Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Framemaker. The vulnerabilities allow a malicious person to execute arbitrary code execute arbitrary code under user privileges. Adobe designates these vulnerabilities as critical. Adobe has made updates available to address the vulnerabilities. fix. More...

Vulnerability fixed in Citrix Storefront

Citrix has fixed a vulnerability in StoreFront Server. The vulnerability allows an authenticated malicious party to obtain obtain arbitrary data from the StoreFront server. The malicious party must be logged into the same Active-Directory-domain as where the StoreFront logged on to the same...

Vulnerabilities fixed in McAfee Endpoint Security

McAfee has fixed vulnerabilities in End Point Security. A local malicious party could exploit the vulnerabilities to gain access gain access to sensitive data, or by obtaining elevated permissions to stop the anti-virus process and thereby deploy undetected implement malware. McAfee has released...

Vulnerabilities fixed in PAN-OS

Vulnerabilities have been fixed in PAN-OS. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...

Vulnerabilities fixed in Android

Google has fixed several vulnerabilities in the Android operating system. The vulnerabilities allow a malicious person to able to perform attacks that can lead to the following types of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Google has...

Vulnerability found in BIG-IP

F5 has found a vulnerability in BIG-IP. The vulnerability enables an unauthenticated remote malicious party to opportunity to decrypt TLS-encrypted messages. The malicious party must perform a rogue TLS handshake to do so. BIG-IP categorizes this vulnerability according to the CVSSv3 method with ...

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. The vulnerabilities allow a malicious person to execute arbitrary code execute arbitrary code. Adobe designates these vulnerabilities as critical. Adobe has made updates available to address the vulnerabilities. fix. More information can be found on th...

Vulnerabilities fixed in IP stack of various SIEMENS products

Siemens has fixed two vulnerabilities in the Linux IP stack of various industrial products. An unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service cause. The malicious party must have access to the production network. It is good practice not to have suc...

Vulnerabilities fixed in Siemens Spectrum Power

Siemens has fixed two vulnerabilities in Spectrum Power 4. An unauthenticated malicious person could exploit the vulnerabilities to gain access to system data and sensitive data. Siemens has updates and mitigations available to address the vulnerabilities in Spectrum Power. However, these have no...

Vulnerability fixed in Microsoft SQL Server Reporting Services

There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to incorrect validation of attachments to reports. If successfully exploited, the vulnerability enables an authenticated malicious person able to add unauthoriz...

Vulnerabilities fixed in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data, - cause a denial-of-service, - bypass security measures, - circumvent authentication...

Vulnerability discovered in several Siemens products

Researchers have revealed that several Industrial products from Siemens are vulnerable to the so-called "CrossTalk" vulnerability in Intel Processors. A local malicious person with the rights to install software can exploit the vulnerability to gain access gain access to sensitive data. To do so,...

Vulnerability fixed in OpenSUSE

SUSE has made available an update to fix a vulnerability in the Linux kernel. The vulnerability allows a locally authenticated malicious person able to obtain elevated user privileges to obtain. See "Possible fixes" for more information. The developers of OpenSUSE have made updates available to f...

Serious vulnerability fixed in Microsoft Exchange

There is a serious vulnerability in Microsoft Exchange Server. The vulnerability occurs due to improper handling of objects in memory. Upon successful exploitation of this vulnerability, it allows an unauthenticated remote malicious agent to remote user to execute arbitrary code with SYSTEM...

Multiple vulnerabilities fixed in Microsoft browsers

There are multiple vulnerabilities in the Scripting Engine, Microsoft Edge and Microsoft Internet Explorer. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code or to obtain elevated privileges. The vulnerability with the highest rating has the attribute...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. An authentication check was missing in SAP Solution Manager. The vulnerabilities in SAP BusinessObjects Business Intelligence Platform were not explained further. SAP has released updates to fix the vulnerabilities. More information can be found on...

Vulnerabilities fixed in Microsoft SharePoint

Microsoft is fixing several vulnerabilities in Microsoft SharePoint. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code or to conduct a Cross-Site-Scripting XSS attack. Two of the vulnerabilities in SharePoint can be exploited to execute arbitrary code in th...

Vulnerabilities fixed in SAP Netweaver

SAP has fixed several vulnerabilities in SAP NetWeaver. These vulnerabilities allow malicious actors to remotely launch a Cross Site Scripting attack, or Server Side Request Forgery to execute execute. SAP has released updates to fix these vulnerabilities. For more information see:...

WIBU CodeMeter vulnerabilities discovered in several Sieens products

WIBU systems has published a number of vulnerabilities, which would allow an unauthenticated remote malicious person is able to Manipulate license files, execute arbitrary code with application privileges or to cause a Denial-of-Service cause. WIBU gives the vulnerability with attribute...

Vulnerabilities fixed in Microsoft Office products

Microsoft fixes multiple vulnerabilities in Microsoft Office and OneDrive products. A malicious party could potentially exploit them to execute arbitrary code, to obtain elevated privileges gain access to sensitive data, or for performing a Cross-Site-Scripting XSS attack. This could include if t...

Vulnerabilities discovered in HMI Panels

Because SIMATIC HMI panels do not properly handle repeated login attempts correctly, they are susceptible to Brute-force attacks. A malicious party can use them to retrieve user names and passwords find out and thus issue random commands with permissions from the affected user account. To exploit...

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code or to bypass a security measure. Microsoft considers the vulnerability with attribute CVE-2020-16874 to be critical. The vulnerability in...

Vulnerability discovered in Siemens SIMATIC S&-300 and S7-400 CPUs

Siemens has discovered a vulnerability in the SIMATIC S7-300 and S7-400 CPUs. An unauthenticated malicious person can exploit the exploit the vulnerability to eavesdrop on network traffic and thereby obtaining login credentials. To exploit the vulnerability, the attacker must have access to the...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixes multiple vulnerabilities in Microsoft Dynamics 365 products. The vulnerabilities in Microsoft Dynamics 365 on-premises and Microsoft Dynamics 365 for Finance and Operations on-premise allow a malicious party to execute arbitrary code or perform Cross-Site Scripting XSS attack. The...

Vulnerability fixed in Bitdefender Endpoint Security

Bitdefender has fixed an update in Bitdefender Endpoint Security Tools and the Endpoint Security SDK. The vulnerability could potentially be exploited by a malicious party to obtain elevated user privileges and manipulate data. Bitdefender categorizes this vulnerability according to the CVSSv3...

Vulnerabilities fixed in Nagios

Several vulnerabilities have been fixed in Nagios. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Increased user privileges For now, not ever...

Vulnerability fixed in GnuTLS

A vulnerability has been fixed in GnuTLS. The vulnerability allows a remote malicious person who has access to a TLS server that the victim is connected to is able to cause a denial-of-service attack. To exploit the vulnerability the TLS connection must meet specific conditions. The developers of...

Vulnerability fixed in IBM Aspera Connect

IBM has fixed a vulnerability in Aspera Connect. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code under privileges of the application. To do so, the malicious party must induce the victim to execute load a rogue dynamic-link library. IBM has...

Vulnerabilities fixed in Oracle kernel

Vulnerabilities have been fixed in Oracle kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data -= Oracle =- Oracle has made updates available for Oracle Linux ...

Vulnerabilities fixed in Gitlab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Circumvention of security measure Remote...

Vulnerabilities fixed in Sophos UTM Up2Date

Sophos has fixed multiple vulnerabilities in Up2Date for Sophos UTM. The vulnerabilities allow a remote malicious person potentially able to cause a denial-of-service or gain access gain access to sensitive information. Sophos has released updates to fix the vulnerabilities in Sophos UTM Up2Data...

Vulnerability fixed in Ansible

A vulnerability has been fixed in Ansible. The vulnerability allows a malicious person to bypass a security measure. To exploit the vulnerability, the malicious party must get a system administrator to get a rogue installation package to install. Ansible has released updates to fix the...

Vulnerabilities fixed in FreeBSD

The developers of FreeBSD have fixed several vulnerabilities fixed in several network modules used by FreeBSD. used. A malicious party on the local network could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the...

Vulnerabilities fixed in Cisco Jabber for Windows client

Vulnerabilities have been fixed in Cisco Jabber for Windows client. The vulnerabilities allow an authenticated remote malicious person to remote user to obtain sensitive information and to execute arbitrary code under user privileges. To exploit the vulnerabilities, the malicious party must send...

Vulnerabilities fixed in Kaspersky Security Center

Kaspersky has fixed multiple vulnerabilities in Kaspersky Security Center. The vulnerabilities allow a local malicious able to cause a denial-of-service or obtain elevated privileges obtain elevated privileges on the local system. Not all of the vulnerabilities have assigned a CVE number. Kaspers...

Vulnerabilities fixed in Cisco IOS XR and ASR

Cisco has fixed multiple vulnerabilities in IOS XR and 9000-series Aggregation Services Routers ASR. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data...

Vulnerabilities fixed in Samsung Mobile

Samsung has fixed several vulnerabilities in its Android distribution. The vulnerabilities allow a malicious potentially able to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...

Vulnerabilities fixed in OpenSUSE kernel

The developers of OpenSUSE have fixed several vulnerabilities fixed in the OpenSUSE Linux kernel. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data...

Vulnerabilities fixed in Ubuntu Linux kernel

Canonical has fixed several vulnerabilities in the Ubuntu Linux kernel. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service Manipulation of data Access to sensitive data Increased user privileges...

Vulnerability fixed in Red Hat OpenShift Container Platform

Red Hat has fixed a vulnerability in the OpenShift Container Platform. A local user or application with elevated privileges can write a large amount of data within a pod to the /etc/hosts file. A malicious party could potentially exploit this vulnerability to cause a denial-of-service on the node...

Vulnerability fixed in libvirt and QEMU

Red Hat has fixed vulnerabilities in QEMU and libvirt. The vulnerabilities allow a locally authenticated malicious party to able to obtain elevated privileges and system data. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 6, 7 and 8. You can install these updates...

Vulnerability fixed in Atlassian Jira

Vulnerable versions of Atlassian Jira Server and Data Center allow a remote malicious person to enumerate project keys via a vulnerability in the /browse.PROJECTKEY endpoint. Atlassian has made version 8.12.0 of Jira available. More information can be found on the following page:...

Vulnerability fixed in Trend Micro OfficeScan

Trend Micro has fixed a vulnerability in OfficeScan. The vulnerability allows a malicious party to obtain elevated privileges obtain and to execute arbitrary code. Trend Micro categorizes this vulnerability according to the CVSSv3 method with a score of 7.8. Trend Micro has released updates to fi...

Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform

Vulnerabilities have been fixed in JBoss Enterprise Application Platform. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights SQL Injection Red H...

Vulnerability fixed in Cisco IOS XR

Cisco has fixed a vulnerability in the Distance Vector Multicast Routing Protocol DVMRP functionality in IOS XR. The vulnerability allows an unauthenticated remote malicious person able to cause a Denial-of-Service on the vulnerable device. To do so, the malicious party needs to send rogue IGMP...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. These include several Nexus, MDS 9000 switches, UCS and Firepower models. The vulnerabilities enable a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure...

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. Little little substantive information made publicly available. Of a number of vulnerabilities, no CVE IDs have been disclosed yet. A malicious party could potentially exploit the vulnerabilities to bypass security measures and possibly cause a...

Vulnerabilities fixed in the X11 server

SUSE has fixed three vulnerabilities in the x.org X11 server. A malicious party could potentially exploit the vulnerabilities to bypass security measures and gain access to system data and/or memory. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in...

Vulnerabilities fixed in Firefox and Firefox ESR

Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights Access to...

Vulnerabilities fixed in Joomla!

Joomla has fixed a number of vulnerabilities in Joomla! CMS. A remote malicious party could potentially exploit the vulnerabilities to perform a cross-site scripting attack. It is also possible for a malicious party to gain access through a path-traversal gain access to data outside the web-root...