Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2023/02/14 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange Server. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code under permissions from the process of Exchange Server itself. As a rule, Exchange Server runs with restricted privileges. Microsoft Exchange Server:...

8.8CVSS7AI score0.8202EPSS
Exploits0
NCSC
NCSC
•added 2023/02/07 12:0 a.m.•8 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...

9.8CVSS6.9AI score0.03763EPSS
Exploits14
NCSC
NCSC
•added 2023/01/24 12:0 a.m.•8 views

Vulnerabilities fixed in SolarWinds Database Performance Analyzer

SolarWinds has fixed vulnerabilities in Database Performance Analyzer DPA. An authenticated malicious party can exploit the exploit the vulnerabilities to gain access to sensitive data or perform a cross-site scripting attack. SolarWinds has released updates to address the vulnerabilities fixes i...

7.5CVSS6.9AI score0.00412EPSS
Exploits0
NCSC
NCSC
•added 2023/01/09 12:0 a.m.•8 views

Vulnerability fixed in JFrog Artifactory

A vulnerability has been fixed in JFrog Artifactory. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication to gain elevated user privileges. To do so, the malicious party must send a specially prepared request to the Artifactory instance. JFrog has...

9.8CVSS7.3AI score0.00632EPSS
Exploits0
NCSC
NCSC
•added 2022/12/21 12:0 a.m.•8 views

Vulnerability discovered in pfSense pfBlockerNG

Researchers have discovered a vulnerability in the pfBlockerNG package of pfSense. A malicious person could exploit it to execute arbitrary OS commands on the vulnerable system, when the malicious party has access to the web console of pfSense. It is good practice not to have such a console...

9.8CVSS7.5AI score0.17107EPSS
Exploits1
NCSC
NCSC
•added 2022/12/01 12:0 a.m.•8 views

Vulnerabilities fixed in Zimbra Collaboration

Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party could exploit the vulnerabilities to use a Cross-site scripting attack to gain access to sensitive data, or to execute arbitrary code on the system. To execute arbitrary code, the malicious party needs prior authenticatio...

8.6CVSS9.4AI score0.19008EPSS
Exploits1
NCSC
NCSC
•added 2022/11/14 12:0 a.m.•8 views

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in MQ Internet Pass-Thru. The vulnerability allows a local malicious party to potentially see sensitive information in trace files of the application when this feature is enabled. IBM has released updates to fix the vulnerabilities in MQ. For more information, see:...

5.5CVSS6.5AI score0.00171EPSS
Exploits0
NCSC
NCSC
•added 2022/11/14 12:0 a.m.•8 views

Vulnerabilities fixed in IBM Db2

IBM has released updates to fix vulnerabilities in DB2. With the exception of CVE-2022-22390, the vulnerabilities are located in the log4j component of the application. For more information about the log4j vulnerabilities, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2021-1052 The...

10CVSS9.3AI score0.99999EPSS
Exploits357
NCSC
NCSC
•added 2022/11/11 12:0 a.m.•8 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. A malicious party could exploit the vulnerabilities to grant themselves elevated user privileges and/or gain access to sensitive data. To exploit the vulnerabilities, the malicious party needs prior privileges to execute arbitrary code with...

7.8CVSS7.8AI score0.00767EPSS
Exploits0
NCSC
NCSC
•added 2022/11/03 12:0 a.m.•8 views

Vulnerabilities fixed in GitLab enterPrise Edition and Community Edition

GitLab has fixed several vulnerabilities in GitLab Enterprise Edition and Community Edition. An authenticated malicious person can exploit the vulnerabilities for attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of...

9CVSS6.9AI score0.86326EPSS
Exploits2
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Developer Tools. The vulnerabilities allow a local malicious person to perform attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges The tables below provide an...

7.8CVSS7.6AI score0.67469EPSS
Exploits3
NCSC
NCSC
•added 2022/10/04 12:0 a.m.•8 views

Vulnerabilities fixed in Aruba ArubaOS and InstantOS

Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS, which are used in various access points from Aruba Networks. A malicious party can exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. To cause a...

9.8CVSS7.9AI score0.23061EPSS
Exploits1
NCSC
NCSC
•added 2022/08/26 12:0 a.m.•8 views

Vulnerabilities fixed in Nessus Agent

Tenable has fixed two vulnerabilities in Nessus Agent. A authenticated malicious person with the ability and knowledge to create custom audit files could exploit the vulnerabilities to execute code with administrator privileges, or to access gain access to arbitrary system files of the underlying...

9CVSS7.3AI score0.01255EPSS
Exploits0
NCSC
NCSC
•added 2022/08/25 12:0 a.m.•8 views

Vulnerability fixed in Atlassian Bitbucket

Atlassian has fixed a vulnerability in Bitbucket Server and Data Center. A malicious party could exploit the vulnerability to execute arbitrary code via API calls with permissions from the application. To exploit, the malicious party only needs access to a public repository, or if it is a private...

8.8CVSS7.4AI score0.99077EPSS
Exploits24
NCSC
NCSC
•added 2022/08/24 12:0 a.m.•8 views

Vulnerability fixed in VMWare Tools

VMWare has fixed a vulnerability in VMWare Tools. A malicious person with user privileges in a virtual machine VM can exploit the vulnerability to grant himself elevated privileges and execute code with local administrator privileges in the vulnerable virtual machine. As far as is known, the...

7.8CVSS7.1AI score0.0054EPSS
Exploits0
NCSC
NCSC
•added 2022/08/09 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges For ma...

8.1CVSS7.5AI score0.01942EPSS
Exploits0
NCSC
NCSC
•added 2022/08/09 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Remote code execution Administrator/Ro...

9.8CVSS7.7AI score0.99374EPSS
Exploits62
NCSC
NCSC
•added 2022/07/20 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle JD Edwards products

Oracle has fixed vulnerabilities in the following JD Edwards products: EnterpriseOne Orchestrator EnterpriseOne Tools A malicious party can exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...

9.8CVSS7.4AI score0.44515EPSS
Exploits4
NCSC
NCSC
•added 2022/07/20 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in the following E-Business Suite applications: - Oracle Workflow - Oracle E-Business Suite Information Discovery - Oracle iReceivables - Oracle iRecruitment - Oracle Applications Framework - Oracle User Management The vulnerabilities potentially enable a maliciou...

9.8CVSS7.4AI score0.70589EPSS
Exploits2
NCSC
NCSC
•added 2022/07/12 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Azure Site Recovery and Azure Storage Library

Vulnerabilities have been fixed in Azure Storage Library and Azure Site Recovery. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

8.8CVSS6.8AI score0.01833EPSS
Exploits1
NCSC
NCSC
•added 2022/07/06 12:0 a.m.•8 views

Vulnerabilities fixed in Red Hat Satellite

Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User Rights Access to...

9.8CVSS6.8AI score0.49246EPSS
Exploits14
NCSC
NCSC
•added 2022/06/15 12:0 a.m.•8 views

Vulnerability fixed in Adobe RoboHelp Server

Adobe has fixed a vulnerability in RoboHelp Server. A malicious party, with prior authentication and user authorization, could potentially exploit the vulnerability to grant themselves elevated privileges. The malicious party can through manipulation of API requests, perform actions that are...

9CVSS7AI score0.01343EPSS
Exploits0
NCSC
NCSC
•added 2022/06/14 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure components. A malicious party could exploit the vulnerabilities to obtain elevated privileges, or to gain access to sensitive data in the context of the victim. Microsoft states for several of the vulnerabilities listed below to be in possession ...

7.8CVSS6.8AI score0.02408EPSS
Exploits0
NCSC
NCSC
•added 2022/06/08 12:0 a.m.•8 views

Vulnerability fixed in SonicWall SMA100 series

A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code under root privileges or cause a denial-of-service attack. To exploit the vulnerability the malicious party must have access to the...

9CVSS7.5AI score0.1111EPSS
Exploits0
NCSC
NCSC
•added 2022/04/21 12:0 a.m.•8 views

Vulnerability found in Mitel MiVoice Connect

A vulnerability has been found in the Service Appliance component of MiVoice Connect. This vulnerability allows a remote malicious remote user to execute arbitrary code with the permissions with which the Service Appliance component is running. Mitel has made mitigating measures available to fix...

10CVSS7.5AI score0.56967EPSS
Exploits0
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in the following Hyperion products: Hyperion BI+ Hyperion Data Relationship Management Hyperion Financial Management Hyperion Infrastructure Technology Hyperion Planning Hyperion Profitability and Cost Management Hyperion Calculation Manager Hyperion Tax Provision...

9.8CVSS9.6AI score0.97906EPSS
Exploits11
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise FIN Cash Management PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise PRTL Interaction Hub PeopleSoft Enterprise CS Academic Advisement The vulnerabilities potentially enable a malicious person to execute...

8.8CVSS8.6AI score0.97906EPSS
Exploits11
NCSC
NCSC
•added 2022/04/19 12:0 a.m.•8 views

Vulnerability fixed in Zoho ManageEngine ADSelfService Plus

Zoho has fixed a vulnerability in ManageEngine ADSelfService Plus. An authenticated malicious person could potentially potentially exploit it to execute arbitrary code. The vulnerability is located in the password reset functionality. Systems are vulnerable only when custom scripts are enabled fo...

7.1CVSS7.4AI score0.70479EPSS
Exploits4
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•8 views

Vulnerabilities fixed in Citrix products

Citrix has fixed several vulnerabilities in Citrix SD-WAN, Storefront, Endpoint Management and Gateway Plug-in. The vulnerabilities allow a remote malicious party to cause a Denial-of-Service DoS attack. The vulnerabilities with characteristics CVE-2022-27505 and CVE-2022-27506 are located in...

9CVSS8.6AI score0.07582EPSS
Exploits0
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•8 views

Vulnerability fixed in Apache Struts

A vulnerability has been fixed in Apache Struts. This vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code under privileges of the Struts application. OGNL evaluation must be enabled to exploit the vulnerability to be exploited. This vulnerability is an...

9.8CVSS8AI score0.95922EPSS
Exploits16
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Developer Tools. Abuse of the vulnerabilities potentially enable a malicious party to be able to obtain elevated privileges or cause a denial-of-service cause. The tables below list the vulnerabilities fixed by Microsoft with the corresponding CVSSv3...

7.8CVSS6.4AI score0.0328EPSS
Exploits0
NCSC
NCSC
•added 2022/04/05 12:0 a.m.•8 views

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Access to sensitive data Access to system dat...

10CVSS7.6AI score0.00748EPSS
Exploits0
NCSC
NCSC
•added 2022/04/01 12:0 a.m.•8 views

Vulnerabilities fixed in Tomcat for Ubuntu

Vulnerabilities have been fixed in Tomcat. The vulnerabilities potentially allow a malicious party to cause a denial-of-service cause, access sensitive data or execute code execute code with privileges from the vulnerable application. These vulnerabilities have already been described in several...

7.5CVSS9.7AI score0.75353EPSS
Exploits16
NCSC
NCSC
•added 2022/03/31 12:0 a.m.•8 views

0day vulnerability discovered in Spring Core Framework

A vulnerability has been discovered in Spring Core Framework. Spring Core Framework is a set of Java libraries that can be used to develop applications in a structured way to develop applications that can can then run either standalone or in Web application environments such as Tomcat. A maliciou...

9.8CVSS7.6AI score0.99939EPSS
Exploits36
NCSC
NCSC
•added 2022/03/10 12:0 a.m.•8 views

Vulnerabilities fixed in mariadb

Vulnerabilities have been fixed in mariadb 10.2.43. Due to an error in the handling and validation of database queries, a local attacker is able to crash the application or increase the user privileges to service account privileges. -= SUSE =- SUSE has made updates available to address the...

7.8CVSS9.3AI score0.00645EPSS
Exploits8
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•8 views

Vulnerabilities fixed in Icinga Web 2

Several vulnerabilities have been fixed in Icinga Web 2. The vulnerability with the attribute CVE-2022-24716 allows an unauthenticated malicious party to use a path-traversal to obtain to obtain files that may contain database credentials. The vulnerabilities with attributes CVE-2022-24714 and...

8.8CVSS6.8AI score0.89378EPSS
Exploits13
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Exchange Server. A malicious party could potentially exploit the vulnerabilities to access gain access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. Exploitation of both vulnerabilities requires...

8.8CVSS7.2AI score0.40789EPSS
Exploits3
NCSC
NCSC
•added 2022/03/04 12:0 a.m.•8 views

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in several components of IBM Spectrum Control. These include vulnerabilities in third-party software parties such as Apache Log4j, Dojo, Java SE, Gson and Websphere Liberty. A malicious party could exploit the vulnerabilities to cause damage cause damage in the...

9.8CVSS9.7AI score0.97906EPSS
Exploits10
NCSC
NCSC
•added 2022/02/15 12:0 a.m.•8 views

Vulnerabilities fixed in Intel Wi-Fi chipset firmware

Intel has fixed several vulnerabilities in various Intel PROSet/Wireless Wi-Fi and Intel Active Management Technology AMT Wireless chipsets. The vulnerabilities allow a local malicious party to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Access to...

8.8CVSS6.9AI score0.00515EPSS
Exploits0
NCSC
NCSC
•added 2022/02/14 12:0 a.m.•8 views

Vulnerability fixed in Adobe Magento

Adobe has fixed a vulnerability in Magento. A malicious party could potentially exploit the vulnerability to execute arbitrary code without authentication to execute arbitrary code under the privileges of the application. Adobe indicates that targeted exploits have been observed on Adobe Commerce...

10CVSS7.8AI score0.99199EPSS
Exploits5
NCSC
NCSC
•added 2022/02/02 12:0 a.m.•8 views

Vulnerability fixed in Fortinet FortiMail

A vulnerability has been fixed in FortiMail. The vulnerability allows an unauthenticated remote malicious party to launch a Cross-Site Scripting attack by sending specially prepared HTTP GET requests to the FortiGuard URI protection service. Fortinet has released updates to fix the vulnerability...

6.1CVSS6.6AI score0.12936EPSS
Exploits5
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed vulnerabilities in the following products: Enterprise Manager Base Platform Application Testing Suite APM - Application Performance Management Enterprise Manager Ops Center The vulnerabilities potentially enable a malicious party to execute attacks that result in the following...

9.8CVSS6.4AI score0.23293EPSS
Exploits6
NCSC
NCSC
•added 2021/12/16 12:0 a.m.•8 views

Vulnerabilities fixed in JBoss Enterprise Application Platform

Red Hat has fixed vulnerabilities in JBoss Enterprise Application Platform. A remote malicious person could vulnerabilities potentially exploit them to cause a denial-of-service or to gain access to sensitive data. Red Hat has released updates to fix the vulnerabilities in JBoss Enterprise...

7.8CVSS7.2AI score0.10448EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code...

9.3CVSS7.3AI score0.18024EPSS
Exploits7
NCSC
NCSC
•added 2021/12/03 12:0 a.m.•8 views

Vulnerabilities remedied in Dell PowerEdge VRTX and X-Series firmware

Dell has fixed vulnerabilities in VRTX switch module firmware. By exploiting these vulnerabilities, an unauthenticated malicious person remotely retrieve another user's login credentials retrieve another user's login credentials and thereby gain elevated privileges. It is also it is possible to...

9.8CVSS7.2AI score0.01248EPSS
Exploits0
NCSC
NCSC
•added 2021/11/09 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Azure products

Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities allow a malicious party to gain elevated permissions and to obtain sensitive data. Azure RTOS: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

7.2CVSS6.4AI score0.01211EPSS
Exploits0
NCSC
NCSC
•added 2021/10/27 12:0 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed a large number of vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...

9.3CVSS6.9AI score0.42674EPSS
Exploits0
NCSC
NCSC
•added 2021/10/27 12:0 a.m.•8 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed three vulnerabilities in Adobe Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service DoS, or execute arbitrary code execute arbitrary code on the system under the application's privileges. The malicious party to do this must tric...

9.3CVSS7.8AI score0.05468EPSS
Exploits0
NCSC
NCSC
•added 2021/10/20 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle Java SE and GraalVM

Oracle has fixed vulnerabilities in Java SE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Circumvention of security measure. Denial-of-Service DoS. Remote code execution User Rights Acces...

8.6CVSS9.3AI score0.32362EPSS
Exploits6
NCSC
NCSC
•added 2021/10/19 12:0 a.m.•8 views

Vulnerabilities fixed in Trend Micro Apex One

Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service or execute arbitrary code with SYSTEM privileges. Trend Micro has released updates to address the vulnerabilities fixes in Apex One. For more...

7.8CVSS7.8AI score0.0056EPSS
Exploits0
Total number of security vulnerabilities4190