Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2021/09/14 12:0 a.m.•9 views

Vulnerabilities fixed in Microsoft Edge

Microsoft has made updates available to fix vulnerabilities fixes in Microsoft Edge. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...

8.8CVSS8.4AI score0.0559EPSS
Exploits2
NCSC
NCSC
•added 2021/08/03 12:0 a.m.•9 views

Vulnerabilities fixed in Google Android

Google has fixed vulnerabilities in Android. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges Few technical...

10CVSS8.8AI score0.01377EPSS
Exploits1
NCSC
NCSC
•added 2021/08/03 12:0 a.m.•9 views

Vulnerabilities fixed in Samsung Mobile

Vulnerabilities have been fixed in Android as used by Samsung Mobile products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access t...

10CVSS8.9AI score0.06968EPSS
Exploits3
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•9 views

Vulnerability discovered in Microsoft Windows

Researchers have discovered a vulnerability in Microsoft Windows 10 build 1809 and later. A local, authenticated malicious person could exploit the vulnerability to read the local SAM database and execute arbitrary code with SYSTEM privileges. -= Microsoft =- Microsoft has not yet made updates...

7.8CVSS7.2AI score0.67252EPSS
Exploits11
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•9 views

Vulnerabilities fixed in Siemens SIMATIC

Siemens has fixed vulnerabilities in Simatic products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

10CVSS7.1AI score0.9166EPSS
Exploits25
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•9 views

Vulnerability fixed in Veeam Backup & Replication

A vulnerability has been fixed in Veeam Backup & Replication. The vulnerability potentially allows a malicious party to execute arbitrary code to execute arbitrary code because the Veeam application was vulnerable to a flaw in the deseralization logic of .NET remoting. Veeam's developers have mad...

9.8CVSS7.5AI score0.01239EPSS
Exploits0
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•9 views

Vulnerabilities fixed in Jenkins

Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution User Rights Spoofing Increased user rights Jenkins...

7.5CVSS7.3AI score0.42521EPSS
Exploits0
NCSC
NCSC
•added 2021/06/30 12:0 a.m.•9 views

Vulnerabilities fixed in AVEVA System Platform

AVEVA has fixed vulnerabilities in System Platform. The vulnerabilities allow a remote malicious person to gain gain unauthenticated access to the system and to cause a denial-of-service. AVEVA has released updates to fix the vulnerabilities. More information can be found on the page below:...

9.8CVSS6.9AI score0.01109EPSS
Exploits0
NCSC
NCSC
•added 2021/06/30 12:0 a.m.•9 views

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Vulnerabilities have been fixed in Aruba ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication. Remote code execution Administrator/Root rights...

9CVSS8.6AI score0.99295EPSS
Exploits82
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•9 views

Vulnerabilities fixed in Red Hat JBoss Web Server

Vulnerabilities have been fixed in Red Hat JBoss Web Server. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive data obtain. Red Hat has released updates to fix the vulnerabilities. More information can be found on the page below:...

7.5CVSS8.3AI score0.18114EPSS
Exploits15
NCSC
NCSC
•added 2021/06/24 12:0 a.m.•9 views

Vulnerabilities fixed in IBM DB2

Vulnerabilities have been fixed in IBM DB2. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data IBM has released updates to fix the vulnerabilities. More...

8.1CVSS6.4AI score0.0111EPSS
Exploits0
NCSC
NCSC
•added 2021/06/01 12:0 a.m.•9 views

Vulnerabilities fixed in Red Hat Openshift Container Platform

Red Hat has released updates to a large number of packages for its OpenShift Container Platform. The packages include several applications for which security advisories have previously been written, but for which Red Hat is now releasing a bundle for OpenShift 4.7.13 Malicious parties can exploit...

9.8CVSS7AI score0.3783EPSS
Exploits29
NCSC
NCSC
•added 2021/05/26 12:0 a.m.•9 views

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Access to system data Joomla! has released updates to fix the vulnerabilities. More...

6.5CVSS6.2AI score0.0098EPSS
Exploits1
NCSC
NCSC
•added 2021/05/11 12:0 a.m.•9 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Increased user privileges .NET Core & Visual Studio:...

9.3CVSS7AI score0.53582EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•9 views

Vulnerability fixed in Citrix ShareFile

A vulnerability has been fixed in the storage zones controller of Citrix ShareFile. The vulnerability allows an unauthenticated remote malicious party to obtain a sensitive data obtain. It is good practice to place these storage zone controllers in the in-house network with DMZ tooling to protect...

9.8CVSS6.5AI score0.01081EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•9 views

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS7.2AI score0.99019EPSS
Exploits17
NCSC
NCSC
•added 2021/04/16 12:0 a.m.•9 views

Vulnerabilities fixed in SUSE Linux Enterprise kernel

SUSE developers have fixed several vulnerabilities in the Linux kernel as used in SUSE Linux Enterprise. The vulnerabilities potentially enable a local malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...

8.8CVSS5.7AI score0.03259EPSS
Exploits9
NCSC
NCSC
•added 2021/03/05 12:0 a.m.•9 views

Vulnerabilities fixed in Joomla

Several vulnerabilities have been fixed in Joomla. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure The vulnerability with...

9.1CVSS6.7AI score0.06529EPSS
Exploits2
NCSC
NCSC
•added 2021/02/11 12:0 a.m.•9 views

Multiple vulnerabilities fixed in F5 BIG-IP products

F5 has fixed several vulnerabilities in BIG-IP. Malicious parties can exploit the vulnerabilities to cause a denial-of-service or perform cross-site scripting attacks. Authenticated malicious actors can exploit some of the vulnerabilities exploit them to bypass security measures and gain access...

8.5CVSS6.9AI score0.01062EPSS
Exploits0
NCSC
NCSC
•added 2021/01/07 12:0 a.m.•9 views

Vulnerabilities fixed in Jackson databind

A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. These vulnerabilities are only in the 2.9 versions of Jackson databind. If you are using version 2.10 or higher mitigation measures are already included in the software. Faster:XML h...

8.8CVSS8.8AI score0.20929EPSS
Exploits12
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•9 views

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data F5 has released updates...

7.8CVSS6.5AI score0.01423EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•9 views

Vulnerabilities fixed in Android 11

Vulnerabilities have been fixed in Android 11. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication. Remote code execution User Rights Accessing sensitive data Access to...

9.8CVSS9.4AI score0.04022EPSS
Exploits3
NCSC
NCSC
•added 2020/11/03 12:0 a.m.•9 views

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...

9.8CVSS6.5AI score0.16119EPSS
Exploits1
NCSC
NCSC
•added 2020/10/29 12:0 a.m.•9 views

Vulnerabilities fixed in Juniper Networks Junos OS

Juniper Networks has fixed vulnerabilities in Junos OS. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to cause a denial-of-service. Juniper Networks categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 7.5. Juniper Networ...

7.8CVSS6.9AI score0.01382EPSS
Exploits0
NCSC
NCSC
•added 2020/09/22 12:0 a.m.•9 views

Vulnerability fixed in Spring Framework

There is a vulnerability in the Spring Framework that enables a Reflected File Download RFD attack. This vulnerability has already been patched NCSC-2015-0888, but researchers have found a way to bypass the mitigation. Pivotal has released new versions of the Spring Framework in which the...

9.6CVSS8.5AI score0.10736EPSS
Exploits2
NCSC
NCSC
•added 2020/09/21 12:0 a.m.•9 views

Vulnerabilities fixed in Jira

Vulnerabilities have been fixed in Jira Server and Data Center. The vulnerabilities allow a malicious party to obtain sensitive data and to launch a denial-of-service attack. execute. Atlassian has released updates to address the vulnerabilities. fixes. More information can be found on the pages...

6.5CVSS6.7AI score0.76042EPSS
Exploits1
NCSC
NCSC
•added 2020/09/14 12:0 a.m.•9 views

Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel

Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. A malicious party could potentially exploit them to cause a denial-of-service or to obtain elevated privileges on the vulnerable system. -= Oracle =- Oracle has made updates available for Oracle Linux 6. You can instal...

8CVSS8AI score0.01455EPSS
Exploits1
NCSC
NCSC
•added 2020/09/10 12:0 a.m.•9 views

Vulnerabilities fixed in Android

Google has fixed several vulnerabilities in the Android operating system. The vulnerabilities allow a malicious person to able to perform attacks that can lead to the following types of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Google has...

10CVSS6AI score0.02821EPSS
Exploits0
NCSC
NCSC
•added 2020/07/16 12:0 a.m.•9 views

Multiple vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party could potentially exploit the vulnerabilities for attacks that could lead to the following types of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple =- Apple has made...

10CVSS7.2AI score0.08036EPSS
Exploits3
NCSC
NCSC
•added 2020/01/16 12:0 a.m.•9 views

Multiple vulnerabilities fixed in Oracle Java

Oracle has fixed multiple vulnerabilities in Oracle Java. By these vulnerabilities, a malicious person can, if rogue data by a java application are deserialized arbitrary code can execute arbitrary code, gain access to sensitive data or cause a Denial-of-Service cause. Oracle has made updates...

8.1CVSS8.5AI score0.06457EPSS
Exploits0
NCSC
NCSC
•added 5 days ago•8 views

Vulnerabilities are addressed through Rancher Labs in Rancher.

Rancher Labs has identified vulnerabilities in Rancher versions 2.13.0 through 2.13.7, and 2.14.0 through 2.14.3. The first vulnerability relates to SAML authentication replay issues in the Assertion Consumer Service ACS handler in Rancher versions 2.14.0 onwards, but not including 2.14.3. The AC...

9.5CVSS6AI score0.00291EPSS
Exploits0References2
NCSC
NCSC
•added 2026/06/30 11:48 a.m.•8 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
NCSC
NCSC
•added 2026/06/29 8:8 a.m.•8 views

Vulnerabilities handled in the MISP platform

MISP has addressed several vulnerabilities in its platform. These vulnerabilities involve unauthorized users being able to manipulate client-provided primary and foreign keys, leading to unauthorized data overwrites, ownership transfers, and changes to record scopes. Additionally, there were...

9.4CVSS6.6AI score0.00383EPSS
Exploits0References6
NCSC
NCSC
•added 2026/05/01 6:13 a.m.•8 views

Vulnerability avoidance in the Linux kernel cryptographic subsystem

The Linux kernel has a vulnerability in the algifaead crypto module of the cryptographic subsystem. This vulnerability resides in the algifaead crypto module of the Linux kernel, where a mistake occurred during the in-place operation when the source and destination mappings differed. This allows ...

7.8CVSS6.8AI score0.96267EPSS
Exploits228References1
NCSC
NCSC
•added 2026/04/22 2:10 p.m.•8 views

vulnerabilities in Oracle PeopleSoft

Oracle has identified vulnerabilities in Oracle PeopleSoft. These vulnerabilities enable unauthorized attackers to gain access to sensitive data and modify it. In some cases, these vulnerabilities can even lead to a denial-of-service attack on the affected products. Oracle has released updates to...

9.8CVSS7AI score0.47621EPSS
Exploits10References1
NCSC
NCSC
•added 2026/04/22 9:40 a.m.•8 views

The vulnerability exploited in Microsoft’s ASP.NET Core framework

Microsoft has identified a vulnerability in ASP.NET Core. This vulnerability arises due to incorrect verification of cryptographic signatures within ASP.NET Core. As a result, an unauthorized attacker can elevate their privileges by circumventing security checks and gaining unauthorized access wi...

9.1CVSS6AI score0.11205EPSS
Exploits0References1
NCSC
NCSC
•added 2026/04/14 7:23 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit these vulnerabilities by having multiple Azure and Microsoft components fail to validate input adequately or process untrusted data insecurely, allowing an authorized attacker to increase privileges...

8.8CVSS5.8AI score0.01928EPSS
Exploits0
NCSC
NCSC
•added 2026/04/14 7:20 p.m.•8 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass security measures, impersonate another user and thus gain elevated privileges and access to sensitive data. For successful abuse, the malicious party must trick the victim...

8.4CVSS6.2AI score0.25082EPSS
Exploits1
NCSC
NCSC
•added 2026/04/14 7:18 p.m.•8 views

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET, .NET Framework, Visual Studio and PowerShell. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Accessing sensitive data - Circumvention of a security...

7.8CVSS5.7AI score0.02279EPSS
Exploits0
NCSC
NCSC
•added 2026/03/19 11:48 a.m.•8 views

Vulnerabilities fixed in Cisco Secure Firewall Management Center

The vulnerability with reference CVE-2026-20079 is located in the web interface of Cisco Secure Firewall Management Center. An unauthenticated remote malicious party can bypass authentication controls by exploiting an incorrect system process created at startup. The malicious party can exploit th...

10CVSS6.4AI score0.33898EPSS
Exploits6References3
NCSC
NCSC
•added 2026/03/13 8:41 a.m.•8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple fixed vulnerabilities in iOS 15 & 16 and iPadOS 15 & 16 The vulnerabilities are in the way memory is managed in various Apple products. An attacker could exploit these vulnerabilities by processing malicious Web content, which could lead to memory damage and possibly execute arbitrary code...

8.8CVSS6.2AI score0.10593EPSS
Exploits10References2
NCSC
NCSC
•added 2026/03/12 2:45 p.m.•8 views

Vulnerability fixed in pac4j-jwt

Pac4j has fixed a vulnerability in the pac4j-jwt library specifically for versions before 4.5.9, 5.7.9 and 6.3.3. The vulnerability is located in the JwtAuthenticator module of the pac4j-jwt library. This vulnerability allows an attacker with access to the server's RSA public key to forge JWT...

10CVSS5.8AI score0.05856EPSS
Exploits17References1
NCSC
NCSC
•added 2026/03/12 2:42 p.m.•8 views

Vulnerabilities fixed in GitLab

GitLab fixed vulnerabilities in versions 18.9.2, 18.8.6 and 18.7.6 The vulnerabilities included several issues, including incorrect authorization checks that allowed authenticated users to access sensitive data, such as metadata from private repositories, and enabling denial-of-service situations...

8.7CVSS5.8AI score0.00523EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/12 7:46 a.m.•8 views

Vulnerabilities fixed in Fortinet FortiWeb

Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...

8.1CVSS6.2AI score0.01667EPSS
Exploits0References6
NCSC
NCSC
•added 2026/03/11 9:19 a.m.•8 views

Vulnerabilities fixed in Fortinet FortiManager and FortiAnalyzer

Fortinet has fixed vulnerabilities in FortiAnalyzer and FortiManager including cloud variants. The vulnerability with reference CVE-2025-54820 is in FortiManager. This vulnerability allows a remote unauthenticated malicious person to execute unauthorized commands via a stack-based buffer overflow...

8.1CVSS6.3AI score0.0087EPSS
Exploits0References7
NCSC
NCSC
•added 2026/03/10 8:35 p.m.•8 views

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET and PowerShell. A malicious party could exploit the vulnerabilities to cause a denial-of-service or grant themselves elevated privileges within an application using the vulnerable .NET. .NET: |----------------|------|------------------------------------...

7.8CVSS6AI score0.02818EPSS
Exploits0
NCSC
NCSC
•added 2026/03/05 9:5 a.m.•8 views

Vulnerabilities fixed in Cisco Secure Firewall systems

Cisco has fixed several vulnerabilities in Cisco Secure Firewall including ASA and FTD software. The vulnerabilities include SQL injection, privilege escalation, denial-of-service, cross-site scripting, and improper management of entries in various Cisco Secure Firewall components. Authenticated...

8.6CVSS5.9AI score0.00705EPSS
Exploits0References26
NCSC
NCSC
•added 2026/02/19 8:29 a.m.•8 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Google Chrome for versions prior to 145.0.7632.75. The vulnerability is in the way Google Chrome handles CSS and involves a use-after-free issue. This can lead to remote code execution via specially crafted HTML pages. Both Google Chrome and Microsoft Edge base...

8.8CVSS6.5AI score0.2202EPSS
Exploits12References2
NCSC
NCSC
•added 2026/02/11 11:34 a.m.•8 views

Vulnerabilities fixed in Fortinet FortiSandbox, FortiAuthenticator and FortiClient

Fortinet has fixed vulnerabilities in FortiSandbox versions 4.4.8 and 5.0.5, FortiAuthenticator versions 6.3 to 6.6.6 and FortiClient versions 7.0, 7.2 and 7.4. The vulnerability in FortiSandbox involves Cross-site Scripting, which allows unauthenticated attackers to execute arbitrary commands vi...

9.6CVSS6AI score0.07454EPSS
Exploits0References3
NCSC
NCSC
•added 2026/02/09 10:39 a.m.•8 views

Vulnerabilities fixed in n8n

n8n has fixed vulnerabilities in versions 1.114.3, 1.115.0, 1.123.17, 2.5.2, 1.122.5, 1.123.2, 1.123.18, 2.5.0, 1.123.10, 2.5.0, 2.2.1, 1.123.9, 1.123.12, 2.4.0, 1.118.0, 2.4.0, 2.4.8, and 1.120.3. The vulnerabilities include the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow, which can lea...

9.9CVSS6.9AI score0.01713EPSS
Exploits0References10
Total number of security vulnerabilities4190