4197 matches found
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Workbench MySQL Server MySQL Cluster MySQL Enterprise Monitor The vulnerabilities allow a malicious person, whether or not unauthenticated and remote, potentially be able to launch attacks that result in the following...
Vulnerability fixed in NSS
A vulnerability has been fixed in NSS. The vulnerability allows a remote malicious party capable of performing a denial-of-service attack perform on servers compiled with the NSS library by sending sending multiple ChangeCipherSpec messages. Mozilla has released updates to fix the vulnerability...
Vulnerabilities fixed in Oracle Siebel CRM
Oracle has fixed vulnerabilities in the following Oracle Siebel CRM products: Siebel Apps - Marketing Siebel UI Framework The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable application may be able to execute attacks that result in the following...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in the following Oracle Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager for Peoplesoft Application Testing Suite APM - Application Performance Management Enterprise Manager Ops Center Enterprise Manager for Storage Management The...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following Oracle Database products: Database - Enterprise Edition Text Spatial and Graph Application Express APEX SQL Developer The vulnerabilities allow a malicious person, whether or not unauthenticated and remote, potentially be able to launch attacks th...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in the following Oracle PeopleSoft products: PeopleSoft Enterprise HCM Global Payroll Core PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise SCM eSupplier Connection The vulnerabilities allow an unauthenticated malicious person with network access to the...
Vulnerability fixed in Nexpose
A vulnerability has been fixed in Nexpose. The vulnerability allows an authenticated malicious party to execute an SQL injection to execute and thereby obtain sensitive data. Rapid7 has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in VMware products
Vulnerabilities have been fixed in VMware ESXi, Workstation, Fusion , NSX-T and vCenter. The vulnerabilities allow a malicious party to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User...
Vulnerabilities fixed in Red Hat kernel
Vulnerabilities have been fixed in the Red Hat kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= Red Hat =- Red Hat has made updates...
Vulnerabilities fixed in Ubuntu kernel
Canonical has fixed vulnerabilities in the Ubuntu kernel. The vulnerabilities allow a remote malicious person to opportunity to obtain system data via Bluetooth and to cause a denial-of-service potentially resulting in the execution of arbitrary code as a result. -= Ubuntu =- Canonical has made...
Vulnerabilities fixed in the Debian kernel
Debian has fixed vulnerabilities in the kernel. The vulnerabilities allow a remote malicious person to opportunity to obtain system data via Bluetooth and to cause a denial-of-service potentially resulting in the execution of arbitrary code as a result. Also, the vulnerabilities enable the...
Vulnerability fixed in F5 BIG-IP
A vulnerability has been fixed in BIG-IP. The vulnerability allows a remote malicious party to enable kernel address space layout randomization KASLR. This gives the attacker access to system data. F5 has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Windows
Microsoft has fixed a vulnerability in the Windows Codecs Library. Users who had installed the HEVC codec from the Microsoft Store had installed it were vulnerable to the execution of arbitrary code by a remote malicious person. The malicious party to do this must induce the victim to play a rogu...
Vulnerability fixed in XWiki
A vulnerability has been fixed in XWiki. The vulnerability allows an authenticated malicious person to execute arbitrary code execute arbitrary code under the user's privileges. XWiki has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Visual Studio
Microsoft has fixed a vulnerability in Visual Studio. The vulnerability allows a remote malicious person to execute arbitrary code under user privileges. The malicious party must do this by inducing the victim to clone a rogue repository and then open a package.json here. Microsoft has released...
Vulnerabilities fixed in PowerDNS
Vulnerabilities have been fixed in PowerDNS. The vulnerabilities allow a malicious party to cause a denial-of-service cause or to bypass a security measure. -= openSUSE =- The developers of openSUSE have made updates available to fix the vulnerability in openSUSE Leap 15.1. You can install these...
Vulnerabilities fixed in kernel
Vulnerabilities have been fixed in the openSUSE kernel. The vulnerabilities allow a malicious party to obtain to obtain system information and to cause a denial-of-service cause. -= openSUSE =- The developers of openSUSE have made updates available to fix the vulnerability in openSUSE Leap 15.1...
Vulnerabilities fixed in Blackberry Android
Blackberry has fixed multiple vulnerabilities in Blackberry Powered by Android. The vulnerabilities allow a malicious person, either remote or otherwise, to launch attacks that can lead to the following types of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system dat...
Vulnerability fixed in containerd
A vulnerability has been fixed in containerd, which is used by Docker and Kubernetes, among others. A malicious party could vulnerability potentially exploit it to gain access to login credentials to an internal or external image registry. To do so the malicious party must induce the user to pull...
Vulnerability fixed in Juniper Junos OS for PTX and QFX
Juniper Networks has fixed a vulnerability in Junos OS for the PTX and QTX platforms. An unauthenticated malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service attack. To do this, rogue network traffic should be sent to the vulnerable device. Only...
Vulnerability fixed in Rapid7 Nexpose
Rapid7 has fixed a vulnerability in Nexpose. The vulnerability potentially allows a local malicious person to perform a SQL injection attack that could access gain access to sensitive data or manipulate data. Rapid7 has released updates to fix the vulnerability in Nexpose 6.6.49. For more...
Vulnerability fixed in Sonicwall
Due to a vulnerability in SonicOS, a remote malicious party can cause a Denial of Service DoS and potentially execute arbitrary code execute arbitrary code by sending a malicious request to the firewall. SonicWall has released updates to address the vulnerability. fix. For more information, see:...
Vulnerabilities fixed in Juniper Junos OS
Juniper Networks has fixed several vulnerabilities in Junos OS. A malicious person, whether remotely authenticated or not, could potentially exploit these vulnerabilities to carry out attacks leading to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...
Multiple vulnerabilities fixed in McAfee ePolicy Orchestrator
McAfee has fixed multiple vulnerabilities in McAfee ePolicy Orchestrator. The vulnerabilities allow a malicious party whether or not unauthenticated malicious person may be able to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...
Vulnerabilities fixed in IBM Security Access Manager
IBM has fixed multiple vulnerabilities in IBM Security Access Manager. The vulnerabilities potentially enable a malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...
Vulnerability fixed in Adobe Flash Player
Adobe has fixed a vulnerability in Adobe Flash Player. A malicious party could potentially exploit the vulnerability to execute arbitrary code under user privileges. There few substantive details about the vulnerability have been made publicly made available. Adobe has released updates to fix the...
Vulnerability fixed in IBM Security Access Manager
IBM has fixed a vulnerability in IBM Security Access Manager in which sessions are not deleted after a user is logged out. A malicious party could potentially reuse the session of a logged out user thereby potentially reuse it and thus gain elevated rights to the vulnerable system. IBM has releas...
Vulnerabilities fixed in Citrix Gateway Plug-in for Windows
Citrix has fixed two vulnerabilities in the Citrix Gateway Plug-in for Windows. By exploiting these vulnerabilities could potentially gain elevated privileges acquire elevated privileges on the vulnerable system. Citrix has released updates to fix the vulnerabilities. For more information, see:...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in IBM MQ. A local, authenticated malicious party could potentially exploit it to gain access to log files containing information about the system. IBM has released updates to fix the vulnerability. For more information, see:...
Vulnerability fixed in Blackberry Unified Endpoint Management
Blackberry has fixed a vulnerability in Blackberry Unified Endpoint Management UEM. A malicious party with network access to the UEM server could potentially exploit the vulnerability to cause a denial-of-service exploit on UEM Core. Blackberry has released updates to fix the vulnerability fix in...
Vulnerabilities fixed in BIND
Several vulnerabilities have been fixed in BIND. A unauthenticated remote malicious person could potentially exploit them to cause a denial-of-service of the DNS service. cause. To do this, rogue network traffic should be sent to the BIND server. -= SUSE =- SUSE has made updates available to fix...
Vulnerabilities fixed in Acronis Cyber Backup and True Image
Acronis has fixed multiple vulnerabilities in Cyber Backup and True Image. A local malicious party could potentially exploit them to execute arbitrary code under SYSTEM privileges. To do this, a rogue file must be placed in a specific folder on the file system. Acronis has released updates to fix...
Vulnerabilities fixed in SUSE
Several vulnerabilities have been fixed in SUSE Linux Enterprise. The vulnerabilities potentially enable a local malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to syste...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code, to obtain elevated privileges, gain access to sensitive data, launch a denial-of-service attack, or to bypass a security measure. The vulnerability with...
Vulnerability fixed in Microsoft Exchange Server
Microsoft has fixed a vulnerability that could allow an authenticated malicious party potentially able to gain access to sensitive systems. Microsoft Exchange Server: |---------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in SAP
Several vulnerabilities have been fixed in various SAP products. SAP has identified two of these vulnerabilities as urgent. The first of these two vulnerabilities is located in SAP Solution Manager and has a CVSS score of 10.0 CVE-2020-6364. A unauthenticated remote malicious agent could...
Vulnerabilities fixed in Microsoft Office products
Microsoft fixes multiple vulnerabilities in Microsoft Office and Sharepoint products. A malicious party could potentially exploit them to execute arbitrary code, to obtain elevated permissions, to gain access to sensitive data obtain access to sensitive data, to conduct a denial-of-service attack...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. The vulnerability in Microsoft Dynamics with the attribute CVE-2020-16943 allows a malicious person to access sensitive data. The vulnerabilities with the attributes CVE-2020-16956 and CVE-2020-16978 enable a remote maliciou...
Vulnerabilities fixed in Siemens Ruggedcom and Scalance
Siemens has fixed multiple vulnerabilities in several Ruggedcom and Scalance products. A remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service of dnsmasq or execute arbitrary code. To do this requires sending malicious network traffic to the vulnerable...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code, bypass security measures or access gain access to sensitive data. Information about the vulnerability with reference CVE-2020-16937 is...
Vulnerability fixed in IBM Db2
IBM has fixed a vulnerability in Db2 and Db2 Connect. A unauthenticated remote malicious party can exploit the vulnerability potentially exploit it to cause a denial-of-service. IBM has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in phpMyAdmin
Two vulnerabilities have been fixed in phpMyAdmin. A remote malicious party could exploit the vulnerabilities to execute an SQL injection or Cross-Site Scripting XSS attack. To exploit the XSS vulnerability, the malicious party must create a persuade phpMyAdmin user to open a rogue URL. XSS can...
Vulnerability fixed in SPICE
A vulnerability has been fixed in SPICE. A malicious party could vulnerability potentially exploit it to cause a denial-of-service cause or execute arbitrary code. -= Debian =- Debian has made updates of spice available for Debian 10.0 Buster to fix the vulnerability. You can install the custom...
Vulnerabilities fixed in openSUSE
Vulnerabilities have been fixed in the OpenSUSE kernel. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user...
Vulnerability fixed in JIRA
Atlassian has fixed a vulnerability in JIRA. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Atlassian has released updates to fi...
Vulnerabilities fixed in IBM Security Access Manager
IBM has fixed multiple vulnerabilities in IBM Security Access Manager. A malicious party could potentially exploit the vulnerabilities to obtain information about the system. Little substantive information about the vulnerabilities has been made publicly available. IBM has released updates to fix...
Vulnerability fixed in IBM Informix
IBM has fixed a vulnerability in Informix. A local malicious party could potentially exploit the vulnerability to execute arbitrary code under the privileges of the informix user. IBM has released updates to fix the vulnerability in Informix Dynamic Server. For more information, see:...
Vulnerabilities fixed in Cisco StarOS for ASR 5000 Series routers
Cisco has fixed multiple vulnerabilities in StarOS for ASR 5000 Series routers. A local malicious person with limited administrator privileges could potentially exploit the vulnerabilities to execute arbitrary code under root privileges. Cisco has released updates to fix the vulnerabilities in...
Vulnerabilities fixed in Arista EOS
Arista has fixed several vulnerabilities in EOS. The vulnerabilities allow a malicious party to perform a Denial-of-Service DoS exploit. To do this, malicious network traffic to the device. Arista has released updates to fix the vulnerabilities. For more information, see: CVE-2020-15897:...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed multiple vulnerabilities in Identity Services Engine ISE. The vulnerabilities allow a malicious person with limited administrator privileges be able to modify ISE configurations modify ISE configurations without having the required privileges or a Cross-Site Scripting XSS attack...