Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. A malicious party could potentially exploit the vulnerability to execute arbitrary PHP code execute under the application's permissions. To do so, the malicious party needs to upload a rogue .tar, .tar.gz, .bz2, or .tlz file uploaded to the Drupal server...

Vulnerability fixed in Citrix Hypervisor

A vulnerability has been fixed in Citrix Hypervisor. The vulnerability allows a malicious party capable of running code with elevated privileges on a guest VM able to execute execute arbitrary code with elevated privileges on the host. This vulnerability can only be exploited if a host...

Vulnerability fixed in JBoss Wildfly

A vulnerability has been fixed in Wildfly. The vulnerability allows a malicious person with access to the log data of the Wildfly instance to be able to obtain clear-text stored passwords. obtain. Red Hat has released updates to fix the vulnerability in Wildfly. More information can be found on t...

Vulnerability fixed in Xen

A vulnerability has been fixed in Xen. A malicious person who can execute code in a guest VM under elevated privileges can execute code, could vulnerability could potentially exploit it to cause a denial-of-service on the Xen hypervisor. Potentially, the vulnerability could also be exploited to...

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Security measure circumvention SQL Injection Accessing sensitive data Accessing system data Joomla! provides...

Vulnerabilities fixed in libexif

Several vulnerabilities have been fixed in libexif. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party must use the vulnerable application to have rogue image da...

Vulnerabilities fixed in PHPMyAdmin

Ubuntu has fixed several vulnerabilities in the phpmyadmin package. The vulnerabilities allow an unauthenticated malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS SQL Injection Access to...

Vulnerability fixed in IBM Spectrum Protect Operations Center

IBM has fixed a vulnerability in Spectrum Protect Operations Center. A malicious person with network access to the system could potentially exploit the vulnerability potentially exploit it to obtain information about the system. IBM has released updates to fix the vulnerability in Spectrum Protec...

Vulnerabilities fixed in MongoDB

Several vulnerabilities have been fixed in different versions of MongoDB. An unauthenticated malicious person with network access to the MongoDB server could potentially exploit the vulnerabilities to cause a denial-of-service. In addition, the vulnerabilities could potentially be exploited by an...

Vulnerabilities in VMware products

There is a vulnerability in a number of VMware products. The vulnerability allows a malicious person with access to the administrative configurator on port 8443 and valid admin credentials for this remote configurator to execute arbitrary commands with elevated privileges to execute arbitrary...

Vulnerability fixed in Red Hat JBoss Enterprise Application Platform

A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. The vulnerability allows a malicious party to able to execute an SQL injection and thereby obtain sensitive data to obtain sensitive data. Red Hat has released updates to fix the vulnerability. More information can b...

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2, Db2 Connect Server and Db2 Accessories Suite. An authenticated malicious person with access to the system could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. IBM has released updates to fix the vulnerability. For...

Vulnerabilities fixed in VMware ESXi, Workstation and Fusion

VMWare has fixed two vulnerabilities in VMWare Workstation, ESXi and Fusion. A malicious person with authorization in a virtual environment could exploit the vulnerabilities to break out of the virtual environment and execute arbitrary code with the permissions of the virtualization process on th...

Vulnerability fixed in MISP

CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS attack, potentially executing arbitrary code in the context of the browser. CIRCL has released updates to fix the...

Vulnerabilities fixed in Trend Micro products

Vulnerabilities have been fixed in Trend Micro Internet Security and Anti-Virus+ Security. The vulnerabilities allow a local malicious party potentially able to obtain elevated privileges by inserting rogue DLL files. Trend Micro has released updates to address the vulnerabilities. fixes. More...

Vulnerability fixed in F5 BIG-IP

F5 Networks has fixed a vulnerability in a limited number of BIG-IP platforms. The vulnerability allows a malicious party with network access to the vulnerable system may be able to retrieve TCP sequence numbers used in previous, independent TCP connections. These sequence numbers can be used by...

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal core. Drupal core does not handle some file names correctly. As a result, it is possible for files to be misinterpreted and executed under the wrong MIME type or executed as PHP. This applies to a number of configurations; which ones these are is not...

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2 and Db2 Connect Server. A local, authenticated malicious agent could potentially exploit the vulnerability to execute arbitrary code under root or SYSTEM privileges. IBM has released updates to fix the vulnerability. For more information, see:...

Vulnerability fixed in tcpdump

A vulnerability has been fixed in tcpdump. The vulnerability allows a remote malicious person to cause a denial-of-service cause. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE Linux Enterprise Module for Basesystem 15-SP1 & 15-SP2. You can install these custom...

Vulnerabilities fixed in Cisco Webex and Cisco Webex Server

Vulnerabilities have been fixed in Cisco Webex Meetings and Cisco Webex Meetings Server. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Remote code execution User Rights...

Vulnerability fixed in Node.js

A vulnerability has been fixed in Node.js. The vulnerability allows a malicious party potentially capable of causing a denial-of-service cause. To do this, the malicious party must be able to send a DNS request for a rogue domain. Only applications that allow a malicious party to send DNS request...

Vulnerabilities fixed in OpenLDAP

Several vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated malicious person with network access to the OpenLDAP server is able to cause a denial-of-service on the OpenLDAP service. Exploit code is publicly available for both vulnerabilities. The operation of...

Vulnerabilities fixed in Xerox WorkCentre

Vulnerabilities have been fixed in Xerox WorkCentre. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Access to sensitive data No CVE numbers a...

Vulnerabilities fixed in TYPO3

The TYPO3 Association has fixed several vulnerabilities in TYPO3. A remote malicious party could potentially abuse them to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application visited. The...

Vulnerabilities fixed in Cisco Security Manager

Cisco has fixed multiple vulnerabilities in Cisco Security Manager. An unauthenticated remote malicious person could potentially exploit the vulnerabilities potentially exploit them to execute arbitrary code execute under SYSTEM privileges or to gain access to certain user credentials. For the...

Legal vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure. Remote code execution Us...

Vulnerabilities fixed in Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...

Vulnerabilities fixed in Micro Focus ArcSight Logger

Vulnerabilities have been fixed in Micro Focus ArcSight Logger. The vulnerabilities allow a remote malicious person to execute arbitrary code under the user's privileges. Micro Focus has released updates to address the vulnerabilities. fixes. More information can be found on the page below:...

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...

Vulnerabilities fixed in PostgreSQL

Several vulnerabilities have been fixed in PostgreSQL. A local malicious person with limited privileges within the vulnerable PostgreSQL database, could potentially exploit the vulnerabilities to within the database or on the local system to execute arbitrary code execute arbitrary code with root...

Vulnerability fixed in Intel processors

A vulnerability has been fixed in some Intel processors. The vulnerability allows a local malicious person to obtain elevated privileges. Intel has released firmware updates to fix the vulnerability. fix. More information can be found on the page below:...

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing system data...

Vulnerabilities fixed in Intel PROSet/Wireless products

Vulnerabilities have been fixed in products from the Intel PROSet/Wireless family. The vulnerabilities allow a malicious able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Increased user privileges Intel has released updates to fix the...

Vulnerability fixed in Nagios XI

Nagios has fixed several vulnerabilities in Nagios XI. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root privileges Increased us...

Multiple vulnerabilities fixed in Intel systems

Intel has fixed several vulnerabilities in Converged Security and Manageability Engine CSME, Server Platform Services SPS, Trusted Execution Engine TXE, Dynamic Application Loader DAL, Active Management Technology AMT and Standard Manageability ISM. Malicious parties can exploit the vulnerabiliti...

Vulnerability fixed in EcoStruxure Control Expert

A vulnerability has been fixed that could cause a crash of the PLC simulator in EcoStruxure Control Expert software when a specially crafted request is received via Modbus. Schneider Electric has made available a firmware update that fixes the vulnerability. For more information, see:...

Several vulnerabilities fixed in Citrix Hypervisor and XenDesktop

Citrix has fixed vulnerabilities in XenDesktop and Hypervisor. The vulnerabilities in XenDesktop allow a malicious party to to gain elevated privileges on a virtual Windows environment and execute code with SYSTEM privileges. The vulnerability in Hypervisor allows a remote malicious person to abl...

Vulnerabilities fixed in Schneider Electric products

Schneider Electric has fixed vulnerabilities in several ICS and SCADA products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Data...

Vulnerabilities fixed in macOS

Apple has released a new version of macOS. This version 11.01 Big Sur fixes a large number of vulnerabilities. A malicious party can exploit the vulnerabilities to access gain access to sensitive data, execute arbitrary code with user privileges or to cause a denial-of-service. The vulnerabilitie...

Vulnerabilities fixed in Chrome

Google has released a new version of Chrome that fixes two vulnerabilities are fixed. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code with the victim's privileges. Google reports being aware that the vulnerabilities are in limited extent being exploited ...

Vulnerabilities fixed in PAN OS

Palo Alto has fixed several vulnerabilities in PAN OS. The most serious vulnerability, with attribute CVE-2020-2050, is rated by Palo Alto rated with a CVSS score of 8.2 and is located in the GlobalProtect SSL VPN component. An unauthenticated malicious party can remotely exploit this vulnerabili...

Vulnerabilities fixed in McAfee Endpoint

McAfee has fixed vulnerabilities in Endpoint Security for Windows. A malicious party could exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with user privileges through a Cross-Site-Scripting Attack XSS or a Cross-Site-Request-Forgery XSRF. McAfee has released...

Vulnerabilities in processors fixed

Researchers have found vulnerabilities in several processors. The vulnerabilities marked CVE-2020-8694 and CVE-2020-8695 have been named Platypus, an acronym for Power Leakage Attacks: Targeting Your Protected User Secrets. The vulnerabilities allow a local malicious person to obtain obtain...

Vulnerabilities fixed in Adobe Connect

Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...

Vulnerability fixed in Adobe Reader Mobile

A vulnerability has been fixed in Adobe Reader Mobile for Android. A malicious party could exploit the vulnerability to gain access to sensitive data in the context of the victim. Adobe has released updates to fix the vulnerability in Reader Mobile 20.9.0. For more information, see:...

Vulnerabilities fixed in OSIsoft PI Vision

OSIsoft has fixed two vulnerabilities in PI Vision. The vulnerabilities can be exploited by a malicious party to perform a Cross-Site-Scripting XSS attack or to obtain system information. The XSS attack requires the malicious party to have write permissions in PI ProcessBook files. OSIsoft has...

Vulnerability fixed in Cisco IOS XR

Due to a vulnerability in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, an unauthenticated remote malicious agent to cause a denial-of-service DoS on an affected device. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For more information, see:...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. A malicious party could exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such attack can lead to the execution of arbitrary script code in the browser used to visit the application. Microsoft...

Vulnerabilities identified in GNU/Linux subsystem of Siemens SIMATIC S7-1500 CPU

Vulnerabilities have been identified in the GNU/Linux subsystem of Siemens SIMATIC S7-1500 CPU. The vulnerabilities allow a malicious person able to perform attacks leading to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote...

Vulnerabilities fixed in Microsoft Windows

There are several vulnerabilities in Microsoft Windows. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code with user and elevated privileges, to potentially obtain sensitive data or launch a denial-of-service attack execute. Microsoft scales the vulnerability...