4197 matches found
Vulnerabilities fixed in SUSE kernel
Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing system data...
Vulnerabilities fixed in PostgreSQL
Several vulnerabilities have been fixed in PostgreSQL. A local malicious person with limited privileges within the vulnerable PostgreSQL database, could potentially exploit the vulnerabilities to within the database or on the local system to execute arbitrary code execute arbitrary code with root...
Vulnerability fixed in EcoStruxure Control Expert
A vulnerability has been fixed that could cause a crash of the PLC simulator in EcoStruxure Control Expert software when a specially crafted request is received via Modbus. Schneider Electric has made available a firmware update that fixes the vulnerability. For more information, see:...
Vulnerabilities fixed in Schneider Electric products
Schneider Electric has fixed vulnerabilities in several ICS and SCADA products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Data...
Several vulnerabilities fixed in Citrix Hypervisor and XenDesktop
Citrix has fixed vulnerabilities in XenDesktop and Hypervisor. The vulnerabilities in XenDesktop allow a malicious party to to gain elevated privileges on a virtual Windows environment and execute code with SYSTEM privileges. The vulnerability in Hypervisor allows a remote malicious person to abl...
Vulnerabilities fixed in macOS
Apple has released a new version of macOS. This version 11.01 Big Sur fixes a large number of vulnerabilities. A malicious party can exploit the vulnerabilities to access gain access to sensitive data, execute arbitrary code with user privileges or to cause a denial-of-service. The vulnerabilitie...
Multiple vulnerabilities fixed in Intel systems
Intel has fixed several vulnerabilities in Converged Security and Manageability Engine CSME, Server Platform Services SPS, Trusted Execution Engine TXE, Dynamic Application Loader DAL, Active Management Technology AMT and Standard Manageability ISM. Malicious parties can exploit the vulnerabiliti...
Vulnerabilities fixed in McAfee Endpoint
McAfee has fixed vulnerabilities in Endpoint Security for Windows. A malicious party could exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with user privileges through a Cross-Site-Scripting Attack XSS or a Cross-Site-Request-Forgery XSRF. McAfee has released...
Vulnerabilities in processors fixed
Researchers have found vulnerabilities in several processors. The vulnerabilities marked CVE-2020-8694 and CVE-2020-8695 have been named Platypus, an acronym for Power Leakage Attacks: Targeting Your Protected User Secrets. The vulnerabilities allow a local malicious person to obtain obtain...
Vulnerabilities fixed in PAN OS
Palo Alto has fixed several vulnerabilities in PAN OS. The most serious vulnerability, with attribute CVE-2020-2050, is rated by Palo Alto rated with a CVSS score of 8.2 and is located in the GlobalProtect SSL VPN component. An unauthenticated malicious party can remotely exploit this vulnerabili...
Vulnerabilities fixed in Chrome
Google has released a new version of Chrome that fixes two vulnerabilities are fixed. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code with the victim's privileges. Google reports being aware that the vulnerabilities are in limited extent being exploited ...
Vulnerabilities fixed in OSIsoft PI Vision
OSIsoft has fixed two vulnerabilities in PI Vision. The vulnerabilities can be exploited by a malicious party to perform a Cross-Site-Scripting XSS attack or to obtain system information. The XSS attack requires the malicious party to have write permissions in PI ProcessBook files. OSIsoft has...
Vulnerabilities fixed in Adobe Connect
Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...
Vulnerability fixed in Cisco IOS XR
Due to a vulnerability in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, an unauthenticated remote malicious agent to cause a denial-of-service DoS on an affected device. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For more information, see:...
Vulnerability fixed in Adobe Reader Mobile
A vulnerability has been fixed in Adobe Reader Mobile for Android. A malicious party could exploit the vulnerability to gain access to sensitive data in the context of the victim. Adobe has released updates to fix the vulnerability in Reader Mobile 20.9.0. For more information, see:...
Vulnerabilities fixed in Microsoft Browsers
There are several vulnerabilities in Microsoft Browsers. The vulnerabilities allow a malicious person to execute arbitrary execute code with user privileges and elevated privileges. For vulnerabilities CVE-2020-17058, CVE-2020-17052, CVE-2020-17053, CVE-2020-17048, Microsoft has had insight into...
Vulnerabilities fixed in Microsoft Office products
Microsoft fixes multiple vulnerabilities in Microsoft Office and Sharepoint products. A malicious party could potentially exploit them to execute arbitrary code, to obtain elevated permissions, to gain access to sensitive data gain access to sensitive data, circumvent security measures, or...
Vulnerabilities fixed in Microsoft Exchange Server
There are multiple vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow a malicious party to execute arbitrary code with user and elevated privileges or to perform a denial-of-service attack. Microsoft indicates that misuse of the vulnerability, whereby arbitrary code can be...
Vulnerabilities identified in GNU/Linux subsystem of Siemens SIMATIC S7-1500 CPU
Vulnerabilities have been identified in the GNU/Linux subsystem of Siemens SIMATIC S7-1500 CPU. The vulnerabilities allow a malicious person able to perform attacks leading to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. A malicious party could exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such attack can lead to the execution of arbitrary script code in the browser used to visit the application. Microsoft...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with both user privileges as well as elevated privileges or manipulate data. Vulnerabilities related to Visual Studio can only be be exploited by...
Vulnerabilities fixed in Microsoft Windows
There are several vulnerabilities in Microsoft Windows. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code with user and elevated privileges, to potentially obtain sensitive data or launch a denial-of-service attack execute. Microsoft scales the vulnerability...
Vulnerabilities identified in Siemens S7 products
Vulnerabilities have been identified in Siemens S7 products. The vulnerabilities enable a remote malicious person to to cause a denial-of-service and to circumvent a security measure circumvention. Siemens categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 5....
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User Rights...
Vulnerability fixed in Mozilla Firefox, Firefox ESR and Thunderbird
Mozilla has fixed a vulnerability in Firefox and Thunderbird. The vulnerability allows an attacker under specific circumstances able to execute arbitrary code with permissions from the application. The vulnerability was discovered during a hacking contest, making it likely that public exploit cod...
Vulnerability fixed in Bitdefender update server
A vulnerability in Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools allows an unauthorized malicious party to bypass internal measures and communicate with hosts on the network. Bitdefender has released an update. For more information, see:...
Vulnerabilities fixed in Citrix Hypervisor
Vulnerabilities have been fixed in Citrix Hypervisor. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under the application's privileges. Citrix has released updates to fix the vulnerabilities in Hypervisor. For more...
Vulnerability fixed in Kerberos
A vulnerability has been fixed in MIT Kerberos. A malicious person can exploit the vulnerability to cause a denial-of-service cause. The vulnerability is in the way ASN.1 data is is processed, which can create an infinite loop that causes a crash in the Kerberos process. -= Debian =- Debian has...
Vulnerabilities fixed in Salt
Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. Exploiting the vulnerabilities allows an unauthenticated malicious person to execute willful code with permissions of the application. To do this, the malicious party must have...
Vulnerabilities fixed in Apple macOS
Apple has fixed three 0-day vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the execution of arbitrary code. Apple reports that on a very limited scale abuse is being observed of these vulnerabilities. No PoC or exploit code publicly...
Vulnerabilities fixed in Apple iOS and iPadOS
Vulnerabilities have been fixed in Apple iOS and iPadOS, including three 0-day vulnerabilities. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Increased user...
Vulnerability fixed in Cisco IP phone
Due to a vulnerability in the TCP packet processing functionality of Cisco IP Phones allows an unauthenticated remote malicious agent to remotely cause the phone to stop responding to incoming calls, disconnects connected calls, or unexpectedly reloads. Cisco has made an update available to fix t...
Vulnerability fixed in Cisco IOS XR
A vulnerability in the Preboot eXecution Environment PXE bootloader for Cisco IOS XR 64-bit software could allow an unauthenticated, remote malicious agent to execute execute unsigned code during the PXE boot process on an affected device. The PXE bootloader is part of the BIOS and is executed...
Vulnerabilities fixed in Cisco Unified Communications Manager
Due to a vulnerability in Cisco Unified Communications Manager -software, an authenticated remote malicious party could cause the Cisco XCP Authentication Service on an affected device to be restarted, resulting in a Denial-of-Service DoS. Cisco has released an update to fix the vulnerability. Mo...
Vulnerabilities fixed in NetApp products
NetApp has fixed vulnerabilities in several products. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to obtain system information and to launch a Cross-Site Scripting attack. NetApp has made updates available for Django. See "Possible Solutions" for more...
Vulnerabilities fixed in Red Hat kernel
Red Hat has fixed vulnerabilities in its kernel. The vulnerabilities allow a locally authenticated malicious agent to the opportunity to cause a denial-of-service and obtain obtain system data. The vulnerability with attribute CVE-2020-12351 is a regression vulnerability of the vulnerability with...
Multiple vulnerabilities in Cisco Webex products
Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Cisco has made updates available to address the vulnerabilities. fixes. More information...
Issues fixed in Cisco Indentiy Services
Cisco has fixed vulnerabilities in Cisco Indentiy Services. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Increased user privileges Cisco has made updates available to address the...
Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client
Cisco has fixed vulnerabilities in AnyConnect Secure Mobility Client. The vulnerabilities allow a locally authenticated malicious party to execute arbitrary code under the victim's privileges and to obtain sensitive information obtain. For the vulnerability with attribute CVE-2020-5336, Cisco...
Multiple vulnerabilities fixed in IBM Java SDK for AIX
Several vulnerabilities in IBM SDK Java Technology Edition have been fixed that are used by AIX. The vulnerabilities can lead to attacks with the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges IBM has released updates to fix the...
Multiple vulnerabilities fixed in Adobe Reader
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. Successful misuse can lead to the execute arbitrary code in the context of the current user. Adobe developers have made updates available for Adobe Reader to fix the vulnerabilities. For more information see:...
Multiple vulnerabilities fixed in F5 BIG-IP products
F5 has fixed several vulnerabilities in BIG-IP. Malicious remotely can exploit the vulnerabilities to cause a Denial-of-Service or perform Cross-Site-Scripting attacks. Authenticated malicious actors can exploit some of the vulnerabilities exploit them to bypass security measures and gain access...
Vulnerability fixed in Foxit Reader
A vulnerability has been fixed in Foxit Reader. Due to the vulnerability makes it possible for a malicious person to execute arbitrary code under the user's privileges. To do this, however, the user must be tricked into opening a rogue file or to perform a specific action within the application...
Several vulnerabilities fixed in Google Chrome
Google has released a new version of Chrome. This new version fixes a number of vulnerabilities that allow a malicious can launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Increased user privileges Google mentions having...
Multiple vulnerabilities fixed in NetApp products
NetApp developers have fixed several vulnerabilities that could lead to a denial-of-service DoS attack and the obtaining sensitive information. NetApp developers have released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerabilities fixed in WordPress
WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...
Vulnerability fixed in Fortimail
A vulnerability has been fixed in Fortimail. An unauthenticated remote malicious party could potentially obtain sensitive software version information by reading a JavaScript file to be read. Fortinet has made updates available to fix the vulnerability fix in FortiMail. For more information see:...
Vulnerabilities fixed in Android
Several vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person remote or otherwise to potentially able to carry out attacks leading to the following categories of damage: Remote code execution User rights Circumvention of security measure Denial-of-Service...
Serious vulnerability fixed in Oracle Weblogic Server
Oracle has released an update for Weblogic Server to fix a serious vulnerability. This new vulnerability is related to the Fusion Middleware vulnerability with attribute CVE-2020-14882, for which an update was released in October. This was described by the NCSC in security advisory NCSC-2020-0858...
Vulnerability fixed in OpenLDAP
OpenLDAP developers have released an update to fix a vulnerability. The vulnerability allows an unauthenticated remote malicious party to cause a denial-of-service attack. No CVD ID disclosed. OpenLDAP has released updates to fix the vulnerability in v 2.4.55. For more information, see:...