4197 matches found
Vulnerabilities fixed in Kaspersky Security Center
Kaspersky has fixed multiple vulnerabilities in Kaspersky Security Center. The vulnerabilities allow a local malicious able to cause a denial-of-service or obtain elevated privileges obtain elevated privileges on the local system. Not all of the vulnerabilities have assigned a CVE number. Kaspers...
Vulnerabilities fixed in Cisco IOS XR and ASR
Cisco has fixed multiple vulnerabilities in IOS XR and 9000-series Aggregation Services Routers ASR. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data...
Vulnerabilities fixed in Cisco Jabber for Windows client
Vulnerabilities have been fixed in Cisco Jabber for Windows client. The vulnerabilities allow an authenticated remote malicious person to remote user to obtain sensitive information and to execute arbitrary code under user privileges. To exploit the vulnerabilities, the malicious party must send...
Vulnerabilities fixed in OpenSUSE kernel
The developers of OpenSUSE have fixed several vulnerabilities fixed in the OpenSUSE Linux kernel. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data...
Vulnerabilities fixed in Samsung Mobile
Samsung has fixed several vulnerabilities in its Android distribution. The vulnerabilities allow a malicious potentially able to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...
Vulnerability fixed in Ansible
A vulnerability has been fixed in Ansible. The vulnerability allows a malicious person to bypass a security measure. To exploit the vulnerability, the malicious party must get a system administrator to get a rogue installation package to install. Ansible has released updates to fix the...
Vulnerability fixed in Red Hat OpenShift Container Platform
Red Hat has fixed a vulnerability in the OpenShift Container Platform. A local user or application with elevated privileges can write a large amount of data within a pod to the /etc/hosts file. A malicious party could potentially exploit this vulnerability to cause a denial-of-service on the node...
Vulnerability fixed in Atlassian Jira
Vulnerable versions of Atlassian Jira Server and Data Center allow a remote malicious person to enumerate project keys via a vulnerability in the /browse.PROJECTKEY endpoint. Atlassian has made version 8.12.0 of Jira available. More information can be found on the following page:...
Vulnerability fixed in libvirt and QEMU
Red Hat has fixed vulnerabilities in QEMU and libvirt. The vulnerabilities allow a locally authenticated malicious party to able to obtain elevated privileges and system data. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 6, 7 and 8. You can install these updates...
Vulnerabilities fixed in Ubuntu Linux kernel
Canonical has fixed several vulnerabilities in the Ubuntu Linux kernel. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service Manipulation of data Access to sensitive data Increased user privileges...
Vulnerability fixed in Trend Micro OfficeScan
Trend Micro has fixed a vulnerability in OfficeScan. The vulnerability allows a malicious party to obtain elevated privileges obtain and to execute arbitrary code. Trend Micro categorizes this vulnerability according to the CVSSv3 method with a score of 7.8. Trend Micro has released updates to fi...
Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform
Vulnerabilities have been fixed in JBoss Enterprise Application Platform. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights SQL Injection Red H...
Vulnerability fixed in Cisco IOS XR
Cisco has fixed a vulnerability in the Distance Vector Multicast Routing Protocol DVMRP functionality in IOS XR. The vulnerability allows an unauthenticated remote malicious person able to cause a Denial-of-Service on the vulnerable device. To do so, the malicious party needs to send rogue IGMP...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in Cisco products. These include several Nexus, MDS 9000 switches, UCS and Firepower models. The vulnerabilities enable a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. Little little substantive information made publicly available. Of a number of vulnerabilities, no CVE IDs have been disclosed yet. A malicious party could potentially exploit the vulnerabilities to bypass security measures and possibly cause a...
Vulnerabilities fixed in Joomla!
Joomla has fixed a number of vulnerabilities in Joomla! CMS. A remote malicious party could potentially exploit the vulnerabilities to perform a cross-site scripting attack. It is also possible for a malicious party to gain access through a path-traversal gain access to data outside the web-root...
Vulnerabilities fixed in the X11 server
SUSE has fixed three vulnerabilities in the x.org X11 server. A malicious party could potentially exploit the vulnerabilities to bypass security measures and gain access to system data and/or memory. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in...
Vulnerability in Autodesk 3ds max actively exploited
Autodesk says it is actively observing abuse of a vulnerability in 3ds max software. A variant of the MAXScript exploit "PhysXPluginMfx" allows a remote malicious person to to execute arbitrary code within the context of the application. To do this, the malicious party must entice the victim to...
Multiple vulnerabilities fixed in F5 BIG-IP products
F5 has fixed several vulnerabilities in BIG-IP. Malicious remote users can exploit the vulnerabilities to cause a Denial-of-Service or perform Cross-Site-Scripting and Cross-Site-Request-Forgery attacks. Authenticated malicious parties can exploit some vulnerabilities exploit them to bypass...
Vulnerabilities fixed in Firefox and Firefox ESR
Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights Access to...
Vulnerabilities fixed in Xen, Citrix XenServer and Hypervisor
Vulnerabilities have been fixed in Xen, Citrix XenServer and Hypervisor. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under application privileges. -= Citrix Xenserver =- Citrix has released updates to fix the...
Multiple vulnerabilities fixed in Ghostscript
Several vulnerabilities have been fixed in Ghostscript. The vulnerabilities allow a remote malicious party to cause a denial-of-service, or potentially execute arbitrary code execute with the privileges of the process calling Ghostscript. -= Ubuntu =- Canonical has made updates available for Ubun...
Vulnerabilities fixed in Squid
Squid's developers have fixed three vulnerabilities. Of one vulnerability no CVE-id is known. The vulnerabilities allow a remote malicious party the ability to use cache poisoning to potentially gain access to sensitive data, or to cause a Denial-of-Service. The developers have released updates t...
Vulnerability fixed in Apache SOLR
SOLR's developers have fixed a vulnerability. The vulnerability allows a malicious party to gain access to sensitive data because the API of the Replication Handler accepts any location as the target location of the backup, restore and deletebackup commands. This allows a malicious party can...
Vulnerability fixed in VMware vCenter and ESXi
Vmware has fixed a vulnerability in vCenter and ESXi. The vulnerability allows a remote malicious party to cause a partial denial-of-service DoS exploit. Vmware has released updates to fix the vulnerability in Vcenter and ESXi. For more information, see:...
Several vulnerabilities fixed in BIND
Several vulnerabilities have been fixed in BIND. A malicious person can remotely exploit the vulnerabilities to cause the BIND process to crash and thus cause a denial-of-service on DNS traffic cause. ISC has released updates to fix the vulnerabilities in BIND 9.11.22, 9.16.6 and 9.17.4. For more...
Vulnerability fixed in Cisco Webex Meetings
A vulnerability has been fixed in the Cisco Webex Meetings Desktop App for Windows. The vulnerability allows a malicious party to to overwrite files on the end user's system. Cisco has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerabilities fixed in Cisco Data Center Network Manager
Cisco has fixed several vulnerabilities in the Data Center Network Manager. The vulnerabilities allow a local authenticated malicious party to conduct attacks that can lead to the following types of damage: Cross-Site Scripting XSS. Manipulation of data Access to system data Increased user...
Vulnerability fixed in Icinga Web 2
Icinga has fixed a potential path-traversal vulnerability in Icinga Web 2. The vulnerability allows a malicious party to read sensitive files that can be read by the process on which Icinga Web 2 is running. This is often a Web server or an FPM process. Although the vulnerability itself is in the...
Vulnerability fixed in Chrome
Google has released a new version of Chrome. At this time not all details are known and Google only names one specific vulnerability which they themselves rate as "High. This concerns a Heap buffer overflow vulnerability, which could potentially be be exploited by a malicious party to execute...
Vulnerability fixed in GitLab
A vulnerability has been fixed in GitLab Enterprise Edition. A malicious party could exploit the vulnerability to obtain of sensitive information. GitLab has released updates to fix the vulnerability. More information can be found on the page below: https://about.gitlab.com/releases/2020/08/18...
Vulnerabilities fixed in Elastic search
Vulnerabilities have been fixed in Elastic search. The vulnerabilities allow a malicious party to access gain access to sensitive data and to obtain elevated user privileges obtain. The developers of Elastic search have made updates available made available to fix the vulnerabilities. For more...
Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform
Vulnerabilities have been fixed in Red Hat JBoss Enterprise Application Platform. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing authenticatio...
Vulnerability fixed in libvirt
A vulnerability has been fixed in libvirt. The vulnerability allows a local malicious person to gain elevated privileges. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 12 and 15. fixes in SUSE 12 and 15. You can install these custom packages by using 'YaST'. You can...
Vulnerabilities fixed in PostgreSQL
Two vulnerabilities have been fixed in PostgreSQL. Both vulnerabilities allow a locally authenticated malicious person to able to execute arbitrary SQL commands under the privileges of a superuser on the database. PostgreSQL has released updates to address the vulnerabilities. fix. More informati...
Vulnerabilities fixed in SNMP
Debian has fixed vulnerabilities in SNMP. The vulnerabilities allow a locally authenticated malicious person to obtain elevated privileges. -= Debian =- Debian has made updates to net-snmp available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages install...
Vulnerabilities fixed in CyberArk
Vulnerabilities have been fixed in CyberArk products including several Credential Providers and The Vault. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution...
Vulnerabilities fixed in Jenkins
Vulnerabilities have been fixed in Jenkins. The vulnerabilities can be exploited by a malicious person to perform of a Cross-Site-Scripting XSS attack. The vulnerability allows a malicious party to execute arbitrary code under the privileges of the browser. Jenkins has released updates to fix the...
Vulnerabilities fixed in Apache Struts
Apache has fixed vulnerabilities in Struts. The vulnerabilities allow a remote malicious party to cause a denial-of-service cause and to execute arbitrary code under permissions of the application. Apache has released updates to fix the vulnerabilities. More information can be found on the pages...
Vulnerabilities fixed in Apache HTTP server
Vulnerabilities have been fixed in Apache. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data -= Ubuntu =- Canonical has...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been fixed in Red Hat OpenShift Container Platform. The vulnerability allows a malicious party to cause a Denial-of-Service by offering specially prepared ed25519 SSH keys. Red Hat has made updates available for Red Hat OpenShift Container Platform . You can install these...
Vulnerabilities fixed in Dovecot
Vulnerabilities have been fixed in Dovecot. The vulnerabilities allow a malicious person to cause a denial-of-service cause. Dovecot has released updates to fix the vulnerabilities. For more information, see the following pages: CVE-2020-12100:...
Vulnerability fixed in IBM WebSphere Application Server
A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows an unauthenticated malicious person remotely capable of executing arbitrary code on the system. IBM indicates that to exploit this vulnerability, an undocumented change must be made by the administrator o...
Vulnerabilities fixed in Debian
Vulnerabilities have been fixed in the linux kernel. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive information. obtain. Debian has made linux kernel 4.19 available for Debian 9.0 Stretch to address the vulnerabilities. You can install the custom...
Vulnerabilities fixed in Adobe Acrobat and Reader
Adobe has fixed vulnerabilities in Acrobat and Reader. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive...
Vulnerabilities fixed in Ubuntu
Ubuntu has fixed vulnerabilities in the apport component. Apport collects data about stuck processes and compiles reports automatically that can be shared with developers shared. For the stable-version of Ubuntu, apport is disabled. The vulnerabilities allow a malicious person to perform attacks...
Vulnerability fixed in Fedora kernel
A vulnerability has been fixed in the Fedora kernel. The vulnerability allows a local malicious person to access gain access to system data. Fedora has made updates available for Fedora 32. You can install these updates by using the 'dnf' or 'yum' command. More information about these updates and...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixes multiple vulnerabilities in Windows. A remote malicious person could potentially exploit them to execute arbitrary code, to obtain elevated privileges obtain elevated privileges, to access sensitive data or to perform a denial-of-service attack. Below is a summary of the various...
Vulnerabilities fixed in Microsoft Office products
Microsoft fixes multiple vulnerabilities in Microsoft Office and Microsoft SharePoint products. A remote malicious person could vulnerabilities potentially exploit them to execute arbitrary code execute arbitrary code, obtain elevated privileges, access sensitive data, or to perform...
Vulnerabilities fixed in Microsoft browsers
Microsoft has fixed several vulnerabilities in Internet Explorer and Edge. All of the vulnerabilities allow a malicious person to able to execute arbitrary code in the context of the user when he manages to trick the user into opening a malicious Web site or document to open. Below is an overview...