4179 matches found
Vulnerabilities fixed in ClamAV
Vulnerabilities have been fixed in ClamAV. The vulnerabilities allow a malicious person to cause a denial-of-service cause. ClamAV has released updates to fix the vulnerabilities. More information can be found on the pages below: https://blog.clamav.net/2020/07...
Vulnerabilities fixed in IBM Spectrum Protect
Vulnerabilities have been fixed in IBM Spectrum Protect. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges IBM has released updates to fix t...
Multiple vulnerabilities fixed in Apple Safari
Apple has fixed several vulnerabilities in Safari. A malicious party can exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User Rights -= Appl...
Vulnerabilities fixed in Jenkins
Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...
Multiple vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party could potentially exploit the vulnerabilities for attacks that could lead to the following types of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple =- Apple has made...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data -= Apple =- Apple has made...
Vulnerabilities fixed in Apache Tomcat
Several vulnerabilities have been fixed in Apache Tomcat. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service on the Tomcat server. To do this the malicious party must send specially crafted HTTP or WebSocket traffic to the vulnerable server. The developer...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in Oracle Java SE. A malicious party could exploit the vulnerabilities to execute arbitrary code or for causing a denial-of-service. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Serious vulnerabilities fixed in SAP Netweaver
SAP has fixed several vulnerabilities in SAP Netweaver products. The vulnerabilities allow malicious parties to gain access to sensitive data, or possibly even the execute arbitrary commands that could take over the entire underlying system can be taken over. The vulnerability with reference...
Large number of linux vulnerabilities in SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Siemens has published a large number of vulnerabilities in the Linux subsystem of the SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP. Malicious parties can exploit the vulnerabilities to cause various types of damage, the most important of which are: Execution of arbitrary code with privileges of the...
Vulnerabilities fixed in MobileIron
MobileIron has fixed multiple vulnerabilities in MobileIron Core and Sentry. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Bypassing authentication Remote code execution Accessing sensitive data MobileIron has made little...
Vulnerabilities fixed in Samba
Several vulnerabilities have been fixed in Samba. The vulnerabilities are in the way Samba processes LDAP information and allows a malicious party to cause a denial-of-service cause or potentially execute arbitrary code with the rights of the application. -= Ubuntu =- Canonical has made updates...
Vulnerability fixed in Squid
A vulnerability has been fixed in Squid. The vulnerability allows a malicious party to bypass a security measure. Incomplete input validation makes it possible for a malicious person to possible to perform a Request Smuggling or Poisoning attack on the HTTP cache execute. The vulnerability with...
Vulnerability fixed in Apache Tomcat
A vulnerability has been fixed in Apache Tomcat. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service on the Tomcat server. To do this the malicious party needs to send a specially crafted HTTP/2 request to the server. This request causes an increased CPU loa...
Vulnerabilities fixed in cURL
GNU has fixed vulnerabilities in cURL. The vulnerabilities allow a remote malicious person to obtain sensitive to obtain data and to potentially corrupt a file. GNU has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-8169:...
Vulnerability fixed in ntpd
A vulnerability has been fixed in the ntp client daemon. The vulnerability allows an unauthenticated remote malicious person able to perform a denial-of-service attack. The developers of ntpd have released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerability fixed in Pulse Secure Client for Windows
A vulnerability has been fixed in Pulse Secure Client for Windows. The vulnerability allows a locally authenticated malicious party the ability to obtain elevated SYSTEM privileges. obtain. Security researcher Red Timmy Security has published a write-up regarding the vulnerability published at:...
Vulnerability fixed in Drupal
Drupal has fixed a vulnerability in the Form API of the Drupal Core. The vulnerability allows a remote malicious party to able to perform a Cross-Site Request Forgery attack XSRF. A successful attack could thereby lead to consequential damage such as the obtaining sensitive data from a domain to...
Vulnerability fixed in VLC
VideoLan has fixed a vulnerability in VLC Media Player. The vulnerability allows an unauthenticated remote malicious person able to cause a denial-of-service, and potentially execute arbitrary code with privileges of the affected user. To do so, the malicious party must entice the victim to open ...
Vulnerabilities fixed in libexif
Several vulnerabilities have been fixed in libexif. A local malicious party could potentially exploit the vulnerabilities to gain access to sensitive information or obtain of elevated privileges on the vulnerable system. In addition, a remote malicious party could potentially exploit the...
Vulnerabilities fixed in Intel products
Intel has fixed vulnerabilities in Intel Converged Security and Manageability Engine CSME, Intel Server Platform Services SPS, Intel Trusted Execution Engine TXE, Intel Active Management Technology AMT, Intel Standard Manageability ISM and Intel Dynamic Application Loader DAL. The above products...
Multiple vulnerabilities fixed in Drupal
Several vulnerabilities have been fixed in Drupal core. The vulnerabilities are located in jQuery and allow a malicious able to perform a Cross-Site Scripting XSS attack. This potentially allows the malicious party to execute code under the user's privileges. For the vulnerabilities in jQuery, we...
Multiple vulnerabilities fixed in macOS
Apple has fixed several vulnerabilities in macOS. The vulnerabilities allow a malicious person remote or otherwise to perform able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root...
Vulnerability fixed in Grafana
A vulnerability has been fixed in Grafana. The vulnerability allows a remote malicious person the ability to execute arbitrary code execute arbitrary code in the victim's browser. The malicious party must entice the victim to follow a rogue hyper-link to do so. Grafana has released updates to fix...
Vulnerabilities fixed in qemu
Vulnerabilities have been fixed in QEMU. The vulnerabilities allow a malicious party the ability to cause a denial-of-service and potentially execute arbitrary code under privileges of the application. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS, 18.04 LTS, 19.10 and...
Vulnerability fixed in Apache Tomcat
The developers of Apache Tomcat have fixed a vulnerability fixed that could potentially allow a remote malicious person to execute arbitrary code under the application's permissions. This is possible if: the malicious party has control of a file on the server; PersistenceManager is used in...
Vulnerabilities fixed in BIND
BIND has fixed several vulnerabilities that could allow a malicious potentially capable of causing a denial-of-service DoS cause. A DoS attack exploiting the vulnerability with attribute CVE-2020-8617, targets DNS clients. The vulnerability with attribute CVE-2020-8616 involves a new method for...
Vulnerabilities fixed in DPDK
Vulnerabilities have been fixed in the Dataplane Development Kit DPDK. The vulnerabilities allow a local malicious party to cause a denial-of-service, possibly resulting in the execution of arbitrary code under user privileges as a result. DPDK is a technology that handles the transport of data...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed several vulnerabilities in the basic components of Microsoft Windows. A malicious party could potentially exploit them to launch a denial-of-service attack, execute arbitrary code, gain elevated privileges or obtain sensitive data. The main vulnerabilities concern the Windows...
Multiple vulnerabilities fixed in Squid
The developers of Squid have fixed several vulnerabilities in Squid proxy. An unauthenticated malicious person can exploit the remote vulnerabilities to exploit them to cause a denial-of-service cause, access sensitive data or execute arbitrary code with application privileges. For the...
Vulnerabilities fixed in VMware vRealize Operations Manager
There are two vulnerabilities in VMware vRealize Operations Manager. These vulnerabilities, if exploited, can lead to the execute arbitrary code with administrator privileges on the Application Remote Collector ARC and all virtual systems on which an ARC Telegraph agent is installed. VMWare has...
Vulnerabilities fixed in libvirt
Suse has made updates available to fix vulnerabilities fixes in libvirt. The vulnerabilities allow a remote malicious person remotely capable of causing a denial-of-service DoS. -= SUSE =- SUSE has made updates available to fix the vulnerability fix the vulnerability in SUSE 15. You can install...
Vulnerabilities fixed in RoundCube
A vulnerability has been fixed in Roundcube Webmail. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Circumvention of security measure. Remote code executio...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service or to execute arbitrary code with the permissions of the user under which the Samba server is running. More information about the vulnerabilities can be found on th...
Vulnerability fixed in Mailman
A vulnerability has been fixed in Debian for Mailman. The vulnerability allows a remote malicious person to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. -= Debian =- Debian has made...
Vulnerability fixed in Linux kernel
SUSE has fixed a vulnerability in SUSE Kernel. The vulnerability causes in certain cases IPv6 traffic to be is not encrypted over an IPsec tunnel. A malicious party could potentially be able to retrieve sensitive data as a result. -= SUSE =- SUSE has made updates available to fix the vulnerabilit...
Vulnerabilities fixed in binutils
Vulnerabilities have been fixed in binutils. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Ubuntu classifies all vulnerabilities...
Vulnerability fixed in Libssh
Fedora has fixed a vulnerability in Libssh. The vulnerability allows a remote malicious party to perform a Denial-of-Service DoS exploit. -= Fedora =- Fedora has made updates available for Fedora 31. You can install these updates by using the command 'dnf' or 'yum'. More information about these...
Vulnerabilities fixed in Oracle MySQL products
Oracle has fixed vulnerabilities in its MySQL products: - MySQL Server - MySQL Workbench - MySQL Enterprise Monitor - MySQL Cluster - MySQL Client - MySQL Connectors One of these vulnerabilities CVE-2019-5482 concerns an erng serious vulnerability in MySQL Server. This vulnerability allows an...
Multiple vulnerabilities fixed in Oracle Java SE
Oracle has fixed several vulnerabilities in Oracle Java SE. A malicious party could potentially exploit the vulnerabilities to gain elevated privileges, to access potentially sensitive data or to launch a denial-of-service attack. An overview of the fixed vulnerabilities:...
Vulnerabilities fixed in GitLab Community and Enterprise Edition
GitLab has fixed a number of vulnerabilities in GitLab Community Edition and Enterprise Edition. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, execute a cross-site scripting attack, or gain access to sensitive information and/or manipulate it. GitLab has releas...
Vulnerability fixed in Ruby JSON gem
A vulnerability has been fixed in the JSON gem that is provided by default included in the Ruby installation. The vulnerability allows a malicious party to perform attacks that can lead to the following categories of damage: Manipulation of data. Remote code execution User rights Ruby has release...
Vulnerability fixed in glibc
A vulnerability has been fixed in glibc. The vulnerability allows a local malicious party the opportunity to cause a denial-of-service denial-of-service. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15. You can install these custom packages by using...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious party to perform Cross-Site Scripting and cause a Denial-of-Service. To exploit the vulnerabilities, the malicious party must have access to the production network. It is good practice the production networ...
Fixed several vulnerabilities in SAP products.
Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS SQL Injection Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data SAP reports a...
Vulnerability fixed in Apache Tomcat
A malicious party can exploit the vulnerability to obtain information from the system. The vulnerability was caused because the AJP protocol was incorrectly was implemented incorrectly. A malicious party could possibly read files a malicious request to read files from the webroot directory. The A...
Vulnerabilities fixed in Cisco products
Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Cisco has released updates to fix the vulnerabilities. More...
Vulnerabilities fixed in Db2
IBM has fixed several vulnerabilities in Db2. A unauthenticated malicious person could potentially cause a denial-of-service cause. IBM has made updates available to fix the vulnerabilities fixes in DB2. For more information about the vulnerabilities and how to fixing them, see: CVE-2020-4135:...
Vulnerabilities in Qt 5 libraries
Vulnerabilities have been fixed in the Qt 5 software library. The vulnerabilities allow a locally authenticated malicious agent to able to establish a denial-of-service and execute arbitrary code execute arbitrary code under user privileges. -= Ubuntu =- Canonical has made updates available for...
Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products
Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...