4197 matches found
Vulnerabilities fixed in RoundCube
A vulnerability has been fixed in Roundcube Webmail. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Circumvention of security measure. Remote code executio...
Vulnerabilities fixed in Samba
Vulnerabilities have been fixed in Samba. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service or to execute arbitrary code with the permissions of the user under which the Samba server is running. More information about the vulnerabilities can be found on th...
Vulnerability fixed in Mailman
A vulnerability has been fixed in Debian for Mailman. The vulnerability allows a remote malicious person to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. -= Debian =- Debian has made...
Vulnerability fixed in Linux kernel
SUSE has fixed a vulnerability in SUSE Kernel. The vulnerability causes in certain cases IPv6 traffic to be is not encrypted over an IPsec tunnel. A malicious party could potentially be able to retrieve sensitive data as a result. -= SUSE =- SUSE has made updates available to fix the vulnerabilit...
Vulnerabilities fixed in binutils
Vulnerabilities have been fixed in binutils. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Ubuntu classifies all vulnerabilities...
Vulnerability fixed in Libssh
Fedora has fixed a vulnerability in Libssh. The vulnerability allows a remote malicious party to perform a Denial-of-Service DoS exploit. -= Fedora =- Fedora has made updates available for Fedora 31. You can install these updates by using the command 'dnf' or 'yum'. More information about these...
Multiple vulnerabilities fixed in Oracle Java SE
Oracle has fixed several vulnerabilities in Oracle Java SE. A malicious party could potentially exploit the vulnerabilities to gain elevated privileges, to access potentially sensitive data or to launch a denial-of-service attack. An overview of the fixed vulnerabilities:...
Vulnerabilities fixed in Oracle MySQL products
Oracle has fixed vulnerabilities in its MySQL products: - MySQL Server - MySQL Workbench - MySQL Enterprise Monitor - MySQL Cluster - MySQL Client - MySQL Connectors One of these vulnerabilities CVE-2019-5482 concerns an erng serious vulnerability in MySQL Server. This vulnerability allows an...
Vulnerabilities fixed in GitLab Community and Enterprise Edition
GitLab has fixed a number of vulnerabilities in GitLab Community Edition and Enterprise Edition. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, execute a cross-site scripting attack, or gain access to sensitive information and/or manipulate it. GitLab has releas...
Vulnerability fixed in Ruby JSON gem
A vulnerability has been fixed in the JSON gem that is provided by default included in the Ruby installation. The vulnerability allows a malicious party to perform attacks that can lead to the following categories of damage: Manipulation of data. Remote code execution User rights Ruby has release...
Vulnerability fixed in glibc
A vulnerability has been fixed in glibc. The vulnerability allows a local malicious party the opportunity to cause a denial-of-service denial-of-service. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15. You can install these custom packages by using...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious party to perform Cross-Site Scripting and cause a Denial-of-Service. To exploit the vulnerabilities, the malicious party must have access to the production network. It is good practice the production networ...
Fixed several vulnerabilities in SAP products.
Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS SQL Injection Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data SAP reports a...
Vulnerability fixed in Apache Tomcat
A malicious party can exploit the vulnerability to obtain information from the system. The vulnerability was caused because the AJP protocol was incorrectly was implemented incorrectly. A malicious party could possibly read files a malicious request to read files from the webroot directory. The A...
Vulnerabilities fixed in Cisco products
Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Cisco has released updates to fix the vulnerabilities. More...
Vulnerabilities fixed in Db2
IBM has fixed several vulnerabilities in Db2. A unauthenticated malicious person could potentially cause a denial-of-service cause. IBM has made updates available to fix the vulnerabilities fixes in DB2. For more information about the vulnerabilities and how to fixing them, see: CVE-2020-4135:...
Vulnerabilities in Qt 5 libraries
Vulnerabilities have been fixed in the Qt 5 software library. The vulnerabilities allow a locally authenticated malicious agent to able to establish a denial-of-service and execute arbitrary code execute arbitrary code under user privileges. -= Ubuntu =- Canonical has made updates available for...
Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products
Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...
Vulnerability fixed in Microsoft SQL Server Reporting Services
There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to improper processing of page requests. If successfully exploited, the vulnerability allows an authenticated remote malicious person to execute arbitrary execu...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in Cisco products. The vulnerabilities are all in the Cisco Discovery Protocol CDP. The vulnerabilities allow an unauthenticated malicious person using a rogue CDP packet to establish a Denial-of-Service and potentially execute arbitrary code execution. Because CDP...
Vulnerabilities fixed in SpamAssasin
Vulnerabilities have been fixed in SpamAssasin. The vulnerabilities allow an unauthenticated remote malicious person to execute arbitrary code under application privileges. The remote attack is significantly more difficult to execute than a local attack. The attack takes place by adding to a...
Vulnerability fixed in Spring Framework
A vulnerability has been fixed in Spring Framework. The vulnerability allows a malicious party to perform a reflected file download RFD attack. The developers of Spring Framework have released updates to fix the vulnerability. More information can be found at the page below:...
Vulnerabilities fixed in Samba
Samba's developers have fixed three vulnerabilities. The vulnerabilities allow a malicious party to access gain access to system data, potentially gain elevated privileges or cause a denial-of-service. Samba has released updates to fix the vulnerabilities in Samba server v4.0 and 4.9. For more...
Multiple vulnerabilities fixed in Oracle Java
Oracle has fixed multiple vulnerabilities in Oracle Java. By these vulnerabilities, a malicious person can, if rogue data by a java application are deserialized arbitrary code can execute arbitrary code, gain access to sensitive data or cause a Denial-of-Service cause. Oracle has made updates...
Vulnerabilities fixed in OpenSSL
Vulnerabilities have been fixed in OpenSSL. The vulnerabilities allow a malicious person to access sensitive information. The vulnerability with reference CVE-2019-1563 has a CVSS v3 score of 5.3 it is a Bleichenbacher padding oracle vulnerability. -= SUSE =- SUSE has made updates available to fi...
Multiple vulnerabilities fixed in MySQL
Oracle has fixed several vulnerabilities in the MySQL connector, MySQL server and MySQL client. By exploiting the vulnerabilities, a malicious person with access to the the network read or manipulate data in the database or cause a denial-of-service. Oracle released updates to fix the...
Vulnerabilities fixed in Nginx
A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...
Vulnerabilities fixed in SpamAssassin
Apache Foundation has fixed two vulnerabilities in SpamAssassin. An unauthenticated malicious person can remotely exploit these vulnerabilities to cause a denial-of-service cause, or by offering a rogue file potentially execute code under application privileges. Apache Foundation has released...
Vulnerability fixed in libssh
A vulnerability has been fixed in libssh. The vulnerability allows a remote malicious person to execute arbitrary code execute arbitrary code under the user's privileges. libssh has made updates available to fix the vulnerability. fix. More information can be found on the page below:...
Vulnerability fixed in Grafana
Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. The vulnerability is located in the HTTP API. Grafana Labs has made updates available to fix the vulnerability fix. More information can b...
Vulnerability discovered in F5 BIG-IP and BIG-IQ
F5 has discovered a vulnerability in BIG-IP and BIG-IQ products. The vulnerability is located in lodash version 4.17.12, a javascript programming library. A malicious person with access to the Traffic Management User Interface TMUI or the iControl REST API could exploit the vulnerability to execu...
Vulnerability fixed in TNEF
A new patch of TNEF has been released, in which a vulnerability has been fixed. The vulnerability allows a malicious person able to execute arbitrary code under the privileges of the user. TNEF has made available a patch that fixes the vulnerability. fix. More information can be found on the...
Vulnerability fixed in libSSH2
A vulnerability has been fixed in libSSH2. The vulnerability can lead to the release of sensitive information or a denial-of-service. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE 12. You can install these custom packages using 'YaST'. You can also download the...
Vulnerabilities fixed in Python
SUSE has fixed vulnerabilities in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Bypassing authentication -= SUSE =- SUSE has made updates available to fix the vulnerabilities ...
Vulnerabilities fixed in MySQL
There are multiple vulnerabilities in MySQL Server, MYSQL Workbench, the MySQL Connectors and an under windows included version of the utility cURL. These vulnerabilities could potentially lead to execution of arbitrary code with the privileges of the application, access to sensitive information ...
Vulnerabilities fixed in Jackson databind
Debian has fixed vulnerabilities in Jackson databind. The vulnerabilities allow a malicious party to execute arbitrary code execute under user privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to the deserialization of an...
Vulnerabilities fixed in Apache HTTP Server
Apache has fixed vulnerabilities in the Apache HTTP Server. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Access to sensitive data. Denial-of-Service DoS. Cross-Site Scripting XSS Apache has made updates available...
Vulnerabilities fixed in Python
Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service Manipulation of data Circumvention of security measure Access to sensitive data Accessing system data -= Re...
Vulnerability fixed in OpenSSL
The developers of OpenSSL have mitigated a vulnerability. The vulnerability consists of some implementations of OpenSSL, the configuration file and possibly executables of OpenSSL can be modified by a local malicious person logged in as a user logged in. The developers indicate that the number of...
Vulnerabilities fixed in libxslt
Suse has fixed vulnerabilities in libxslt. The vulnerabilities allow a locally authorized malicious person to obtain obtain system data. -= SUSE =- SUSE has made updates available to address the vulnerabilities fixes in SUSE 12. You can install these custom packages using 'YaST'. You can also...
Vulnerabilities fixed in Linux kernel (SACK PANIC)
Netflix has identified a number of vulnerabilities in the Linux kernel. A malicious party could potentially exploit them to cause a denial-of-service. The vulnerabilities relate to the "minimum segment size" MMS and TCP Selective Acknowledgement SACK capabilities. The most serious of these...
Vulnerability fixed in glib
A vulnerability has been fixed for Glib in Ubuntu. The vulnerabilities allow a malicious person to perform attacks that lead to the following categoriesn of damage: - Denial-of-Service DoS; - Manipulation of data; - Circumvention of security measure; - Access to sensitive data; - Access to system...
Vulnerability fixed in Libxslt
There is a vulnerability in libxslt. Libxslt is a C library for implementing XSLT 1.0. It is a widely used library for transforming files from XML to any other arbitrary format. A remote malicious person could potentially exploit the vulnerability to obtain sensitive information. The vulnerabilit...
Vulnerability fixed in PostgreSQL
Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...
Vulnerabilities fixed in libSSH2
There are vulnerabilities in libSSH2. LibSSH2 is a client side C library for implementing the SSH2 protocol. A malicious person in control of a compromised SSH server can construct a follow-up attack on systems that have connected to the compromised SSH server. Misuse could potentially lead to th...
Vulnerabilities fixed in Apache HTTP Server
Several vulnerabilities have been fixed in Apache HTTP Server. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to reuse an expired session cookie to be reused. Apache Software Foundation has made updates available for Apache HTTP Server to...
Multiple vulnerabilities fixed in Aruba networks products
Multiple vulnerabilities have been discovered in various Aruba Networks products including Instant and ArubaOS access points, the Airwave management platform and the PAPI protocol that these systems mutually use. Some vulnerabilities have been fixed, others will be fixed in a future update, and f...