulnerabilities fixed in Treck TCP/IP
Vulnerabilities have been fixed in the low-level TCP/IP stack of fabriant Treck Inc. The vulnerabilities allow a malicious person to able to perform attacks that potentially lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Acces...
Vulnerabilities fixed in MediaWiki
The developers of MediaWiki have fixed a number of vulnerabilities fixed in the latest software update. A malicious party could potentially exploit the vulnerabilities potentially exploit them to gain access to sensitive data, because in certain circumstances user data may end up in accessible...
Vulnerabilities fixed in XStream
Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Manipulation of data Access to sensitive data The vulnerabilities are exploitable only when using the defau...
Vulnerability fixed in Dell iDRAC
Dell has fixed a vulnerability in iDrac. A malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. iDRAC is a management environment. I...
Vulnerabilities fixed in F5 BIG-IP
Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data F5 has released updates...
Vulnerabilities fixed in LogRhythm SIEM
Vulnerabilities have been fixed in LogRhythm SIEM. The vulnerabilities allow a malicious person to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution Administrator/Root...
Vulnerabilities fixed in Arista EOS
Arista has fixed several vulnerabilities in EOS. The vulnerabilities marked CVE-2020-15897, CVE-2020-15898, CVE-2020-24360 and CVE-2020-26569 allow a malicious person to cause cause a denial-of-service DoS. To do this, rogue network traffic to the device. The vulnerability with reference...
Vulnerability fixed in HPE Systems Insight Manager
A vulnerability has been fixed in HPE Systems Insight Manager. A malicious party could potentially exploit the vulnerability to execute arbitrary code under elevated privileges. The vulnerability is located in optional features called "Federated Search" and "Federated CMS Configuration." The...
Vulnerabilities fixed in Brocade Fabric OS
Broadcom has released updates to fix vulnerabilities in Brocade Fabric OS. An authenticated malicious person without the proper LDAP group memberships could log into a switch as a regular user. The switch is only vulnerable to this to this when it is active in "Virtual Fabric" mode. Also, a local...
Vulnerabilities fixed in Red Hat Openshift Container
Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerability with reference CVE-2020-8559 allows an authenticated malicious person with root privileges on a node to be able to gain elevated privileges on other nodes running in the same cluster running. With these...
Vulnerability fixed in IBM Tivoli Netcool Impact
A vulnerability has been fixed in IBM Tivoli Netcool Impact. A malicious party can exploit the vulnerability to circumvent bypass security measures and obtain sensitive data via phishing. sensitive data. IBM has released updates to fix the vulnerability in Tivoli Netcool Impact 7.1.0.20. For more...
Vulnerability fixed in Cloudforms
RedHat has fixed a vulnerability in CloudForms Management Engine. Due to a flaw in Role Based authorizations, an authorized malicious person is able to execute commands with administrator privileges, or gain access to sensitive data. This vulnerability was previously reported as the vulnerability...
Vulnerabilities fixed in Mozilla Firefox
Mozilla has fixed several vulnerabilities in Firefox. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing sensitive data T...
Vulnerabilities fixed in Citrix Hypervisor
Citrix has fixed vulnerabilities in Hypervisor. The vulnerabilities allow a malicious person with the right to execute code execute code in the guest be able to obtain system data, appropriate assign privileges on the host or cause a denial-of-service cause a Denial-of-Service on the host. Citrix...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service Manipulation of data Access to sensitive data Red Hat has released updates to address the...
Vulnerability fixed in Apple Safari
A vulnerability has been fixed in Apple Safari. The vulnerability potentially allows a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to get the user to visit a rogue page. Apple has released updates to fix the vulnerability. More...
Vulnerabilities fixed in F5 BIG-IP
Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to cause a Denial-of-Service cause and perform a Cross-site scripting attack. F5 has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-5948:...
Vulnerabilities fixed in Apple iOS and iPadOS
Vulnerabilities have been fixed in Apple iOS and iPadOS. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data App...
Vulnerability fixed in Apple MacOS Server
A vulnerability has been fixed in Apple MacOS Server. The vulnerability potentially allows a remote malicious party to perform execute a cross-site scripting attack or the ability to exploit an open-redirect vulnerability to be exploited. Apple has released updates to fix the vulnerability. More...
Vulnerabilities fixed in X11 server
Vulnerabilities have been fixed in X11 server. The vulnerabilities potentially allow a malicious party to access system data and to gain elevated privileges gain. -= Oracle =- Oracle has made updates available for Oracle Linux 7. You can install these updates using the command 'yum'. More...
Actively exploited vulnerabilities fixed in SolarWinds Orion
SolarWinds reports active misuse of SolarWinds Orion. Through a still unknown method, a version of Orion was distributed between March and June 2020 distributed, which appears to contain a Trojan. It concerns the versions 2019.4 HF 5 through 2020.2.1. The manipulated versions are abused by...
Vulnerability fixed in NetApp
Netapp Snap Creator Framework includes Apache Tomcat. Apache Tomcat versions 8.5.1 through 8.5.59, 9.0.0.M5 through 9.0.39, and 10.0.0-M1 through 10.0.0-M9 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information. Netapp has release...
Vulnerabilities fixed in Cisco Jabber Desktop and Mobile Client
Vulnerabilities have been fixed in Cisco Jabber Desktop and Mobile Client. The vulnerabilities allow a remote malicious person to able to perform attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive dat...
Vulnerabilities fixed in ArubaOS
Hewlett Packard has fixed vulnerabilities in ArubaOS. The vulnerability with reference CVE-2020-24637 was known earlier this year become known as "Boothole" NCSC-2020-0614. This vulnerability allows a malicious person with sufficient access to the system to load a rogue kernel. The remaining...
Vulnerability fixed in Adobe Acrobat and Reader
Adobe has fixed a vulnerability in Adobe Acrobat and Reader. The vulnerability allows a malicious party to obtain sensitive obtain information from the victim's context. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Foxit Reader and Foxit PhantomPDF
Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Foxit has released...
Vulnerabilities fixed in Schneider Electric equipment
Vulnerabilities have been fixed in Schneider Electric devices. The vulnerabilities allow an unauthorized malicious person at remotely capable of causing a denial-of-service and obtaining obtain sensitive data. Schneider Electric has released updates to fix the vulnerability. fix. More information...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing system data GNU has released updates to fix the vulnerabilities. More...
Multiple vulnerabilities fixed in IBM Aspera
IBM has fixed several vulnerabilities in the Aspera Suite. The vulnerabilities are in the underlying OpenSSL, cURL libcurl and FasterXML jackson databind software. A malicious party could potentially exploit the vulnerabilities to bypassing security measures, accessing sensitive data and from bei...
Vulnerability fixed in OpenSSL
A vulnerability has been fixed in OpenSSL. When a remote malicious party manages to provide a rogue certificate and a rogue certificate-revocation-list manages to offer them to an ssl server or ssl client, a denial-of-service can be caused by doing so. OpenSSL has released updates to fix the...
Vulnerability discovered in WildFly
A vulnerability has been discovered in WildFly. The vulnerability allows an unauthenticated remote malicious person to perform a Denial-of-Service to cause. The vulnerability occurs when the application uses the OpenTracing APIs java interceptors. JBoss Community is working on updates...
Vulnerability fixed in Apache Struts
A vulnerability has been fixed in Apache Struts. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under privileges of the Struts application. To exploit the vulnerability, the OGNL evaluation must be be enabled. Apache has released a new version to fix th...
Vulnerabilities fixed in Citrix Secure Mail
Citrix has fixed vulnerabilities in Citrix Secure Mail. A malicious party can use a rogue app to gain access to the email data and, to a lesser extent, the calendar data stored in the victim's Citrix Secure Mail. The vulnerability is located in Citrix Secure Mail for Android. Citrix Secure Mail f...
Vulnerabilities fixed in Xerox AltaLink
Vulnerabilities have been fixed in Xerox AltaLink. The vulnerabilities allow a malicious party to perform a Denial-of-Service DoS exploit. Xerox has released updates to fix the vulnerabilities in Xerox AltaLink products and has released installation and update instructions released. For more...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Azure. The vulnerabilities allow a malicious person to bypass security measures. Azure Sphere: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |. |----------------|------|-------------------------------------| |...
Vulnerability in CakePHP fixed
The makers of CakePHP have fixed a vulnerability with version 4.0.10 fixed. The security fixes fix a vulnerability in the CsrfProtectionMiddleware that allowed parameters for overwrite method CSRF checks without additional POST data bypassed. CakePHP developers have issued updates to fix the...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root rights Spoofing Access to system data...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. A malicious party could exploit the vulnerabilities to perform Cross-Site Scripting XSS or Remote Code Execution RCE. Such an attack can only be performed by an authenticated user or administrator. Microsoft Dynamics:...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with user privileges. Vulnerabilities related to Visual Studio can only be be exploited by convincing the user to open rogue files. Visual Studio:...
Vulnerabilities fixed in Microsoft Windows
There are several vulnerabilities in Microsoft Windows. The vulnerabilities allow a malicious person to: - execute arbitrary code with user privileges; - grant themselves elevated privileges; - circumvent security measures; - gain access to sensitive data; - construct a DNS cache poisoning attack...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed several vulnerabilities in Microsoft Office and Microsoft SharePoint. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Bypassing security measure; Executing arbitrary code under user privileges; Spoofin...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Google Android. The most serious of these vulnerabilities is a critical security issue in the Media Framework component that allows an external malicious party can execute arbitrary code within the context of an authorized process. Google released update...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed several vulnerabilities in Microsoft Exchange Server. An authenticated remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code execute arbitrary code or to obtain sensitive information. For each of the vulnerabilities included in this...
Vulnerabilities fixed in GitLab
Multiple vulnerabilities have been identified in GitLab; an remote attacker could exploit some of these vulnerabilities exploit them to enable cross-site scripting, denial of service condition trigger and release sensitive information about the targeted system. disclosure. The developers have...
Vulnerabilities fixed in Android 11
Vulnerabilities have been fixed in Android 11. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication. Remote code execution User Rights Accessing sensitive data Access to...
Vulnerabilities in multiple TCP/IP stacks
Researchers at Forescout Research Labs have found 33 vulnerabilities found in four open source TCP/IP stacks. In the research called AMNESIA:33, four vulnerabilities are identified as critical. The highest assigned CVSS score is 9.8. The vulnerabilities allow a malicious party to carry out attack...
Vulnerabilities fixed in openSUSE kernel
Vulnerabilities have been fixed in openSUSE. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user privileges -= OpenSUSE =- The developers of...
Vulnerabilities fixed in HP-UX PHP
Vulnerabilities have been fixed in HP-UX PHP. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data HP categorizes these vulnerabilities according to the...
Vulnerabilities fixed in QNAP QTS
Vulnerabilities have been fixed in QNAP-QTS. The vulnerabilities allow a malicious person to perform Cross-Site Scripting XSS attacks. QNAP has released updates to fix the vulnerabilities. More information can be found on the pages below: https://www.qnap.com/en/security-advisories...