4179 matches found
Multiple vulnerabilities fixed in F5 BIG-IP products
F5 has fixed several vulnerabilities in BIG-IP. Malicious remote users can exploit the vulnerabilities to cause a Denial-of-Service or perform Cross-Site-Scripting and Cross-Site-Request-Forgery attacks. Authenticated malicious parties can exploit some vulnerabilities exploit them to bypass...
Vulnerability in Autodesk 3ds max actively exploited
Autodesk says it is actively observing abuse of a vulnerability in 3ds max software. A variant of the MAXScript exploit "PhysXPluginMfx" allows a remote malicious person to to execute arbitrary code within the context of the application. To do this, the malicious party must entice the victim to...
Vulnerabilities fixed in Xen, Citrix XenServer and Hypervisor
Vulnerabilities have been fixed in Xen, Citrix XenServer and Hypervisor. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under application privileges. -= Citrix Xenserver =- Citrix has released updates to fix the...
Multiple vulnerabilities fixed in Ghostscript
Several vulnerabilities have been fixed in Ghostscript. The vulnerabilities allow a remote malicious party to cause a denial-of-service, or potentially execute arbitrary code execute with the privileges of the process calling Ghostscript. -= Ubuntu =- Canonical has made updates available for Ubun...
Vulnerabilities fixed in Squid
Squid's developers have fixed three vulnerabilities. Of one vulnerability no CVE-id is known. The vulnerabilities allow a remote malicious party the ability to use cache poisoning to potentially gain access to sensitive data, or to cause a Denial-of-Service. The developers have released updates t...
Vulnerability fixed in VMware vCenter and ESXi
Vmware has fixed a vulnerability in vCenter and ESXi. The vulnerability allows a remote malicious party to cause a partial denial-of-service DoS exploit. Vmware has released updates to fix the vulnerability in Vcenter and ESXi. For more information, see:...
Vulnerability fixed in Apache SOLR
SOLR's developers have fixed a vulnerability. The vulnerability allows a malicious party to gain access to sensitive data because the API of the Replication Handler accepts any location as the target location of the backup, restore and deletebackup commands. This allows a malicious party can...
Several vulnerabilities fixed in BIND
Several vulnerabilities have been fixed in BIND. A malicious person can remotely exploit the vulnerabilities to cause the BIND process to crash and thus cause a denial-of-service on DNS traffic cause. ISC has released updates to fix the vulnerabilities in BIND 9.11.22, 9.16.6 and 9.17.4. For more...
Vulnerability fixed in Cisco Webex Meetings
A vulnerability has been fixed in the Cisco Webex Meetings Desktop App for Windows. The vulnerability allows a malicious party to to overwrite files on the end user's system. Cisco has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in Icinga Web 2
Icinga has fixed a potential path-traversal vulnerability in Icinga Web 2. The vulnerability allows a malicious party to read sensitive files that can be read by the process on which Icinga Web 2 is running. This is often a Web server or an FPM process. Although the vulnerability itself is in the...
Vulnerabilities fixed in Cisco Data Center Network Manager
Cisco has fixed several vulnerabilities in the Data Center Network Manager. The vulnerabilities allow a local authenticated malicious party to conduct attacks that can lead to the following types of damage: Cross-Site Scripting XSS. Manipulation of data Access to system data Increased user...
Vulnerabilities fixed in Elastic search
Vulnerabilities have been fixed in Elastic search. The vulnerabilities allow a malicious party to access gain access to sensitive data and to obtain elevated user privileges obtain. The developers of Elastic search have made updates available made available to fix the vulnerabilities. For more...
Vulnerability fixed in GitLab
A vulnerability has been fixed in GitLab Enterprise Edition. A malicious party could exploit the vulnerability to obtain of sensitive information. GitLab has released updates to fix the vulnerability. More information can be found on the page below: https://about.gitlab.com/releases/2020/08/18...
Vulnerability fixed in Chrome
Google has released a new version of Chrome. At this time not all details are known and Google only names one specific vulnerability which they themselves rate as "High. This concerns a Heap buffer overflow vulnerability, which could potentially be be exploited by a malicious party to execute...
Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform
Vulnerabilities have been fixed in Red Hat JBoss Enterprise Application Platform. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing authenticatio...
Vulnerability fixed in libvirt
A vulnerability has been fixed in libvirt. The vulnerability allows a local malicious person to gain elevated privileges. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 12 and 15. fixes in SUSE 12 and 15. You can install these custom packages by using 'YaST'. You can...
Vulnerabilities fixed in PostgreSQL
Two vulnerabilities have been fixed in PostgreSQL. Both vulnerabilities allow a locally authenticated malicious person to able to execute arbitrary SQL commands under the privileges of a superuser on the database. PostgreSQL has released updates to address the vulnerabilities. fix. More informati...
Vulnerabilities fixed in SNMP
Debian has fixed vulnerabilities in SNMP. The vulnerabilities allow a locally authenticated malicious person to obtain elevated privileges. -= Debian =- Debian has made updates to net-snmp available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages install...
Vulnerabilities fixed in CyberArk
Vulnerabilities have been fixed in CyberArk products including several Credential Providers and The Vault. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Apache HTTP server
Vulnerabilities have been fixed in Apache. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data -= Ubuntu =- Canonical has...
Vulnerabilities fixed in Apache Struts
Apache has fixed vulnerabilities in Struts. The vulnerabilities allow a remote malicious party to cause a denial-of-service cause and to execute arbitrary code under permissions of the application. Apache has released updates to fix the vulnerabilities. More information can be found on the pages...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. The vulnerabilities can be exploited by a malicious person to perform of a Cross-Site-Scripting XSS attack. The vulnerability allows a malicious party to execute arbitrary code under the privileges of the browser. Jenkins has released updates to fix the...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been fixed in Red Hat OpenShift Container Platform. The vulnerability allows a malicious party to cause a Denial-of-Service by offering specially prepared ed25519 SSH keys. Red Hat has made updates available for Red Hat OpenShift Container Platform . You can install these...
Vulnerability fixed in IBM WebSphere Application Server
A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows an unauthenticated malicious person remotely capable of executing arbitrary code on the system. IBM indicates that to exploit this vulnerability, an undocumented change must be made by the administrator o...
Vulnerabilities fixed in Dovecot
Vulnerabilities have been fixed in Dovecot. The vulnerabilities allow a malicious person to cause a denial-of-service cause. Dovecot has released updates to fix the vulnerabilities. For more information, see the following pages: CVE-2020-12100:...
Vulnerabilities fixed in Debian
Vulnerabilities have been fixed in the linux kernel. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive information. obtain. Debian has made linux kernel 4.19 available for Debian 9.0 Stretch to address the vulnerabilities. You can install the custom...
Vulnerabilities fixed in Ubuntu
Ubuntu has fixed vulnerabilities in the apport component. Apport collects data about stuck processes and compiles reports automatically that can be shared with developers shared. For the stable-version of Ubuntu, apport is disabled. The vulnerabilities allow a malicious person to perform attacks...
Vulnerabilities fixed in Adobe Acrobat and Reader
Adobe has fixed vulnerabilities in Acrobat and Reader. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive...
Vulnerability fixed in Fedora kernel
A vulnerability has been fixed in the Fedora kernel. The vulnerability allows a local malicious person to access gain access to system data. Fedora has made updates available for Fedora 32. You can install these updates by using the 'dnf' or 'yum' command. More information about these updates and...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A remote malicious person could potentially exploit them to execute arbitrary code, to obtain elevated privileges obtain elevated privileges, to access sensitive data or to perform a denial-of-service attack. Below is a summary of the various...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. Little little substantive information made publicly available. The most vulnerabilities allow a malicious party to launch a denial-of-service attack. Google has released updates to fix the vulnerabilities in Chrome. For more information, see:...
Vulnerability fixed in TeamViewer
A vulnerability has been fixed in TeamViewer. The vulnerability allows an unauthenticated remote malicious party to opportunity to cause TeamViewer to send out an NTLM request. The malicious party to do this must induce the victim to visit a rogue website. The NTLM request can be captured by the...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Administrator/Root privileges Siemens...
Vulnerability fixed in SAP S/4 HANA
SAP has fixed a vulnerability in SAP S/4 HANA. By exploiting this vulnerability, a malicious person with user privileges remotely bypass authentication and make data make data inaccessible. SAP has made an update available to fix the vulnerability fix, see for more information:...
Vulnerabilities fixed in Microsoft Office products
Microsoft fixes multiple vulnerabilities in Microsoft Office and Microsoft SharePoint products. A remote malicious person could vulnerabilities potentially exploit them to execute arbitrary code execute arbitrary code, obtain elevated privileges, access sensitive data, or to perform...
Vulnerabilities fixed in SAP Netweaver
SAP has fixed several vulnerabilities in SAP Netweaver. These vulnerabilities allow malicious actors to remotely bypass authentication, execute arbitrary code, conduct a cross-site scripting attack, upload files and view sensitive information. SAP has released updates to address these...
Vulnerabilities fixed in Microsoft browsers
Microsoft has fixed several vulnerabilities in Internet Explorer and Edge. All of the vulnerabilities allow a malicious person to able to execute arbitrary code in the context of the user when he manages to trick the user into opening a malicious Web site or document to open. Below is an overview...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication Circumvention of security...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code, to gain elevated privileges or to perform a denial-of-service DoS attack. Below is a summary of the various vulnerabilities described by...
Vulnerability fixed in PostgreSQL jdbc driver
A vulnerability has been fixed in the PostgreSQL jdbc driver for Java. The so-called XML external-entity vulnerability XXE allows a locally authenticated malicious person to execute arbitrary code execute arbitrary code under database privileges. -= Red Hat =- Red Hat has made updates available f...
Vulnerabilities fixed in Apache HTTP Server
Vulnerabilities have been fixed in Apache HTTP Server. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial of Service Apache has made updates available to address the vulnerabilities. fixes. More information can ...
Vulnerability fixed in Avaya IP Office Manager
A vulnerability has been fixed in Avaya IP Office Manager. The vulnerability allows an unauthenticated malicious person with access to the network to obtain sensitive data. Avaya has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in openSUSE kernel
Vulnerabilities have been fixed in the kernel of openSUSE Leap 15.1. The vulnerabilities allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Access to system data Increased user...
Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client
Vulnerabilities have been fixed in Cisco AnyConnect Secure Mobility Client for Windows. The vulnerabilities allow a local malicious person with valid Windows login credentials to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Data...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities among other things allow an unauthenticated remote malicious person to remotely capable of causing a denial of service. Python has released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerabilities fixed in GRUB2
Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...
Vulnerabilities fixed in MySQL Server
Ubuntu has fixed several vulnerabilities in MySQL. An authenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or obtain read and write access to data stored in MySQL databases stored. -= Ubuntu =- Canonical has made updates...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. Little little substantive information made publicly available. It is possible that a malicious party could exploit the vulnerabilities to execute arbitrary code with user privileges or for causing a denial-of-service on the Web browser. Google h...
Vulnerability fixed in Kubernetes
A vulnerability has been fixed in Kubernetes. The vulnerability allows an authenticated malicious person with root privileges on a node to gain elevated privileges on other nodes running in the same cluster running. With these elevated rights to take over pods on the affected nodes. When multiple...
Fixed vulnerability in Citrix Workspace (formerly Citrix Receiver)
A vulnerability has been fixed in the automatic update service of the Citrix Workspace app for Windows that could result in increased user privileges. Citrix has made an update available to fix the vulnerability. fix. For more information, see the following page:...