Vulnerability fixed in Bitdefender update server

A vulnerability in Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools allows an unauthorized malicious party to bypass internal measures and communicate with hosts on the network. Bitdefender has released an update. For more information, see:...

Vulnerabilities fixed in Microsoft Exchange Server

There are multiple vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow a malicious party to execute arbitrary code with user and elevated privileges or to perform a denial-of-service attack. Microsoft indicates that misuse of the vulnerability, whereby arbitrary code can be...

Vulnerabilities fixed in Microsoft Browsers

There are several vulnerabilities in Microsoft Browsers. The vulnerabilities allow a malicious person to execute arbitrary execute code with user privileges and elevated privileges. For vulnerabilities CVE-2020-17058, CVE-2020-17052, CVE-2020-17053, CVE-2020-17048, Microsoft has had insight into...

Vulnerability fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla has fixed a vulnerability in Firefox and Thunderbird. The vulnerability allows an attacker under specific circumstances able to execute arbitrary code with permissions from the application. The vulnerability was discovered during a hacking contest, making it likely that public exploit cod...

Vulnerabilities identified in Siemens S7 products

Vulnerabilities have been identified in Siemens S7 products. The vulnerabilities enable a remote malicious person to to cause a denial-of-service and to circumvent a security measure circumvention. Siemens categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 5....

Vulnerabilities fixed in Microsoft Office products

Microsoft fixes multiple vulnerabilities in Microsoft Office and Sharepoint products. A malicious party could potentially exploit them to execute arbitrary code, to obtain elevated permissions, to gain access to sensitive data gain access to sensitive data, circumvent security measures, or...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with both user privileges as well as elevated privileges or manipulate data. Vulnerabilities related to Visual Studio can only be be exploited by...

Vulnerabilities fixed in Citrix Hypervisor

Vulnerabilities have been fixed in Citrix Hypervisor. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under the application's privileges. Citrix has released updates to fix the vulnerabilities in Hypervisor. For more...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User Rights...

Vulnerability fixed in Kerberos

A vulnerability has been fixed in MIT Kerberos. A malicious person can exploit the vulnerability to cause a denial-of-service cause. The vulnerability is in the way ASN.1 data is is processed, which can create an infinite loop that causes a crash in the Kerberos process. -= Debian =- Debian has...

Vulnerabilities fixed in Apple iOS and iPadOS

Vulnerabilities have been fixed in Apple iOS and iPadOS, including three 0-day vulnerabilities. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Increased user...

Vulnerabilities fixed in Apple macOS

Apple has fixed three 0-day vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the execution of arbitrary code. Apple reports that on a very limited scale abuse is being observed of these vulnerabilities. No PoC or exploit code publicly...

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. Exploiting the vulnerabilities allows an unauthenticated malicious person to execute willful code with permissions of the application. To do this, the malicious party must have...

Multiple vulnerabilities in Cisco Webex products

Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Cisco has made updates available to address the vulnerabilities. fixes. More information...

Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client

Cisco has fixed vulnerabilities in AnyConnect Secure Mobility Client. The vulnerabilities allow a locally authenticated malicious party to execute arbitrary code under the victim's privileges and to obtain sensitive information obtain. For the vulnerability with attribute CVE-2020-5336, Cisco...

Vulnerabilities fixed in Cisco Unified Communications Manager

Due to a vulnerability in Cisco Unified Communications Manager -software, an authenticated remote malicious party could cause the Cisco XCP Authentication Service on an affected device to be restarted, resulting in a Denial-of-Service DoS. Cisco has released an update to fix the vulnerability. Mo...

Vulnerability fixed in Cisco IP phone

Due to a vulnerability in the TCP packet processing functionality of Cisco IP Phones allows an unauthenticated remote malicious agent to remotely cause the phone to stop responding to incoming calls, disconnects connected calls, or unexpectedly reloads. Cisco has made an update available to fix t...

Issues fixed in Cisco Indentiy Services

Cisco has fixed vulnerabilities in Cisco Indentiy Services. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Increased user privileges Cisco has made updates available to address the...

Vulnerability fixed in Cisco IOS XR

A vulnerability in the Preboot eXecution Environment PXE bootloader for Cisco IOS XR 64-bit software could allow an unauthenticated, remote malicious agent to execute execute unsigned code during the PXE boot process on an affected device. The PXE bootloader is part of the BIOS and is executed...

Vulnerabilities fixed in NetApp products

NetApp has fixed vulnerabilities in several products. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to obtain system information and to launch a Cross-Site Scripting attack. NetApp has made updates available for Django. See "Possible Solutions" for more...

Vulnerabilities fixed in Red Hat kernel

Red Hat has fixed vulnerabilities in its kernel. The vulnerabilities allow a locally authenticated malicious agent to the opportunity to cause a denial-of-service and obtain obtain system data. The vulnerability with attribute CVE-2020-12351 is a regression vulnerability of the vulnerability with...

Multiple vulnerabilities fixed in Adobe Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. Successful misuse can lead to the execute arbitrary code in the context of the current user. Adobe developers have made updates available for Adobe Reader to fix the vulnerabilities. For more information see:...

Multiple vulnerabilities fixed in IBM Java SDK for AIX

Several vulnerabilities in IBM SDK Java Technology Edition have been fixed that are used by AIX. The vulnerabilities can lead to attacks with the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges IBM has released updates to fix the...

Multiple vulnerabilities fixed in F5 BIG-IP products

F5 has fixed several vulnerabilities in BIG-IP. Malicious remotely can exploit the vulnerabilities to cause a Denial-of-Service or perform Cross-Site-Scripting attacks. Authenticated malicious actors can exploit some of the vulnerabilities exploit them to bypass security measures and gain access...

Several vulnerabilities fixed in Google Chrome

Google has released a new version of Chrome. This new version fixes a number of vulnerabilities that allow a malicious can launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Increased user privileges Google mentions having...

Multiple vulnerabilities fixed in NetApp products

NetApp developers have fixed several vulnerabilities that could lead to a denial-of-service DoS attack and the obtaining sensitive information. NetApp developers have released updates to fix the vulnerabilities. More information can be found on the pages below:...

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...

Vulnerability fixed in Foxit Reader

A vulnerability has been fixed in Foxit Reader. Due to the vulnerability makes it possible for a malicious person to execute arbitrary code under the user's privileges. To do this, however, the user must be tricked into opening a rogue file or to perform a specific action within the application...

Vulnerability fixed in Fortimail

A vulnerability has been fixed in Fortimail. An unauthenticated remote malicious party could potentially obtain sensitive software version information by reading a JavaScript file to be read. Fortinet has made updates available to fix the vulnerability fix in FortiMail. For more information see:...

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person remote or otherwise to potentially able to carry out attacks leading to the following categories of damage: Remote code execution User rights Circumvention of security measure Denial-of-Service...

Vulnerability fixed in OpenLDAP

OpenLDAP developers have released an update to fix a vulnerability. The vulnerability allows an unauthenticated remote malicious party to cause a denial-of-service attack. No CVD ID disclosed. OpenLDAP has released updates to fix the vulnerability in v 2.4.55. For more information, see:...

Serious vulnerability fixed in Oracle Weblogic Server

Oracle has released an update for Weblogic Server to fix a serious vulnerability. This new vulnerability is related to the Fusion Middleware vulnerability with attribute CVE-2020-14882, for which an update was released in October. This was described by the NCSC in security advisory NCSC-2020-0858...

Vulnerability fixed in Nessus

A vulnerability has been fixed in Nessus. The vulnerability allows a local malicious person with valid login credentials on a Windows machine to execute arbitrary code under the user's privileges. Tenable has made updates available for Nessus to fix the vulnerability. More information can be foun...

Vulnerabilities fixed in IBM Security Directory Server

Vulnerabilities have been fixed in IBM Security Directory Server. The vulnerabilities allow a malicious party to access system data. IBM has released updates to fix the vulnerabilities. More information can be found on the page below: https://www.ibm.com/support/pages/node/6356607...

Vulnerabilities fixed in QNAP QTS

Vulnerabilities have been fixed in QNAP-QTS, Music-Station and Photo-Station. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to system data QNAP has...

Vulnerability fixed in Grafana

The vulnerability is known as a so-called Cross-Site Scripting. The vulnerability allows a remote malicious person to able to execute arbitrary code in the browser of the victim. Grafana Labs has released updates to fix the vulnerability. fix. More information can be found on the pages below:...

Vulnerability fixed in Red Hat JBoss

Vulnerabilities have been fixed in JBoss. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing system data Red Hat categorizes these vulnerabilities as "moderate. -= Re...

Vulnerabilities fixed in Juniper Networks Junos OS

Vulnerabilities have been fixed in Junos OS. The vulnerabilities allow a malicious party to launch a denial-of-service attack and to execute arbitrary code under the privileges of the user. Juniper has released updates to fix the vulnerabilities. More information can be found on the pages below:...

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed vulnerabilities in BIG-IP. The vulnerabilities allow a remote malicious party to cause a denial-of-service and to cause a security measure to be circumvention. F5 has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-5933:...

Vulnerabilities fixed in Samba

Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious person to gain access to system data and to cause a denial-of-service. Samba has released updates to fix the vulnerabilities. More information can be found on the page below:...

Vulnerability fixed in Red Hat Jboss Enterprise Application Platform

A vulnerability has been fixed in Red Hat Jboss Enterprise Application Platform. The vulnerability allows a remote malicious person to remotely able to manipulate data and thereby cause a Denial-of-Service. Red Hat has released updates to fix the vulnerability in. More information can be found on...

Vulnerabilities fixed in Juniper Networks Junos OS

Juniper Networks has fixed vulnerabilities in Junos OS. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to cause a denial-of-service. Juniper Networks categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 7.5. Juniper Networ...

Vulnerabilities fixed in MariaDB

Vulnerabilities have been fixed in MariaDB. The vulnerabilities allow a malicious person to perform a denial-of-service execution. In the case of the vulnerability with attribute CVE-2020-13249, it also involves an attack from the network. -= Ubuntu =- Canonical has made updates available for...

Vulnerability fixed in FortiClient

A vulnerability has been fixed in FortiClient for Linux. The vulnerability enables a local malicious person who has the ability has the ability to run scripts or programs on the system is able to able to obtain elevated privileges. FortiNet has released updates to fix the vulnerability. More...

Vulnerabilities fixed in Red Hat OpenShift

Vulnerabilities have been fixed in Red Hat OpenShift. The vulnerabilities allow a malicious party to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data -= Red Hat =- Red Hat has...

Vulnerability fixed in FortiOS

A vulnerability has been fixed in FortiOS. The vulnerability allows an authenticated attacker to obtain sensitive data, for example, passwords stored in cleartext. Fortinet has released updates to fix the vulnerability. More information can be found on the page below:...

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows a remote malicious person to gain access to system data. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6356083...

Vulnerabilities fixed in SonicWall

Vulnerabilities have been fixed in SonicWall Global VPN Client. The vulnerabilities allow a local malicious person to gain elevated rights and to execute arbitrary code under the user's privileges. SonicWall has released updates to address the vulnerabilities. fixes. More information can be found...

Vulnerabilities fixed in Pulse Secure products for Windows, Linux and Mac

Vulnerabilities have been fixed in Pulse Secure products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security...

Vulnerabilities fixed in QNAP QTS

QNAS has fixed vulnerabilities in the QTS operating system. The vulnerabilities allow a remote malicious person to to inject arbitrary commands. It is good practice to have the user interface for a system like QTS to be exposed on a separate administrator network. QNAP has released updates to fix...