4197 matches found
Vulnerabilities fixed in SAP Netweaver
SAP has fixed several vulnerabilities in SAP Netweaver. These vulnerabilities allow malicious actors to remotely bypass authentication, execute arbitrary code, conduct a cross-site scripting attack, upload files and view sensitive information. SAP has released updates to address these...
Vulnerability fixed in SAP S/4 HANA
SAP has fixed a vulnerability in SAP S/4 HANA. By exploiting this vulnerability, a malicious person with user privileges remotely bypass authentication and make data make data inaccessible. SAP has made an update available to fix the vulnerability fix, see for more information:...
Vulnerability fixed in TeamViewer
A vulnerability has been fixed in TeamViewer. The vulnerability allows an unauthenticated remote malicious party to opportunity to cause TeamViewer to send out an NTLM request. The malicious party to do this must induce the victim to visit a rogue website. The NTLM request can be captured by the...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code, to gain elevated privileges or to perform a denial-of-service DoS attack. Below is a summary of the various vulnerabilities described by...
Vulnerabilities fixed in GitLab
Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication Circumvention of security...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Administrator/Root privileges Siemens...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. Little little substantive information made publicly available. The most vulnerabilities allow a malicious party to launch a denial-of-service attack. Google has released updates to fix the vulnerabilities in Chrome. For more information, see:...
Vulnerability fixed in Avaya IP Office Manager
A vulnerability has been fixed in Avaya IP Office Manager. The vulnerability allows an unauthenticated malicious person with access to the network to obtain sensitive data. Avaya has released updates to fix the vulnerability. More information can be found on the page below:...
Vulnerability fixed in PostgreSQL jdbc driver
A vulnerability has been fixed in the PostgreSQL jdbc driver for Java. The so-called XML external-entity vulnerability XXE allows a locally authenticated malicious person to execute arbitrary code execute arbitrary code under database privileges. -= Red Hat =- Red Hat has made updates available f...
Vulnerabilities fixed in Apache HTTP Server
Vulnerabilities have been fixed in Apache HTTP Server. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial of Service Apache has made updates available to address the vulnerabilities. fixes. More information can ...
Vulnerabilities fixed in openSUSE kernel
Vulnerabilities have been fixed in the kernel of openSUSE Leap 15.1. The vulnerabilities allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Access to system data Increased user...
Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client
Vulnerabilities have been fixed in Cisco AnyConnect Secure Mobility Client for Windows. The vulnerabilities allow a local malicious person with valid Windows login credentials to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Data...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities among other things allow an unauthenticated remote malicious person to remotely capable of causing a denial of service. Python has released updates to fix the vulnerabilities. More information can be found on the pages below:...
Vulnerabilities fixed in GRUB2
Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...
Vulnerabilities fixed in MySQL Server
Ubuntu has fixed several vulnerabilities in MySQL. An authenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or obtain read and write access to data stored in MySQL databases stored. -= Ubuntu =- Canonical has made updates...
Vulnerabilities fixed in Google Chrome
Google has fixed several vulnerabilities in Chrome. Little little substantive information made publicly available. It is possible that a malicious party could exploit the vulnerabilities to execute arbitrary code with user privileges or for causing a denial-of-service on the Web browser. Google h...
Vulnerability fixed in Kubernetes
A vulnerability has been fixed in Kubernetes. The vulnerability allows an authenticated malicious person with root privileges on a node to gain elevated privileges on other nodes running in the same cluster running. With these elevated rights to take over pods on the affected nodes. When multiple...
Fixed vulnerability in Citrix Workspace (formerly Citrix Receiver)
A vulnerability has been fixed in the automatic update service of the Citrix Workspace app for Windows that could result in increased user privileges. Citrix has made an update available to fix the vulnerability. fix. For more information, see the following page:...
Vulnerabilities fixed in ClamAV
Vulnerabilities have been fixed in ClamAV. The vulnerabilities allow a malicious person to cause a denial-of-service cause. ClamAV has released updates to fix the vulnerabilities. More information can be found on the pages below: https://blog.clamav.net/2020/07...
Vulnerabilities fixed in IBM Spectrum Protect
Vulnerabilities have been fixed in IBM Spectrum Protect. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges IBM has released updates to fix t...
Vulnerabilities fixed in Jenkins
Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data -= Apple =- Apple has made...
Multiple vulnerabilities fixed in Apple Safari
Apple has fixed several vulnerabilities in Safari. A malicious party can exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User Rights -= Appl...
Multiple vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party could potentially exploit the vulnerabilities for attacks that could lead to the following types of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple =- Apple has made...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in Oracle Java SE. A malicious party could exploit the vulnerabilities to execute arbitrary code or for causing a denial-of-service. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...
Vulnerabilities fixed in Apache Tomcat
Several vulnerabilities have been fixed in Apache Tomcat. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service on the Tomcat server. To do this the malicious party must send specially crafted HTTP or WebSocket traffic to the vulnerable server. The developer...
Serious vulnerabilities fixed in SAP Netweaver
SAP has fixed several vulnerabilities in SAP Netweaver products. The vulnerabilities allow malicious parties to gain access to sensitive data, or possibly even the execute arbitrary commands that could take over the entire underlying system can be taken over. The vulnerability with reference...
Large number of linux vulnerabilities in SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Siemens has published a large number of vulnerabilities in the Linux subsystem of the SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP. Malicious parties can exploit the vulnerabilities to cause various types of damage, the most important of which are: Execution of arbitrary code with privileges of the...
Vulnerabilities fixed in MobileIron
MobileIron has fixed multiple vulnerabilities in MobileIron Core and Sentry. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Bypassing authentication Remote code execution Accessing sensitive data MobileIron has made little...
Vulnerabilities fixed in Samba
Several vulnerabilities have been fixed in Samba. The vulnerabilities are in the way Samba processes LDAP information and allows a malicious party to cause a denial-of-service cause or potentially execute arbitrary code with the rights of the application. -= Ubuntu =- Canonical has made updates...
Vulnerability fixed in Squid
A vulnerability has been fixed in Squid. The vulnerability allows a malicious party to bypass a security measure. Incomplete input validation makes it possible for a malicious person to possible to perform a Request Smuggling or Poisoning attack on the HTTP cache execute. The vulnerability with...
Vulnerability fixed in Apache Tomcat
A vulnerability has been fixed in Apache Tomcat. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service on the Tomcat server. To do this the malicious party needs to send a specially crafted HTTP/2 request to the server. This request causes an increased CPU loa...
Vulnerabilities fixed in cURL
GNU has fixed vulnerabilities in cURL. The vulnerabilities allow a remote malicious person to obtain sensitive to obtain data and to potentially corrupt a file. GNU has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-8169:...
Vulnerability fixed in ntpd
A vulnerability has been fixed in the ntp client daemon. The vulnerability allows an unauthenticated remote malicious person able to perform a denial-of-service attack. The developers of ntpd have released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerability fixed in Drupal
Drupal has fixed a vulnerability in the Form API of the Drupal Core. The vulnerability allows a remote malicious party to able to perform a Cross-Site Request Forgery attack XSRF. A successful attack could thereby lead to consequential damage such as the obtaining sensitive data from a domain to...
Vulnerability fixed in Pulse Secure Client for Windows
A vulnerability has been fixed in Pulse Secure Client for Windows. The vulnerability allows a locally authenticated malicious party the ability to obtain elevated SYSTEM privileges. obtain. Security researcher Red Timmy Security has published a write-up regarding the vulnerability published at:...
Vulnerability fixed in VLC
VideoLan has fixed a vulnerability in VLC Media Player. The vulnerability allows an unauthenticated remote malicious person able to cause a denial-of-service, and potentially execute arbitrary code with privileges of the affected user. To do so, the malicious party must entice the victim to open ...
Vulnerabilities fixed in libexif
Several vulnerabilities have been fixed in libexif. A local malicious party could potentially exploit the vulnerabilities to gain access to sensitive information or obtain of elevated privileges on the vulnerable system. In addition, a remote malicious party could potentially exploit the...
Vulnerabilities fixed in Intel products
Intel has fixed vulnerabilities in Intel Converged Security and Manageability Engine CSME, Intel Server Platform Services SPS, Intel Trusted Execution Engine TXE, Intel Active Management Technology AMT, Intel Standard Manageability ISM and Intel Dynamic Application Loader DAL. The above products...
Multiple vulnerabilities fixed in macOS
Apple has fixed several vulnerabilities in macOS. The vulnerabilities allow a malicious person remote or otherwise to perform able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root...
Multiple vulnerabilities fixed in Drupal
Several vulnerabilities have been fixed in Drupal core. The vulnerabilities are located in jQuery and allow a malicious able to perform a Cross-Site Scripting XSS attack. This potentially allows the malicious party to execute code under the user's privileges. For the vulnerabilities in jQuery, we...
Vulnerability fixed in Grafana
A vulnerability has been fixed in Grafana. The vulnerability allows a remote malicious person the ability to execute arbitrary code execute arbitrary code in the victim's browser. The malicious party must entice the victim to follow a rogue hyper-link to do so. Grafana has released updates to fix...
Vulnerability fixed in Apache Tomcat
The developers of Apache Tomcat have fixed a vulnerability fixed that could potentially allow a remote malicious person to execute arbitrary code under the application's permissions. This is possible if: the malicious party has control of a file on the server; PersistenceManager is used in...
Vulnerabilities fixed in qemu
Vulnerabilities have been fixed in QEMU. The vulnerabilities allow a malicious party the ability to cause a denial-of-service and potentially execute arbitrary code under privileges of the application. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS, 18.04 LTS, 19.10 and...
Vulnerabilities fixed in BIND
BIND has fixed several vulnerabilities that could allow a malicious potentially capable of causing a denial-of-service DoS cause. A DoS attack exploiting the vulnerability with attribute CVE-2020-8617, targets DNS clients. The vulnerability with attribute CVE-2020-8616 involves a new method for...
Vulnerabilities fixed in DPDK
Vulnerabilities have been fixed in the Dataplane Development Kit DPDK. The vulnerabilities allow a local malicious party to cause a denial-of-service, possibly resulting in the execution of arbitrary code under user privileges as a result. DPDK is a technology that handles the transport of data...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed several vulnerabilities in the basic components of Microsoft Windows. A malicious party could potentially exploit them to launch a denial-of-service attack, execute arbitrary code, gain elevated privileges or obtain sensitive data. The main vulnerabilities concern the Windows...
Multiple vulnerabilities fixed in Squid
The developers of Squid have fixed several vulnerabilities in Squid proxy. An unauthenticated malicious person can exploit the remote vulnerabilities to exploit them to cause a denial-of-service cause, access sensitive data or execute arbitrary code with application privileges. For the...
Vulnerabilities fixed in VMware vRealize Operations Manager
There are two vulnerabilities in VMware vRealize Operations Manager. These vulnerabilities, if exploited, can lead to the execute arbitrary code with administrator privileges on the Application Remote Collector ARC and all virtual systems on which an ARC Telegraph agent is installed. VMWare has...
Vulnerabilities fixed in libvirt
Suse has made updates available to fix vulnerabilities fixes in libvirt. The vulnerabilities allow a remote malicious person remotely capable of causing a denial-of-service DoS. -= SUSE =- SUSE has made updates available to fix the vulnerability fix the vulnerability in SUSE 15. You can install...