Vulnerability fixed in Apple MacOS Server

A vulnerability has been fixed in Apple MacOS Server. The vulnerability potentially allows a remote malicious party to perform execute a cross-site scripting attack or the ability to exploit an open-redirect vulnerability to be exploited. Apple has released updates to fix the vulnerability. More...

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to cause a Denial-of-Service cause and perform a Cross-site scripting attack. F5 has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-5948:...

Vulnerabilities fixed in X11 server

Vulnerabilities have been fixed in X11 server. The vulnerabilities potentially allow a malicious party to access system data and to gain elevated privileges gain. -= Oracle =- Oracle has made updates available for Oracle Linux 7. You can install these updates using the command 'yum'. More...

Actively exploited vulnerabilities fixed in SolarWinds Orion

SolarWinds reports active misuse of SolarWinds Orion. Through a still unknown method, a version of Orion was distributed between March and June 2020 distributed, which appears to contain a Trojan. It concerns the versions 2019.4 HF 5 through 2020.2.1. The manipulated versions are abused by...

Vulnerabilities fixed in ArubaOS

Hewlett Packard has fixed vulnerabilities in ArubaOS. The vulnerability with reference CVE-2020-24637 was known earlier this year become known as "Boothole" NCSC-2020-0614. This vulnerability allows a malicious person with sufficient access to the system to load a rogue kernel. The remaining...

Vulnerabilities fixed in Cisco Jabber Desktop and Mobile Client

Vulnerabilities have been fixed in Cisco Jabber Desktop and Mobile Client. The vulnerabilities allow a remote malicious person to able to perform attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive dat...

Vulnerability fixed in NetApp

Netapp Snap Creator Framework includes Apache Tomcat. Apache Tomcat versions 8.5.1 through 8.5.59, 9.0.0.M5 through 9.0.39, and 10.0.0-M1 through 10.0.0-M9 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information. Netapp has release...

Multiple vulnerabilities fixed in IBM Aspera

IBM has fixed several vulnerabilities in the Aspera Suite. The vulnerabilities are in the underlying OpenSSL, cURL libcurl and FasterXML jackson databind software. A malicious party could potentially exploit the vulnerabilities to bypassing security measures, accessing sensitive data and from bei...

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. When a remote malicious party manages to provide a rogue certificate and a rogue certificate-revocation-list manages to offer them to an ssl server or ssl client, a denial-of-service can be caused by doing so. OpenSSL has released updates to fix the...

Vulnerabilities fixed in Foxit Reader and Foxit PhantomPDF

Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Foxit has released...

Vulnerabilities fixed in Schneider Electric equipment

Vulnerabilities have been fixed in Schneider Electric devices. The vulnerabilities allow an unauthorized malicious person at remotely capable of causing a denial-of-service and obtaining obtain sensitive data. Schneider Electric has released updates to fix the vulnerability. fix. More information...

Vulnerability fixed in Adobe Acrobat and Reader

Adobe has fixed a vulnerability in Adobe Acrobat and Reader. The vulnerability allows a malicious party to obtain sensitive obtain information from the victim's context. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing system data GNU has released updates to fix the vulnerabilities. More...

Vulnerability fixed in Apache Struts

A vulnerability has been fixed in Apache Struts. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under privileges of the Struts application. To exploit the vulnerability, the OGNL evaluation must be be enabled. Apache has released a new version to fix th...

Vulnerability discovered in WildFly

A vulnerability has been discovered in WildFly. The vulnerability allows an unauthenticated remote malicious person to perform a Denial-of-Service to cause. The vulnerability occurs when the application uses the OpenTracing APIs java interceptors. JBoss Community is working on updates...

Vulnerabilities fixed in Citrix Secure Mail

Citrix has fixed vulnerabilities in Citrix Secure Mail. A malicious party can use a rogue app to gain access to the email data and, to a lesser extent, the calendar data stored in the victim's Citrix Secure Mail. The vulnerability is located in Citrix Secure Mail for Android. Citrix Secure Mail f...

Vulnerability fixed in Nessus

Nessus uses third-party software to provide underlying functionality. One of the third-party components jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Tenable has made updates available for Nessus to fix the vulnerability. More...

Vulnerability in CakePHP fixed

The makers of CakePHP have fixed a vulnerability with version 4.0.10 fixed. The security fixes fix a vulnerability in the CsrfProtectionMiddleware that allowed parameters for overwrite method CSRF checks without additional POST data bypassed. CakePHP developers have issued updates to fix the...

Vulnerabilities fixed in Siemens vulnerabilities

Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution Administrator/Root right...

Vulnerabilities fixed in Android 11

Vulnerabilities have been fixed in Android 11. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication. Remote code execution User Rights Accessing sensitive data Access to...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed several vulnerabilities in Microsoft Office and Microsoft SharePoint. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Bypassing security measure; Executing arbitrary code under user privileges; Spoofin...

Vulnerabilities fixed in QNAP QTS

Vulnerabilities have been fixed in QNAP-QTS. The vulnerabilities allow a malicious person to perform Cross-Site Scripting XSS attacks. QNAP has released updates to fix the vulnerabilities. More information can be found on the pages below: https://www.qnap.com/en/security-advisories...

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Azure. The vulnerabilities allow a malicious person to bypass security measures. Azure Sphere: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |. |----------------|------|-------------------------------------| |...

Vulnerabilities fixed in Microsoft Browsers

There are several vulnerabilities in Microsoft Edge. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code with user privileges. Also, the malicious impersonate another user. Microsoft Edge: |----------------|------|-------------------------------------| | CVE I...

Vulnerabilities fixed in Xerox AltaLink

Vulnerabilities have been fixed in Xerox AltaLink. The vulnerabilities allow a malicious party to perform a Denial-of-Service DoS exploit. Xerox has released updates to fix the vulnerabilities in Xerox AltaLink products and has released installation and update instructions released. For more...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root rights Spoofing Access to system data...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. A malicious party could exploit the vulnerabilities to perform Cross-Site Scripting XSS or Remote Code Execution RCE. Such an attack can only be performed by an authenticated user or administrator. Microsoft Dynamics:...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with user privileges. Vulnerabilities related to Visual Studio can only be be exploited by convincing the user to open rogue files. Visual Studio:...

Vulnerabilities fixed in Microsoft Windows

There are several vulnerabilities in Microsoft Windows. The vulnerabilities allow a malicious person to: - execute arbitrary code with user privileges; - grant themselves elevated privileges; - circumvent security measures; - gain access to sensitive data; - construct a DNS cache poisoning attack...

Vulnerabilities fixed in GitLab

Multiple vulnerabilities have been identified in GitLab; an remote attacker could exploit some of these vulnerabilities exploit them to enable cross-site scripting, denial of service condition trigger and release sensitive information about the targeted system. disclosure. The developers have...

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Google Android. The most serious of these vulnerabilities is a critical security issue in the Media Framework component that allows an external malicious party can execute arbitrary code within the context of an authorized process. Google released update...

Vulnerabilities fixed in NetApp products

The makers of NetApp products have incorporated new versions of Eclipse Jetty server and Python into their products. With these, the release of sensitive information, the addition or modification of data or denial of service DoS is prevented. Netapp has released updates to fix the vulnerabilities...

Vulnerabilities fixed in HP-UX PHP

Vulnerabilities have been fixed in HP-UX PHP. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data HP categorizes these vulnerabilities according to the...

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed several vulnerabilities in Microsoft Exchange Server. An authenticated remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code execute arbitrary code or to obtain sensitive information. For each of the vulnerabilities included in this...

Vulnerabilities in multiple TCP/IP stacks

Researchers at Forescout Research Labs have found 33 vulnerabilities found in four open source TCP/IP stacks. In the research called AMNESIA:33, four vulnerabilities are identified as critical. The highest assigned CVSS score is 9.8. The vulnerabilities allow a malicious party to carry out attack...

Vulnerabilities fixed in openSUSE kernel

Vulnerabilities have been fixed in openSUSE. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user privileges -= OpenSUSE =- The developers of...

Vulnerability fixed in MISP

CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS and thereby potentially execute arbitrary code in the context of the browser. CIRCL has released updates to fix th...

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

Vulnerability fixed in Kibana

A vulnerability has been fixed in Kibana. The vulnerability allows a malicious party the opportunity to spoof a URL and to cause a Denial-of-Service. Elastic has released bug fixes to address the vulnerability. fix. More information can be found on the pages below: Bug 1898572:...

WIBU CodeMeter vulnerabilities fixed

Wibu-Systems has fixed vulnerabilities in CodeMeter. Successful exploitation of these vulnerabilities could allow a malicious person to modify and forge a license file, create a denial-of-service condition, potentially execute remote code execute, read heap data, and disrupt the normal operation ...

Vulnerability fixed in Thunderbird

When reading status codes from the SMTP server, Thunderbird an integer to a position on the stack that is is intended to contain only one byte. Depending on the processor architecture and the stack layout, this leads to corruption of the stack that could potentially be abused. Mozilla has release...

Vulnerabilities fixed in Ubuntu kernel

Vulnerabilities have been fixed in Ubuntu kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data -= Ubuntu =- Canonical has made updates...

Vulnerabilities fixed in NetApp products

Several NetApp products contain FasterXML jackson-databind. FasterXML jackson-databind versions 2.x prior to 2.9.10.4 are susceptible to vulnerabilities that, when successfully exploited, can lead to disclosure of sensitive information, addition or modification of data, or denial of service DoS...

Issues fixed in FortiOS

Fortinet has fixed multiple vulnerabilities in Fortinet products. The vulnerabilities allow a malicious person to execute attacks that potentially lead to: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data FortiNet has released updates to address the...

Vulnerabilities fixed in MariaDB

Vulnerabilities have been fixed in MariaDB. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data The vulnerabilities marked CVE-2020-13249 and CVE-2020-15180 have CVSSv3...

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira. The vulnerability allows a remote malicious person to manipulate to manipulate Jira templates. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below:...

Vulnerabilities fixed in Atlassian Crucible

Atlassian has fixed vulnerabilities in Crucible. The vulnerabilities allow a remote malicious person to perform a denial-of-service. Atlassian has released updates to fix the vulnerabilities. fixes. More information can be found on the pages below: CVE-2020-14190:...

Vulnerability fixed in Netapp products

A vulnerability has been fixed in Jackson databind, used by several Netapp products. The vulnerability allows a malicious party to execute arbitrary code under the user's privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to...

Vulnerability fixed in DNS implementations

Researchers have discovered a vulnerability in a number of DNS implementations. The researchers have named the vulnerability SAD DNS, an acronymmm for Side-channel AttackeD DNS. This vulnerability has since been given CVE attribute CVE-2020-25705. The vulnerability allows a malicious party to rou...

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in JQuery as used by Zimbra. A malicious party could exploit the vulnerabilities to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Few substantive details...