Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities are all in the Cisco Discovery Protocol CDP. The vulnerabilities allow an unauthenticated malicious person using a rogue CDP packet to establish a Denial-of-Service and potentially execute arbitrary code execution. Because CDP...

Vulnerabilities fixed in SpamAssasin

Vulnerabilities have been fixed in SpamAssasin. The vulnerabilities allow an unauthenticated remote malicious person to execute arbitrary code under application privileges. The remote attack is significantly more difficult to execute than a local attack. The attack takes place by adding to a...

Vulnerability fixed in Spring Framework

A vulnerability has been fixed in Spring Framework. The vulnerability allows a malicious party to perform a reflected file download RFD attack. The developers of Spring Framework have released updates to fix the vulnerability. More information can be found at the page below:...

Vulnerabilities fixed in Samba

Samba's developers have fixed three vulnerabilities. The vulnerabilities allow a malicious party to access gain access to system data, potentially gain elevated privileges or cause a denial-of-service. Samba has released updates to fix the vulnerabilities in Samba server v4.0 and 4.9. For more...

Multiple vulnerabilities fixed in Oracle Java

Oracle has fixed multiple vulnerabilities in Oracle Java. By these vulnerabilities, a malicious person can, if rogue data by a java application are deserialized arbitrary code can execute arbitrary code, gain access to sensitive data or cause a Denial-of-Service cause. Oracle has made updates...

Vulnerabilities fixed in OpenSSL

Vulnerabilities have been fixed in OpenSSL. The vulnerabilities allow a malicious person to access sensitive information. The vulnerability with reference CVE-2019-1563 has a CVSS v3 score of 5.3 it is a Bleichenbacher padding oracle vulnerability. -= SUSE =- SUSE has made updates available to fi...

Multiple vulnerabilities fixed in MySQL

Oracle has fixed several vulnerabilities in the MySQL connector, MySQL server and MySQL client. By exploiting the vulnerabilities, a malicious person with access to the the network read or manipulate data in the database or cause a denial-of-service. Oracle released updates to fix the...

Vulnerabilities fixed in Nginx

A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...

Vulnerabilities fixed in SpamAssassin

Apache Foundation has fixed two vulnerabilities in SpamAssassin. An unauthenticated malicious person can remotely exploit these vulnerabilities to cause a denial-of-service cause, or by offering a rogue file potentially execute code under application privileges. Apache Foundation has released...

Vulnerability fixed in libssh

A vulnerability has been fixed in libssh. The vulnerability allows a remote malicious person to execute arbitrary code execute arbitrary code under the user's privileges. libssh has made updates available to fix the vulnerability. fix. More information can be found on the page below:...

Vulnerability fixed in Grafana

Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. The vulnerability is located in the HTTP API. Grafana Labs has made updates available to fix the vulnerability fix. More information can b...

Vulnerability discovered in F5 BIG-IP and BIG-IQ

F5 has discovered a vulnerability in BIG-IP and BIG-IQ products. The vulnerability is located in lodash version 4.17.12, a javascript programming library. A malicious person with access to the Traffic Management User Interface TMUI or the iControl REST API could exploit the vulnerability to execu...

Vulnerability fixed in TNEF

A new patch of TNEF has been released, in which a vulnerability has been fixed. The vulnerability allows a malicious person able to execute arbitrary code under the privileges of the user. TNEF has made available a patch that fixes the vulnerability. fix. More information can be found on the...

Vulnerability fixed in libSSH2

A vulnerability has been fixed in libSSH2. The vulnerability can lead to the release of sensitive information or a denial-of-service. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE 12. You can install these custom packages using 'YaST'. You can also download the...

Vulnerabilities fixed in Python

SUSE has fixed vulnerabilities in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Bypassing authentication -= SUSE =- SUSE has made updates available to fix the vulnerabilities ...

Vulnerabilities fixed in MySQL

There are multiple vulnerabilities in MySQL Server, MYSQL Workbench, the MySQL Connectors and an under windows included version of the utility cURL. These vulnerabilities could potentially lead to execution of arbitrary code with the privileges of the application, access to sensitive information ...

Vulnerabilities fixed in Jackson databind

Debian has fixed vulnerabilities in Jackson databind. The vulnerabilities allow a malicious party to execute arbitrary code execute under user privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to the deserialization of an...

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in the Apache HTTP Server. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Access to sensitive data. Denial-of-Service DoS. Cross-Site Scripting XSS Apache has made updates available...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service Manipulation of data Circumvention of security measure Access to sensitive data Accessing system data -= Re...

Vulnerability fixed in OpenSSL

The developers of OpenSSL have mitigated a vulnerability. The vulnerability consists of some implementations of OpenSSL, the configuration file and possibly executables of OpenSSL can be modified by a local malicious person logged in as a user logged in. The developers indicate that the number of...

Vulnerabilities fixed in libxslt

Suse has fixed vulnerabilities in libxslt. The vulnerabilities allow a locally authorized malicious person to obtain obtain system data. -= SUSE =- SUSE has made updates available to address the vulnerabilities fixes in SUSE 12. You can install these custom packages using 'YaST'. You can also...

Vulnerabilities fixed in Linux kernel (SACK PANIC)

Netflix has identified a number of vulnerabilities in the Linux kernel. A malicious party could potentially exploit them to cause a denial-of-service. The vulnerabilities relate to the "minimum segment size" MMS and TCP Selective Acknowledgement SACK capabilities. The most serious of these...

Vulnerability fixed in glib

A vulnerability has been fixed for Glib in Ubuntu. The vulnerabilities allow a malicious person to perform attacks that lead to the following categoriesn of damage: - Denial-of-Service DoS; - Manipulation of data; - Circumvention of security measure; - Access to sensitive data; - Access to system...

Vulnerability fixed in Libxslt

There is a vulnerability in libxslt. Libxslt is a C library for implementing XSLT 1.0. It is a widely used library for transforming files from XML to any other arbitrary format. A remote malicious person could potentially exploit the vulnerability to obtain sensitive information. The vulnerabilit...

Vulnerability fixed in PostgreSQL

Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...

Vulnerabilities fixed in libSSH2

There are vulnerabilities in libSSH2. LibSSH2 is a client side C library for implementing the SSH2 protocol. A malicious person in control of a compromised SSH server can construct a follow-up attack on systems that have connected to the compromised SSH server. Misuse could potentially lead to th...

Vulnerabilities fixed in Apache HTTP Server

Several vulnerabilities have been fixed in Apache HTTP Server. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to reuse an expired session cookie to be reused. Apache Software Foundation has made updates available for Apache HTTP Server to...

Multiple vulnerabilities fixed in Aruba networks products

Multiple vulnerabilities have been discovered in various Aruba Networks products including Instant and ArubaOS access points, the Airwave management platform and the PAPI protocol that these systems mutually use. Some vulnerabilities have been fixed, others will be fixed in a future update, and f...