Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2021/10/12 12:0 a.m.•7 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Access to system...

9.8CVSS6.5AI score0.8383EPSS
Exploits6
NCSC
NCSC
•added 2021/09/20 12:0 a.m.•7 views

Vulnerabilities fixed in Ubuntu kernel

Vulnerabilities have been fixed in Ubuntu kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing sensitive data Accessing system data -= Ubuntu ...

8.8CVSS7.1AI score0.03354EPSS
Exploits5
NCSC
NCSC
•added 2021/09/16 12:0 a.m.•7 views

Vulnerabilities fixed in FortiSandbox

Due to a session expiration vulnerability in FortiSandbox allows a malicious party to reuse the non-expired session IDs of an administrator reuse to obtain information about other users. obtain. CVE-2020-29012 Due to a vulnerability in the input validation of the sniffer interface of FortiSandbox...

5.6CVSS6.6AI score0.02592EPSS
Exploits0
NCSC
NCSC
•added 2021/09/16 12:0 a.m.•7 views

Vulnerabilities fixed in Apache Tomcat

Vulnerabilities have been fixed in Apache Tomcat that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data The developers of Apache Tomcat have made updates available made available. For more information, see the following page: https://tomcat.apache.org...

7.5CVSS9.5AI score0.87553EPSS
Exploits17
NCSC
NCSC
•added 2021/09/10 12:0 a.m.•7 views

Vulnerabilities fixed in Dell iDRAC

Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...

8.2CVSS7AI score0.33317EPSS
Exploits0
NCSC
NCSC
•added 2021/09/08 12:0 a.m.•7 views

Vulnerability fixed in Nessus agent

Nessus Agent 8.3.0 and earlier contains multiple local vulnerabilities that would allow an authenticated, local administrator to execute specific executable code on the Nessus Agent host could execute. Tenable has made updates available for Nessus to address the vulnerability. More information ca...

7.2CVSS6.6AI score0.00303EPSS
Exploits0
NCSC
NCSC
•added 2021/09/01 12:0 a.m.•7 views

Vulnerabilities fixed in ArubaOS and Aruba SD-WAN

Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Access-Points and SD-WAN Gateways. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damag...

10CVSS8.3AI score0.03055EPSS
Exploits1
NCSC
NCSC
•added 2021/08/26 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Application Policy Infrastructure Controller (APIC).

Vulnerabilities have been fixed in Cisco Application Policy Infrastructure Controller APIC. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution Administrator/Root right...

9.1CVSS7.1AI score0.02125EPSS
Exploits0
NCSC
NCSC
•added 2021/08/24 12:0 a.m.•7 views

Vulnerability fixed in Joomla! media manager

Joomla has fixed a vulnerability in the Joomla! media!! manager. Due to improper access control, a user could without being authorized to do so could delete arbitrary content from the media directory. Joomla has released updates to fix the vulnerability in Joomla! 4.0.1. For more information, see...

9.1CVSS6.9AI score0.00918EPSS
Exploits0
NCSC
NCSC
•added 2021/08/19 12:0 a.m.•7 views

Vulnerability fixed in Red Hat JBoss Enterprise Application Platform

A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. A remote malicious agent could vulnerability potentially exploit it to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...

7.5CVSS6.7AI score0.01375EPSS
Exploits1
NCSC
NCSC
•added 2021/08/19 12:0 a.m.•7 views

Vulnerability fixed in Autodesk Licensing Service

A vulnerability has been fixed in the Autodesk Licensing Service. This service is present on all of Autodesk's flagship products. The vulnerability allows a malicious person with local access to obtain elevated privileges. Autodesk has released updates to fix the vulnerability. More information c...

7.8CVSS6.3AI score0.00237EPSS
Exploits0
NCSC
NCSC
•added 2021/08/11 12:0 a.m.•7 views

Vulnerabilities fixed in SolarWinds products

Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root privileges SQL Injection Increased user...

9.4CVSS8.2AI score0.76411EPSS
Exploits0
NCSC
NCSC
•added 2021/08/11 12:0 a.m.•7 views

Vulnerability fixed in Citrix ShareFile

Citrix has fixed a vulnerability caused by the CTX269106 mitigation tool for Citrix ShareFile storage zones controller. The tool disabled encryption when it was enabled. This would have allowed data to be stored and transmitted. Citrix has released updates to fix the vulnerability. More informati...

7.5CVSS6.5AI score0.00411EPSS
Exploits0
NCSC
NCSC
•added 2021/08/10 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Linux Unbreakable Enterprise kernel

Oracle has fixed vulnerabilities in the Unbreakable Enterprise Linux kernel. The vulnerabilities potentially enable a malicious person able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user...

7.8CVSS7.4AI score0.09729EPSS
Exploits11
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•7 views

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed vulnerabilities in Jira Server. A remote malicious person could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. The vulnerability with CVE attribute...

5.4CVSS6.6AI score0.01184EPSS
Exploits0
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Connectors MySQL Server MySQL Enterprise Monitor The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in t...

8.1CVSS8.9AI score0.60122EPSS
Exploits4
NCSC
NCSC
•added 2021/07/20 12:0 a.m.•7 views

Vulnerabilities fixed in Typo3

The developers of Typo3 have fixed vulnerabilities in Typo3 Core. The vulnerabilities allow a malicious party to perform Perform cross-site scripting XSS attacks. Such attacks can lead to the execution of arbitrary script code in the context of the victim's browser. In order to perform such an...

6.5CVSS6.2AI score0.00829EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•7 views

Vulnerability fixed in GitLab

A vulnerability has been fixed in GitLab. A malicious party could exploit the vulnerability to obtain sensitive information with the application's permissions through the uploading a prepared "design" file. To do this, "Large File Support" LFS must be enabled for the GitLab server or the specific...

7.2CVSS6.8AI score0.00998EPSS
Exploits0
NCSC
NCSC
•added 2021/07/08 12:0 a.m.•7 views

Vulnerabilities fixed in Android

Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased user privileges As usual, Google has disclosed...

8CVSS7.3AI score0.01393EPSS
Exploits0
NCSC
NCSC
•added 2021/07/07 12:0 a.m.•7 views

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code...

9.8CVSS6.9AI score0.01498EPSS
Exploits7
NCSC
NCSC
•added 2021/07/06 12:0 a.m.•7 views

Vulnerability fixed in MISP

A vulnerability has been fixed in MISP. An unauthenticated remote malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers have...

9.8CVSS6.3AI score0.01087EPSS
Exploits0
NCSC
NCSC
•added 2021/07/02 12:0 a.m.•7 views

Vulnerability fixed in XWiki

Advanced Open Source Enterprise Wiki has fixed a vulnerability fixed in XWiki. The vulnerability allows an unauthenticated malicious person able to reset a counter that tracks the number of failed login attempts to zero. This makes it possible to launch a brute-force attack. Updates have been...

5.5CVSS6.7AI score0.00499EPSS
Exploits0
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•7 views

Vulnerability fixed in Veeam Backup & Replication

A vulnerability has been fixed in Veeam Backup & Replication. The vulnerability potentially allows a malicious party to execute arbitrary code to execute arbitrary code because the Veeam application was vulnerable to a flaw in the deseralization logic of .NET remoting. Veeam's developers have mad...

9.8CVSS7.5AI score0.01239EPSS
Exploits0
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•7 views

InjectaBLE vulnerability discovered in Bluetooth Low Energy (BLE)

Researchers at the LAAS-CNRS laboratory have demonstrated the ability to obtain a be able to obtain full man-in-the-middle status from two Bluetooth Low Energy BLE devices that have an unencrypted connection have. The man-in-the-middle attack does not work on encrypted connections. However, it is...

5.3CVSS6.7AI score0.00402EPSS
Exploits0
NCSC
NCSC
•added 2021/06/24 12:0 a.m.•7 views

Vulnerabilities fixed in Red Hat OpenShift

Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Red Hat ha...

9.8CVSS7.8AI score0.62906EPSS
Exploits16
NCSC
NCSC
•added 2021/06/23 12:0 a.m.•7 views

Vulnerability fixed in VMware products

A vulnerability has been fixed in VMware products. The vulnerability allows a malicious party to obtain elevated privileges obtain in a Windows guest system. VMware has released updates to fix the vulnerability. More information can be found on the page below:...

7.8CVSS6.5AI score0.01382EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•7 views

Vulnerability fixed in MantisBT

A vulnerability has been fixed in MantisBT. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. MantisBT has released updates to fix...

6.1CVSS6.7AI score0.01833EPSS
Exploits1
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•7 views

Vulnerability fixed in Pulse Connect Secure

A vulnerability has been fixed in Pulse Connect Secure. A authenticated malicious person could potentially abuse it to execute arbitrary code under root privileges. To do this, however, the user must have the rights to view a Samba SMB share via the "Windows File Share Browser" functionality. Sin...

9CVSS7.4AI score0.69377EPSS
Exploits0
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•7 views

Vulnerabilities fixed in Bosch IP Cameras

Bosch has fixed vulnerabilities in IP cameras CPP4, CPP6, CPP7, CPP13 and AVIOTEC. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, obtaining sensitive information, manipulating manipulate camera settings or perform a cross-site scripting...

9.8CVSS6.7AI score0.01433EPSS
Exploits0
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Finesse

Cisco has fixed two vulnerabilities in Finesse. A unauthenticated remote malicious person could exploit the vulnerability with reference CVE-2021-1245 to perform a cross-site scripting XSS attack. Such an attack can lead to the execution of arbitrary code in the context of the browser of the...

6.5CVSS7AI score0.01428EPSS
Exploits0
NCSC
NCSC
•added 2021/06/09 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe products

Several vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The exact damage varies by...

9.3CVSS7.7AI score0.46031EPSS
Exploits0
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•7 views

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...

9.8CVSS7.8AI score0.01556EPSS
Exploits0
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•7 views

Vulnerabilities fixed in SAP Netweaver

Vulnerabilities have been fixed in SAP Netweaver. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Remote code execution User rights...

9.8CVSS6.7AI score0.01594EPSS
Exploits3
NCSC
NCSC
•added 2021/06/02 12:0 a.m.•7 views

Vulnerability fixed in FortiGate SSL VPN Portal

FortiGuard has fixed a vulnerability in e FortiGate SSL VPN portal. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...

6.1CVSS6.7AI score0.01061EPSS
Exploits0
NCSC
NCSC
•added 2021/05/26 12:0 a.m.•7 views

Vulnerabilities fixed in VMware vCenter Server

Vulnerabilities have been fixed in VMware vCenter Server. The vulnerability with reference CVE-2021-21985 allows an unauthenticated malicious person with access to port 443 of the vSphere HTML5 Client to execute under elevated privileges execute arbitrary code on both the vCenter Server and the...

10CVSS7.5AI score0.99999EPSS
Exploits13
NCSC
NCSC
•added 2021/05/21 12:0 a.m.•7 views

Vulnerability fixed in Huawei S5700 switch series

Huawei has fixed a vulnerability in its S5700 switch series. A remote malicious person could exploit the vulnerability to cause a denial-of-service attack. Huawei categorizes this vulnerability according to the CVSSv3 method with a score of 6.5. Huawei has released updates to fix the vulnerabilit...

7.5CVSS6.6AI score0.00696EPSS
Exploits0
NCSC
NCSC
•added 2021/05/20 12:0 a.m.•7 views

Vulnerability fixed in Xerox printer drivers

Xerox has fixed a vulnerability in its printer driver for Windows. A remote malicious person could, by exploiting of this vulnerability obtain elevated privileges on the vulnerable system. Few substantive details about the vulnerability have been made publicly available. Xerox has released update...

7.8CVSS7AI score0.02902EPSS
Exploits1
NCSC
NCSC
•added 2021/05/20 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Finesse

Vulnerabilities have been fixed in Cisco Finesse. The vulnerability with reference CVE-2021-1254 allows an authenticated malicious person remotely capable of executing a Cross-Site scripting attack and thereby executing arbitrary code under the privileges of the user. The vulnerability with...

6.1CVSS6.8AI score0.00783EPSS
Exploits0
NCSC
NCSC
•added 2021/05/20 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco products

Cisco has fixed a local file inclusion vulnerability in ADE-OS as used to deploy Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE and Cisco Prime Infrastructure. The vulnerability with attribute CVE-2021-1306 enables a local, authenticated malicious party to able...

9CVSS7.3AI score0.02115EPSS
Exploits0
NCSC
NCSC
•added 2021/05/19 12:0 a.m.•7 views

Vulnerability fixed in Dell Remote Access Controller (iDRAC).

A vulnerability has been fixed in Dell Remote Access Controller iDRAC. The vulnerability allows a remote malicious person to able to bypass authentication. With exploiting this vulnerability, the malicious party gains access to the virtual console of iDRAC. iDRAC is a management environment. It i...

10CVSS6.6AI score0.01726EPSS
Exploits0
NCSC
NCSC
•added 2021/05/19 12:0 a.m.•7 views

Vulnerability fixed in Huawei CloudEngine

A vulnerability has been fixed in several Huawei CloudEngine products. The vulnerability allows a malicious party to capable of causing a denial-of-service. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...

5.3CVSS6.6AI score0.00685EPSS
Exploits0
NCSC
NCSC
•added 2021/05/11 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Spoofing Remote code execution User rights Access to sensitive data Below is a summary of the various...

8.8CVSS7.5AI score0.50628EPSS
Exploits7
NCSC
NCSC
•added 2021/05/11 12:0 a.m.•7 views

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Increased user privileges Siemens categorizes...

7.8CVSS8.2AI score0.98745EPSS
Exploits8
NCSC
NCSC
•added 2021/05/04 12:0 a.m.•7 views

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...

10CVSS8.4AI score0.12084EPSS
Exploits4
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•7 views

Multiple vulnerabilities fixed in RedHat OpenShift

Red Hat has fixed multiple vulnerabilities in the jackson databind of their OpenShift Container platform for RHEL 8. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data or execute arbitrary code under the privileges of the application. Many of t...

10CVSS9AI score0.62906EPSS
Exploits18
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Solaris

Vulnerabilities have been fixed in Oracle Solaris. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...

7.8CVSS7.2AI score0.00305EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS7.2AI score0.99019EPSS
Exploits17
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•7 views

Vulnerabilities fixed in WhatsApp

Vulnerabilities have been fixed in WhatsApp. A malicious party could potentially exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service. The vulnerability with CVE attribute CVE-2021-24027 only applies to applicable to WhatsApp for Android and WhatsApp Busines...

10CVSS6.9AI score0.03805EPSS
Exploits1
NCSC
NCSC
•added 2021/04/02 12:0 a.m.•7 views

Vulnerability fixed in HP Integrated Lights Out Amplifier Pack

HP has fixed a vulnerability in Integrated Lights Out Amplifier Pack. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the...

6.1CVSS6.8AI score0.00621EPSS
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•7 views

Vulnerability found in Keycloak

A vulnerability has been found in Keycloak. The vulnerability allows a malicious person to use the new-account console to execute to execute arbitrary code. Red Hat reports that the vulnerability in version 13 of Keycloak has been fixed. At Keycloak itself, this information cannot be found found...

7.5CVSS6.9AI score0.0119EPSS
Exploits0
Total number of security vulnerabilities4189