4197 matches found
Vulnerabilities fixed in GitLab
Multiple vulnerabilities have been identified in GitLab; an remote attacker could exploit some of these vulnerabilities exploit them to enable cross-site scripting, denial of service condition trigger and release sensitive information about the targeted system. disclosure. The developers have...
Vulnerabilities fixed in Siemens vulnerabilities
Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution Administrator/Root right...
Vulnerability fixed in Nessus
Nessus uses third-party software to provide underlying functionality. One of the third-party components jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Tenable has made updates available for Nessus to fix the vulnerability. More...
Vulnerabilities fixed in NetApp products
The makers of NetApp products have incorporated new versions of Eclipse Jetty server and Python into their products. With these, the release of sensitive information, the addition or modification of data or denial of service DoS is prevented. Netapp has released updates to fix the vulnerabilities...
Vulnerability fixed in Kibana
A vulnerability has been fixed in Kibana. The vulnerability allows a malicious party the opportunity to spoof a URL and to cause a Denial-of-Service. Elastic has released bug fixes to address the vulnerability. fix. More information can be found on the pages below: Bug 1898572:...
Vulnerability fixed in MISP
CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS and thereby potentially execute arbitrary code in the context of the browser. CIRCL has released updates to fix th...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...
WIBU CodeMeter vulnerabilities fixed
Wibu-Systems has fixed vulnerabilities in CodeMeter. Successful exploitation of these vulnerabilities could allow a malicious person to modify and forge a license file, create a denial-of-service condition, potentially execute remote code execute, read heap data, and disrupt the normal operation ...
Vulnerabilities fixed in Ubuntu kernel
Vulnerabilities have been fixed in Ubuntu kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data -= Ubuntu =- Canonical has made updates...
Vulnerability fixed in Thunderbird
When reading status codes from the SMTP server, Thunderbird an integer to a position on the stack that is is intended to contain only one byte. Depending on the processor architecture and the stack layout, this leads to corruption of the stack that could potentially be abused. Mozilla has release...
Vulnerabilities fixed in NetApp products
Several NetApp products contain FasterXML jackson-databind. FasterXML jackson-databind versions 2.x prior to 2.9.10.4 are susceptible to vulnerabilities that, when successfully exploited, can lead to disclosure of sensitive information, addition or modification of data, or denial of service DoS...
Issues fixed in FortiOS
Fortinet has fixed multiple vulnerabilities in Fortinet products. The vulnerabilities allow a malicious person to execute attacks that potentially lead to: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data FortiNet has released updates to address the...
Vulnerability fixed in Atlassian Jira
Atlassian has fixed a vulnerability in Jira. The vulnerability allows a remote malicious person to manipulate to manipulate Jira templates. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerabilities fixed in Atlassian Crucible
Atlassian has fixed vulnerabilities in Crucible. The vulnerabilities allow a remote malicious person to perform a denial-of-service. Atlassian has released updates to fix the vulnerabilities. fixes. More information can be found on the pages below: CVE-2020-14190:...
Vulnerabilities fixed in MariaDB
Vulnerabilities have been fixed in MariaDB. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data The vulnerabilities marked CVE-2020-13249 and CVE-2020-15180 have CVSSv3...
Vulnerability fixed in DNS implementations
Researchers have discovered a vulnerability in a number of DNS implementations. The researchers have named the vulnerability SAD DNS, an acronymmm for Side-channel AttackeD DNS. This vulnerability has since been given CVE attribute CVE-2020-25705. The vulnerability allows a malicious party to rou...
Vulnerability fixed in Netapp products
A vulnerability has been fixed in Jackson databind, used by several Netapp products. The vulnerability allows a malicious party to execute arbitrary code under the user's privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal. A malicious party could potentially exploit the vulnerability to execute arbitrary PHP code execute under the application's permissions. To do so, the malicious party needs to upload a rogue .tar, .tar.gz, .bz2, or .tlz file uploaded to the Drupal server...
Vulnerabilities fixed in Zimbra
Vulnerabilities have been fixed in JQuery as used by Zimbra. A malicious party could exploit the vulnerabilities to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Few substantive details...
Vulnerability fixed in Citrix Hypervisor
A vulnerability has been fixed in Citrix Hypervisor. The vulnerability allows a malicious party capable of running code with elevated privileges on a guest VM able to execute execute arbitrary code with elevated privileges on the host. This vulnerability can only be exploited if a host...
Vulnerabilities fixed in libexif
Several vulnerabilities have been fixed in libexif. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party must use the vulnerable application to have rogue image da...
Vulnerability fixed in JBoss Wildfly
A vulnerability has been fixed in Wildfly. The vulnerability allows a malicious person with access to the log data of the Wildfly instance to be able to obtain clear-text stored passwords. obtain. Red Hat has released updates to fix the vulnerability in Wildfly. More information can be found on t...
Vulnerability fixed in Xen
A vulnerability has been fixed in Xen. A malicious person who can execute code in a guest VM under elevated privileges can execute code, could vulnerability could potentially exploit it to cause a denial-of-service on the Xen hypervisor. Potentially, the vulnerability could also be exploited to...
Vulnerabilities fixed in Joomla!
Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Security measure circumvention SQL Injection Accessing sensitive data Accessing system data Joomla! provides...
Vulnerabilities fixed in PHPMyAdmin
Ubuntu has fixed several vulnerabilities in the phpmyadmin package. The vulnerabilities allow an unauthenticated malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS SQL Injection Access to...
Vulnerabilities in VMware products
There is a vulnerability in a number of VMware products. The vulnerability allows a malicious person with access to the administrative configurator on port 8443 and valid admin credentials for this remote configurator to execute arbitrary commands with elevated privileges to execute arbitrary...
Vulnerability fixed in IBM Spectrum Protect Operations Center
IBM has fixed a vulnerability in Spectrum Protect Operations Center. A malicious person with network access to the system could potentially exploit the vulnerability potentially exploit it to obtain information about the system. IBM has released updates to fix the vulnerability in Spectrum Protec...
Vulnerabilities fixed in MongoDB
Several vulnerabilities have been fixed in different versions of MongoDB. An unauthenticated malicious person with network access to the MongoDB server could potentially exploit the vulnerabilities to cause a denial-of-service. In addition, the vulnerabilities could potentially be exploited by an...
Vulnerability fixed in Red Hat JBoss Enterprise Application Platform
A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. The vulnerability allows a malicious party to able to execute an SQL injection and thereby obtain sensitive data to obtain sensitive data. Red Hat has released updates to fix the vulnerability. More information can b...
Vulnerabilities fixed in Trend Micro products
Vulnerabilities have been fixed in Trend Micro Internet Security and Anti-Virus+ Security. The vulnerabilities allow a local malicious party potentially able to obtain elevated privileges by inserting rogue DLL files. Trend Micro has released updates to address the vulnerabilities. fixes. More...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2, Db2 Connect Server and Db2 Accessories Suite. An authenticated malicious person with access to the system could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. IBM has released updates to fix the vulnerability. For...
Vulnerabilities fixed in VMware ESXi, Workstation and Fusion
VMWare has fixed two vulnerabilities in VMWare Workstation, ESXi and Fusion. A malicious person with authorization in a virtual environment could exploit the vulnerabilities to break out of the virtual environment and execute arbitrary code with the permissions of the virtualization process on th...
Vulnerability fixed in MISP
CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS attack, potentially executing arbitrary code in the context of the browser. CIRCL has released updates to fix the...
Vulnerability fixed in Drupal
A vulnerability has been fixed in Drupal core. Drupal core does not handle some file names correctly. As a result, it is possible for files to be misinterpreted and executed under the wrong MIME type or executed as PHP. This applies to a number of configurations; which ones these are is not...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2 and Db2 Connect Server. A local, authenticated malicious agent could potentially exploit the vulnerability to execute arbitrary code under root or SYSTEM privileges. IBM has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in Cisco Webex and Cisco Webex Server
Vulnerabilities have been fixed in Cisco Webex Meetings and Cisco Webex Meetings Server. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Remote code execution User Rights...
Vulnerability fixed in F5 BIG-IP
F5 Networks has fixed a vulnerability in a limited number of BIG-IP platforms. The vulnerability allows a malicious party with network access to the vulnerable system may be able to retrieve TCP sequence numbers used in previous, independent TCP connections. These sequence numbers can be used by...
Vulnerability fixed in tcpdump
A vulnerability has been fixed in tcpdump. The vulnerability allows a remote malicious person to cause a denial-of-service cause. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE Linux Enterprise Module for Basesystem 15-SP1 & 15-SP2. You can install these custom...
Vulnerability fixed in Node.js
A vulnerability has been fixed in Node.js. The vulnerability allows a malicious party potentially capable of causing a denial-of-service cause. To do this, the malicious party must be able to send a DNS request for a rogue domain. Only applications that allow a malicious party to send DNS request...
Vulnerabilities fixed in Cisco Security Manager
Cisco has fixed multiple vulnerabilities in Cisco Security Manager. An unauthenticated remote malicious person could potentially exploit the vulnerabilities potentially exploit them to execute arbitrary code execute under SYSTEM privileges or to gain access to certain user credentials. For the...
Vulnerabilities fixed in Xerox WorkCentre
Vulnerabilities have been fixed in Xerox WorkCentre. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Access to sensitive data No CVE numbers a...
Vulnerabilities fixed in TYPO3
The TYPO3 Association has fixed several vulnerabilities in TYPO3. A remote malicious party could potentially abuse them to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application visited. The...
Vulnerabilities fixed in OpenLDAP
Several vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated malicious person with network access to the OpenLDAP server is able to cause a denial-of-service on the OpenLDAP service. Exploit code is publicly available for both vulnerabilities. The operation of...
Vulnerabilities fixed in Firefox, Firefox ESR and Thunderbird
Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...
Legal vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure. Remote code execution Us...
Vulnerabilities fixed in Micro Focus ArcSight Logger
Vulnerabilities have been fixed in Micro Focus ArcSight Logger. The vulnerabilities allow a remote malicious person to execute arbitrary code under the user's privileges. Micro Focus has released updates to address the vulnerabilities. fixes. More information can be found on the page below:...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing system data...
Vulnerability fixed in Intel processors
A vulnerability has been fixed in some Intel processors. The vulnerability allows a local malicious person to obtain elevated privileges. Intel has released firmware updates to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerability fixed in Nagios XI
Nagios has fixed several vulnerabilities in Nagios XI. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root privileges Increased us...