Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2022/03/22 12:0 a.m.•7 views

Vulnerabilities fixed in OTRS

OTRS developers have fixed vulnerabilities in OTRS 7 and 8. An authenticated malicious person can exploit the vulnerabilities exploit them to perform a cross-site scripting XSS attack, execute commands in the context of the application, or to gain access to sensitive data. OTRS has released updat...

9CVSS6.1AI score0.01304EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•7 views

Vulnerabilities fixed in Expat

Vulnerabilities have been fixed in Expat. Combining exploiting these vulnerabilities allows a remote malicious person able to execute arbitrary code or cause a Denial-of-Service cause. Expat's developers have made updates available to address the vulnerabilities. For more information, see:...

9.8CVSS7.7AI score0.34174EPSS
Exploits1
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•7 views

Vulnerabilities fixed in Mattermost Server

Two vulnerabilities have been fixed in Mattermost Server. A unauthenticated malicious person can exploit the vulnerabilities to cause a denial-of-service. To do so, a malicious file needs to be uploaded or a malicious POST request needs to be sent be sent to the server. For the latter, no...

7.5CVSS7.2AI score0.00888EPSS
Exploits0
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•7 views

Vulnerabilities fixed in pfSense

Netgate has fixed vulnerabilities in pfSense. The vulnerabilities marked CVE-2022-26019, CVE-2021-41282 and CVE-2022-24299 allow a malicious party to execute arbitrary code or cause a denial-of-service. To exploit these vulnerabilities requires administrator privileges on the vulnerable device...

9CVSS7.8AI score0.87113EPSS
Exploits4
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•7 views

Vulnerabilities fixed in macOS

Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...

9.8CVSS8.5AI score0.17715EPSS
Exploits13
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Azure Site Recovery

Vulnerabilities have been fixed in Microsoft Azure Site Recovery. The vulnerabilities allow a malicious party to obtain elevated rights or to execute arbitrary code. With the exception of CVE-2022-24469, an attacker already needs need elevated privileges to one or more of the components that are...

9CVSS7.1AI score0.02698EPSS
Exploits0
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Exchange Server. A malicious party could potentially exploit the vulnerabilities to access gain access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. Exploitation of both vulnerabilities requires...

8.8CVSS7.2AI score0.40789EPSS
Exploits3
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Developer Tools products. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing In order to exploit these vulnerabilities, a...

7.5CVSS7.7AI score0.03228EPSS
Exploits0
NCSC
NCSC
•added 2022/02/24 12:0 a.m.•7 views

Vulnerability fixed in pfSense

NetGate has fixed a vulnerability in pfSense versions lower than and equal to 2.5.2. A malicious person with user privileges within the same network is able to write arbitrary code to the system. Due to the lack of Cross-Site Request Forgery Protection CSRF on the vulnerable system, it is possibl...

9CVSS6.7AI score0.87113EPSS
Exploits4
NCSC
NCSC
•added 2022/02/17 12:0 a.m.•7 views

Vulnerability fixed in Cisco Email Security Appliance

Cisco has fixed a vulnerability in the Email Security Appliance ESA. A malicious party could potentially exploit it to cause a denial-of-service. To exploit this vulnerability, a malicious party must send a specially prepared e-mail to a vulnerable device. By default, DANE validation is not enabl...

7.5CVSS6.8AI score0.01804EPSS
Exploits0
NCSC
NCSC
•added 2022/02/15 12:0 a.m.•7 views

Vulnerabilities fixed in Intel Wi-Fi chipset firmware

Intel has fixed several vulnerabilities in various Intel PROSet/Wireless Wi-Fi and Intel Active Management Technology AMT Wireless chipsets. The vulnerabilities allow a local malicious party to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Access to...

8.8CVSS6.9AI score0.00515EPSS
Exploits0
NCSC
NCSC
•added 2022/02/09 12:0 a.m.•7 views

Vulnerability fixed in Adobe Creative Cloud Desktop

Adobe has fixed a vulnerability in the Creative Cloud Desktop Application. A malicious party could exploit the vulnerability to execute arbitrary code with the victim's privileges. The malicious party needs to trick the victim into opening a rogue file. Adobe has released updates to fix the...

7CVSS7.4AI score0.02165EPSS
Exploits0
NCSC
NCSC
•added 2022/02/04 12:0 a.m.•7 views

Vulnerability fixed in Kibana

A vulnerability has been fixed in Kibana. The vulnerability allows an authenticated malicious person to perform a Cross-Site Scripting attack on users with higher privileges within the application. Elastic has made version 7.17.0 available for Kibana to fix the vulnerability. For more information...

5.4CVSS6.7AI score0.00527EPSS
Exploits0
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•7 views

Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform

Vulnerabilities have been fixed in Red Hat JBOSS Enterprise Application Platform. The vulnerabilities allow a remote malicious person to remotely capable of causing a denial-of-service or execute arbitrary code. Red Hat has released updates to fix the vulnerabilities. More information can be foun...

7.5CVSS6.9AI score0.01701EPSS
Exploits0
NCSC
NCSC
•added 2022/02/02 12:0 a.m.•7 views

Vulnerability fixed in Fortinet FortiMail

A vulnerability has been fixed in FortiMail. The vulnerability allows an unauthenticated remote malicious party to launch a Cross-Site Scripting attack by sending specially prepared HTTP GET requests to the FortiGuard URI protection service. Fortinet has released updates to fix the vulnerability...

6.1CVSS6.6AI score0.12936EPSS
Exploits5
NCSC
NCSC
•added 2022/01/26 12:0 a.m.•7 views

Vulnerability fixed in Micro Focus Operations Agent

A vulnerability has been fixed in Micro Focus Operational Agent. The vulnerability allows a local malicious agent to access gain access to system data. Micro Focus indicates that mitigating measures are available that eliminate the vulnerability. For more information see:...

3.3CVSS6.4AI score0.00213EPSS
Exploits0
NCSC
NCSC
•added 2022/01/24 12:0 a.m.•7 views

Vulnerabilities fixed in Lexmark printers

Vulnerabilities have been fixed in Lexmark devices. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Remote code execution User Right...

10CVSS7.7AI score0.07702EPSS
Exploits0
NCSC
NCSC
•added 2022/01/24 12:0 a.m.•7 views

Vulnerability fixed in IBM FileNet Content Manager

A vulnerability has been fixed in IBM FileNet Content Manager. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6509840...

9CVSS6.7AI score0.01761EPSS
Exploits0
NCSC
NCSC
•added 2021/12/22 12:0 a.m.•7 views

Vulnerability fixed in SonicWall SMA100 series

A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to access some management APIs in order to view meta-data of configurations. SonicWall has released updates to fix the vulnerability. fix. More information can be...

7.5CVSS6.7AI score0.00904EPSS
Exploits0
NCSC
NCSC
•added 2021/12/17 12:0 a.m.•7 views

Vulnerability fixed in VMware Workspace ONE UEM

VMware has fixed a vulnerability in Workspace ONE UEM. A unauthenticated malicious person could exploit this vulnerability to perform a same-site request forgery SSRF attack and thereby gain access to sensitive data. For successful exploitation requires network access to the Workspace ONE UEM...

7.5CVSS6.8AI score0.97713EPSS
Exploits1
NCSC
NCSC
•added 2021/12/16 12:0 a.m.•7 views

Vulnerability fixed in DBeaver

A vulnerability has been fixed in DBeaver. The vulnerability allows a local malicious agent to obtain sensitive data. This is possible because the loading of external XML entities is not properly is not properly captured. For this vulnerability Proof-of-Concept code is available. DBeaver's...

9.8CVSS6.5AI score0.00902EPSS
Exploits1
NCSC
NCSC
•added 2021/12/07 12:0 a.m.•7 views

Vulnerabilities fixed in IBM Cognos Analytics

IBM has fixed a large number of vulnerabilities in underlying software provided with Cognos Analytics. The vulnerabilities were previously fixed and released by the vendors in question previously fixed and released. IBM has in this update bundled the affected vulnerabilities for Cognos. A malicio...

9.8CVSS7.7AI score0.99019EPSS
Exploits26
NCSC
NCSC
•added 2021/12/03 12:0 a.m.•7 views

Vulnerabilities remedied in Dell PowerEdge VRTX and X-Series firmware

Dell has fixed vulnerabilities in VRTX switch module firmware. By exploiting these vulnerabilities, an unauthenticated malicious person remotely retrieve another user's login credentials retrieve another user's login credentials and thereby gain elevated privileges. It is also it is possible to...

9.8CVSS7.2AI score0.01248EPSS
Exploits0
NCSC
NCSC
•added 2021/11/24 12:0 a.m.•7 views

Vulnerabilities fixed in VMware vCenter

VMware has fixed vulnerabilities in vCenter server. A malicious party on the local network, with access to port 443 could exploit the vulnerabilities to gain access to sensitive data. VMware did not release further details. VMWare has released updates to fix the vulnerabilities in vCenter server...

9.8CVSS7AI score0.04601EPSS
Exploits2
NCSC
NCSC
•added 2021/11/24 12:0 a.m.•7 views

Vulnerabilities fixed in Xen

Xen has released updates to fix vulnerabilities in its hypervisor. Under specific circumstances, a virtualized system "guest" exploit the vulnerabilities to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased...

8.8CVSS6.6AI score0.0206EPSS
Exploits0
NCSC
NCSC
•added 2021/11/10 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe products

Vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Adobe has released updates to fix the...

9.3CVSS7.5AI score0.39401EPSS
Exploits0
NCSC
NCSC
•added 2021/11/05 12:0 a.m.•7 views

Vulnerabilities fixed in HP LaserJet

Vulnerabilities have been fixed in HP Laserjet. The vulnerabilities allow a remote malicious person to cause a denial-of-service and to bypass a security measure. circumvention. HP has released updates to fix the vulnerabilities. More information can be found on the page below:...

10CVSS7.1AI score0.01787EPSS
Exploits0
NCSC
NCSC
•added 2021/10/20 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Communications Applications

Oracle has fixed vulnerabilities in the following Communications Applications products: Communications Billing and Revenue Management Communications MetaSolv Solution Communications Offline Mediation Controller Communications Design Studio Communications Calendar Server Communications Messaging...

9.8CVSS7.1AI score0.75353EPSS
Exploits11
NCSC
NCSC
•added 2021/10/20 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Peoplesoft products

Oracle has fixed vulnerabilities in the following PeopleSoft products: PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise CS SA Integration Pack PeopleSoft Enterprise SCM Purchasing PeopleSoft Enterprise CS Academic Advisement PeopleSoft Enterprise CS Student Records. PeopleSoft Enterpris...

9.8CVSS7.3AI score0.53336EPSS
Exploits4
NCSC
NCSC
•added 2021/10/20 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Java SE and GraalVM

Oracle has fixed vulnerabilities in Java SE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Circumvention of security measure. Denial-of-Service DoS. Remote code execution User Rights Acces...

8.6CVSS9.3AI score0.32362EPSS
Exploits6
NCSC
NCSC
•added 2021/10/19 12:0 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex One

Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service or execute arbitrary code with SYSTEM privileges. Trend Micro has released updates to address the vulnerabilities fixes in Apex One. For more...

7.8CVSS7.8AI score0.0056EPSS
Exploits0
NCSC
NCSC
•added 2021/10/14 12:0 a.m.•7 views

Vulnerabilities fixed in Juniper Junos OS

Vulnerabilities have been fixed in Juniper Junos OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution User Rights Increased user rights Juniper...

9CVSS6.8AI score0.01129EPSS
Exploits1
NCSC
NCSC
•added 2021/10/12 12:0 a.m.•7 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Access to system...

9.8CVSS6.5AI score0.8383EPSS
Exploits6
NCSC
NCSC
•added 2021/10/04 12:0 a.m.•7 views

Vulnerability fixed in Sonatype Nexus

Sonatype has fixed a vulnerability in Nexus Repository. A unauthenticated malicious party could potentially gain access to sensitive information via an HTTP header injection to potentially gain access to sensitive information. Sonatype has released little further substantive information. Sonatype...

8.2CVSS6.6AI score0.02322EPSS
Exploits0
NCSC
NCSC
•added 2021/09/20 12:0 a.m.•7 views

Vulnerabilities fixed in Ubuntu kernel

Vulnerabilities have been fixed in Ubuntu kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing sensitive data Accessing system data -= Ubuntu ...

8.8CVSS7.1AI score0.03354EPSS
Exploits5
NCSC
NCSC
•added 2021/09/16 12:0 a.m.•7 views

Vulnerabilities fixed in FortiSandbox

Due to a session expiration vulnerability in FortiSandbox allows a malicious party to reuse the non-expired session IDs of an administrator reuse to obtain information about other users. obtain. CVE-2020-29012 Due to a vulnerability in the input validation of the sniffer interface of FortiSandbox...

5.6CVSS6.6AI score0.02592EPSS
Exploits0
NCSC
NCSC
•added 2021/09/16 12:0 a.m.•7 views

Vulnerabilities fixed in Apache Tomcat

Vulnerabilities have been fixed in Apache Tomcat that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data The developers of Apache Tomcat have made updates available made available. For more information, see the following page: https://tomcat.apache.org...

7.5CVSS9.5AI score0.87553EPSS
Exploits17
NCSC
NCSC
•added 2021/09/10 12:0 a.m.•7 views

Vulnerabilities fixed in Dell iDRAC

Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...

8.2CVSS7AI score0.33317EPSS
Exploits0
NCSC
NCSC
•added 2021/09/08 12:0 a.m.•7 views

Vulnerability fixed in Nessus agent

Nessus Agent 8.3.0 and earlier contains multiple local vulnerabilities that would allow an authenticated, local administrator to execute specific executable code on the Nessus Agent host could execute. Tenable has made updates available for Nessus to address the vulnerability. More information ca...

7.2CVSS6.6AI score0.00303EPSS
Exploits0
NCSC
NCSC
•added 2021/09/01 12:0 a.m.•7 views

Vulnerabilities fixed in ArubaOS and Aruba SD-WAN

Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Access-Points and SD-WAN Gateways. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damag...

10CVSS8.3AI score0.03055EPSS
Exploits1
NCSC
NCSC
•added 2021/08/26 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Application Policy Infrastructure Controller (APIC).

Vulnerabilities have been fixed in Cisco Application Policy Infrastructure Controller APIC. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution Administrator/Root right...

9.1CVSS7.1AI score0.02125EPSS
Exploits0
NCSC
NCSC
•added 2021/08/24 12:0 a.m.•7 views

Vulnerability fixed in Joomla! media manager

Joomla has fixed a vulnerability in the Joomla! media!! manager. Due to improper access control, a user could without being authorized to do so could delete arbitrary content from the media directory. Joomla has released updates to fix the vulnerability in Joomla! 4.0.1. For more information, see...

9.1CVSS6.9AI score0.00918EPSS
Exploits0
NCSC
NCSC
•added 2021/08/19 12:0 a.m.•7 views

Vulnerability fixed in Red Hat JBoss Enterprise Application Platform

A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. A remote malicious agent could vulnerability potentially exploit it to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...

7.5CVSS6.7AI score0.01375EPSS
Exploits1
NCSC
NCSC
•added 2021/08/19 12:0 a.m.•7 views

Vulnerability fixed in Autodesk Licensing Service

A vulnerability has been fixed in the Autodesk Licensing Service. This service is present on all of Autodesk's flagship products. The vulnerability allows a malicious person with local access to obtain elevated privileges. Autodesk has released updates to fix the vulnerability. More information c...

7.8CVSS6.3AI score0.00237EPSS
Exploits0
NCSC
NCSC
•added 2021/08/11 12:0 a.m.•7 views

Vulnerabilities fixed in SolarWinds products

Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root privileges SQL Injection Increased user...

9.4CVSS8.2AI score0.76411EPSS
Exploits0
NCSC
NCSC
•added 2021/08/11 12:0 a.m.•7 views

Vulnerability fixed in Citrix ShareFile

Citrix has fixed a vulnerability caused by the CTX269106 mitigation tool for Citrix ShareFile storage zones controller. The tool disabled encryption when it was enabled. This would have allowed data to be stored and transmitted. Citrix has released updates to fix the vulnerability. More informati...

7.5CVSS6.5AI score0.00411EPSS
Exploits0
NCSC
NCSC
•added 2021/08/10 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Linux Unbreakable Enterprise kernel

Oracle has fixed vulnerabilities in the Unbreakable Enterprise Linux kernel. The vulnerabilities potentially enable a malicious person able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user...

7.8CVSS7.4AI score0.09729EPSS
Exploits11
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Connectors MySQL Server MySQL Enterprise Monitor The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in t...

8.1CVSS8.9AI score0.60122EPSS
Exploits4
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•7 views

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed vulnerabilities in Jira Server. A remote malicious person could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. The vulnerability with CVE attribute...

5.4CVSS6.6AI score0.01184EPSS
Exploits0
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Siebel Suite

Oracle has fixed vulnerabilities in Siebel CRM and Siebel Apps. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Acce...

8.1CVSS8.6AI score0.73654EPSS
Exploits2
Total number of security vulnerabilities4189