4197 matches found
Vulnerability fixed in Samba
Ubuntu has fixed a vulnerability in Samba. The vulnerability potentially allows a malicious party to obtain domain administrator rights. The vulnerability with reference CVE-2020-1472 in Samba in that case should be exploited in conjunction with a vulnerable Microsoft domain controller to be...
Vulnerability fixed in FortiOS
Fortinet has fixed a vulnerability in FortiOS. The vulnerability allows a malicious party to perform a Cross-Site Scripting XSS attack. The vulnerability arises from incorrect input validation when generating a Web page in the SSL VPN portal. Fortinet has released updates to fix the vulnerability...
Vulnerabilities fixed in Apple Safari
Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to execute arbitrary code under the application's permissions. Apple has released updates to fix the vulnerabilities in Safari. For more information, see: https://support.apple.com/en-us/HT211845...
Vulnerabilities fixed in Apple iOS and iPadOS
Vulnerabilities have been fixed in Apple iOS and iPadOS. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution Us...
Vulnerability fixed in Trend Micro ServerProtect
Trend Micro has fixed a vulnerability in ServerProtect for Linux. The vulnerability allows a remote malicious person to to execute arbitrary code under certain circumstances. Trend Micro rated the vulnerability with attribute CVE-2020-24561 with a CVSS score of 9.1. Trend Micro has released updat...
Vulnerabilities fixed in Drupal
Vulnerabilities have been fixed in Drupal. The vulnerabilities allow a malicious person to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Accessing sensitive data The vulnerability with attribute CVE-2020-13668...
Vulnerability fixed in Acronis Cyber Backup
A vulnerability has been found in Acronis Cyber Backup. A malicious party can exploit the vulnerability to perform a Server-side request-forgery SSRF. This allows the attacker gains access to system data. Acronis has released updates to fix the vulnerability. See the page below for more...
Vulnerabilities fixed in VMware Workstation, Fusion and Horizon
Vulnerabilities have been fixed in VMware Workstation, Fusion and Horizon. The vulnerability with reference CVE-2020-3980 relates to VMware Fusion and allows a malicious party to obtain elevated user privileges. The remaining CVE characteristics enable a malicious person to cause a...
Vulnerabilities fixed in IBM Spectrum Protect
Vulnerabilities have been fixed in IBM Spectrum Protect. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code and gain access to system data. IBM has released updates to fix the vulnerabilities. More information can be found on the page below:...
Vulnerability fixed in Red Hat JBoss Enterprise Application Platform
A vulnerability has been fixed in JBoss Enterprise Application Platform. The vulnerability allows a malicious party to launch a Denial-of-Service DoS attack. -= Red Hat =- Red Hat has made updates available. You can install these updates install using the command 'yum'. More information about the...
Vulnerabilities fixed in Samsung Mobile
Samsung has fixed several vulnerabilities in its Android distribution. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...
Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel
Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. A malicious party could potentially exploit them to cause a denial-of-service or to obtain elevated privileges on the vulnerable system. -= Oracle =- Oracle has made updates available for Oracle Linux 6. You can instal...
Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel
Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...
Vulnerabilities fixed in McAfee Agent
Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities allow a malicious party to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Increased user privileges McAfee has released updates...
Vulnerability fixed in WebSphere Application Server Admin Console
IBM has fixed a vulnerability in the WebSphere Application Server Admin Console. The attack that can exploit this vulnerability exploit is referred to as Cross-Site Scripting. The vulnerability allows an unauthenticated remote malicious person is able to execute arbitrary code in the browser of t...
Vulnerability fixed in XWiki
The developers of XWiki have fixed a vulnerability. A malicious person with SCRIPT privileges could exploit the vulnerability to gain access to the server's Instance Manager and thereby create arbitrary Java objects. The developers have released updates to fix the vulnerability fix in XWiki 12.2....
Vulnerabilities fixed in Apache ActiveMQ
Apache has fixed vulnerabilities in Apache ActiveMQ. The vulnerabilities potentially allow a malicious party to impersonate pose as a legitimate server trusted by the user. This allows the malicious party to gain access to data sent by the victim was sent encrypted. The victim is under the...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign. The vulnerabilities allow a malicious person to execute arbitrary code execute arbitrary code. Adobe designates these vulnerabilities as critical. Adobe has made updates available to address the vulnerabilities. fix. More information can be found on th...
Vulnerabilities fixed in PAN-OS
Vulnerabilities have been fixed in PAN-OS. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...
Vulnerability fixed in Citrix Storefront
Citrix has fixed a vulnerability in StoreFront Server. The vulnerability allows an authenticated malicious party to obtain obtain arbitrary data from the StoreFront server. The malicious party must be logged into the same Active-Directory-domain as where the StoreFront logged on to the same...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Framemaker. The vulnerabilities allow a malicious person to execute arbitrary code execute arbitrary code under user privileges. Adobe designates these vulnerabilities as critical. Adobe has made updates available to address the vulnerabilities. fix. More...
Vulnerability found in BIG-IP
F5 has found a vulnerability in BIG-IP. The vulnerability enables an unauthenticated remote malicious party to opportunity to decrypt TLS-encrypted messages. The malicious party must perform a rogue TLS handshake to do so. BIG-IP categorizes this vulnerability according to the CVSSv3 method with ...
Vulnerabilities fixed in McAfee Endpoint Security
McAfee has fixed vulnerabilities in End Point Security. A local malicious party could exploit the vulnerabilities to gain access gain access to sensitive data, or by obtaining elevated permissions to stop the anti-virus process and thereby deploy undetected implement malware. McAfee has released...
Vulnerabilities fixed in Android
Google has fixed several vulnerabilities in the Android operating system. The vulnerabilities allow a malicious person to able to perform attacks that can lead to the following types of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Google has...
Vulnerabilities fixed in Ansible
Vulnerabilities have been fixed in Ansible. The vulnerabilities allow a malicious party to gain access to sensitive and system data. Ansible has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-1736:...
Vulnerabilities fixed in IP stack of various SIEMENS products
Siemens has fixed two vulnerabilities in the Linux IP stack of various industrial products. An unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service cause. The malicious party must have access to the production network. It is good practice not to have suc...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixes multiple vulnerabilities in Microsoft Dynamics 365 products. The vulnerabilities in Microsoft Dynamics 365 on-premises and Microsoft Dynamics 365 for Finance and Operations on-premise allow a malicious party to execute arbitrary code or perform Cross-Site Scripting XSS attack. The...
Serious vulnerability fixed in Microsoft Exchange
There is a serious vulnerability in Microsoft Exchange Server. The vulnerability occurs due to improper handling of objects in memory. Upon successful exploitation of this vulnerability, it allows an unauthenticated remote malicious agent to remote user to execute arbitrary code with SYSTEM...
Vulnerabilities fixed in Microsoft Developer tools
Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code or to bypass a security measure. Microsoft considers the vulnerability with attribute CVE-2020-16874 to be critical. The vulnerability in...
Vulnerabilities fixed in Microsoft SharePoint
Microsoft is fixing several vulnerabilities in Microsoft SharePoint. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code or to conduct a Cross-Site-Scripting XSS attack. Two of the vulnerabilities in SharePoint can be exploited to execute arbitrary code in th...
Vulnerabilities discovered in HMI Panels
Because SIMATIC HMI panels do not properly handle repeated login attempts correctly, they are susceptible to Brute-force attacks. A malicious party can use them to retrieve user names and passwords find out and thus issue random commands with permissions from the affected user account. To exploit...
Vulnerability discovered in Siemens SIMATIC S&-300 and S7-400 CPUs
Siemens has discovered a vulnerability in the SIMATIC S7-300 and S7-400 CPUs. An unauthenticated malicious person can exploit the exploit the vulnerability to eavesdrop on network traffic and thereby obtaining login credentials. To exploit the vulnerability, the attacker must have access to the...
WIBU CodeMeter vulnerabilities discovered in several Sieens products
WIBU systems has published a number of vulnerabilities, which would allow an unauthenticated remote malicious person is able to Manipulate license files, execute arbitrary code with application privileges or to cause a Denial-of-Service cause. WIBU gives the vulnerability with attribute...
Vulnerabilities fixed in Siemens Spectrum Power
Siemens has fixed two vulnerabilities in Spectrum Power 4. An unauthenticated malicious person could exploit the vulnerabilities to gain access to system data and sensitive data. Siemens has updates and mitigations available to address the vulnerabilities in Spectrum Power. However, these have no...
Multiple vulnerabilities fixed in Microsoft browsers
There are multiple vulnerabilities in the Scripting Engine, Microsoft Edge and Microsoft Internet Explorer. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code or to obtain elevated privileges. The vulnerability with the highest rating has the attribute...
Vulnerability fixed in Microsoft SQL Server Reporting Services
There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to incorrect validation of attachments to reports. If successfully exploited, the vulnerability enables an authenticated malicious person able to add unauthoriz...
Vulnerability fixed in OpenSUSE
SUSE has made available an update to fix a vulnerability in the Linux kernel. The vulnerability allows a locally authenticated malicious person able to obtain elevated user privileges to obtain. See "Possible fixes" for more information. The developers of OpenSUSE have made updates available to f...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data, - cause a denial-of-service, - bypass security measures, - circumvent authentication...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. An authentication check was missing in SAP Solution Manager. The vulnerabilities in SAP BusinessObjects Business Intelligence Platform were not explained further. SAP has released updates to fix the vulnerabilities. More information can be found on...
Vulnerability discovered in several Siemens products
Researchers have revealed that several Industrial products from Siemens are vulnerable to the so-called "CrossTalk" vulnerability in Intel Processors. A local malicious person with the rights to install software can exploit the vulnerability to gain access gain access to sensitive data. To do so,...
Vulnerabilities fixed in SAP Netweaver
SAP has fixed several vulnerabilities in SAP NetWeaver. These vulnerabilities allow malicious actors to remotely launch a Cross Site Scripting attack, or Server Side Request Forgery to execute execute. SAP has released updates to fix these vulnerabilities. For more information see:...
Vulnerabilities fixed in Microsoft Office products
Microsoft fixes multiple vulnerabilities in Microsoft Office and OneDrive products. A malicious party could potentially exploit them to execute arbitrary code, to obtain elevated privileges gain access to sensitive data, or for performing a Cross-Site-Scripting XSS attack. This could include if t...
Vulnerability fixed in IBM Aspera Connect
IBM has fixed a vulnerability in Aspera Connect. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code under privileges of the application. To do so, the malicious party must induce the victim to execute load a rogue dynamic-link library. IBM has...
Vulnerabilities fixed in Nagios
Several vulnerabilities have been fixed in Nagios. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Increased user privileges For now, not ever...
Vulnerability fixed in Bitdefender Endpoint Security
Bitdefender has fixed an update in Bitdefender Endpoint Security Tools and the Endpoint Security SDK. The vulnerability could potentially be exploited by a malicious party to obtain elevated user privileges and manipulate data. Bitdefender categorizes this vulnerability according to the CVSSv3...
Vulnerability fixed in GnuTLS
A vulnerability has been fixed in GnuTLS. The vulnerability allows a remote malicious person who has access to a TLS server that the victim is connected to is able to cause a denial-of-service attack. To exploit the vulnerability the TLS connection must meet specific conditions. The developers of...
Vulnerabilities fixed in Oracle kernel
Vulnerabilities have been fixed in Oracle kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data -= Oracle =- Oracle has made updates available for Oracle Linux ...
Vulnerabilities fixed in Gitlab
Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Circumvention of security measure Remote...
Vulnerabilities fixed in Sophos UTM Up2Date
Sophos has fixed multiple vulnerabilities in Up2Date for Sophos UTM. The vulnerabilities allow a remote malicious person potentially able to cause a denial-of-service or gain access gain access to sensitive information. Sophos has released updates to fix the vulnerabilities in Sophos UTM Up2Data...
Vulnerabilities fixed in FreeBSD
The developers of FreeBSD have fixed several vulnerabilities fixed in several network modules used by FreeBSD. used. A malicious party on the local network could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the...