Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2021/09/10 12:0 a.m.•7 views

Vulnerabilities fixed in Dell iDRAC

Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...

8.2CVSS7AI score0.33317EPSS
Exploits0
NCSC
NCSC
•added 2021/09/08 12:0 a.m.•7 views

Vulnerability fixed in Nessus agent

Nessus Agent 8.3.0 and earlier contains multiple local vulnerabilities that would allow an authenticated, local administrator to execute specific executable code on the Nessus Agent host could execute. Tenable has made updates available for Nessus to address the vulnerability. More information ca...

7.2CVSS6.6AI score0.00303EPSS
Exploits0
NCSC
NCSC
•added 2021/09/01 12:0 a.m.•7 views

Vulnerabilities fixed in ArubaOS and Aruba SD-WAN

Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Access-Points and SD-WAN Gateways. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damag...

10CVSS8.3AI score0.03055EPSS
Exploits1
NCSC
NCSC
•added 2021/08/26 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Application Policy Infrastructure Controller (APIC).

Vulnerabilities have been fixed in Cisco Application Policy Infrastructure Controller APIC. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution Administrator/Root right...

9.1CVSS7.1AI score0.02125EPSS
Exploits0
NCSC
NCSC
•added 2021/08/24 12:0 a.m.•7 views

Vulnerability fixed in Joomla! media manager

Joomla has fixed a vulnerability in the Joomla! media!! manager. Due to improper access control, a user could without being authorized to do so could delete arbitrary content from the media directory. Joomla has released updates to fix the vulnerability in Joomla! 4.0.1. For more information, see...

9.1CVSS6.9AI score0.00918EPSS
Exploits0
NCSC
NCSC
•added 2021/08/19 12:0 a.m.•7 views

Vulnerability fixed in Red Hat JBoss Enterprise Application Platform

A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. A remote malicious agent could vulnerability potentially exploit it to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...

7.5CVSS6.7AI score0.01375EPSS
Exploits1
NCSC
NCSC
•added 2021/08/19 12:0 a.m.•7 views

Vulnerability fixed in Autodesk Licensing Service

A vulnerability has been fixed in the Autodesk Licensing Service. This service is present on all of Autodesk's flagship products. The vulnerability allows a malicious person with local access to obtain elevated privileges. Autodesk has released updates to fix the vulnerability. More information c...

7.8CVSS6.3AI score0.00237EPSS
Exploits0
NCSC
NCSC
•added 2021/08/11 12:0 a.m.•7 views

Vulnerability fixed in Citrix ShareFile

Citrix has fixed a vulnerability caused by the CTX269106 mitigation tool for Citrix ShareFile storage zones controller. The tool disabled encryption when it was enabled. This would have allowed data to be stored and transmitted. Citrix has released updates to fix the vulnerability. More informati...

7.5CVSS6.5AI score0.00411EPSS
Exploits0
NCSC
NCSC
•added 2021/08/11 12:0 a.m.•7 views

Vulnerabilities fixed in SolarWinds products

Vulnerabilities have been fixed in SolarWinds products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root privileges SQL Injection Increased user...

9.4CVSS8.2AI score0.76411EPSS
Exploits0
NCSC
NCSC
•added 2021/08/10 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Linux Unbreakable Enterprise kernel

Oracle has fixed vulnerabilities in the Unbreakable Enterprise Linux kernel. The vulnerabilities potentially enable a malicious person able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user...

7.8CVSS7.4AI score0.09729EPSS
Exploits11
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•7 views

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed vulnerabilities in Jira Server. A remote malicious person could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. The vulnerability with CVE attribute...

5.4CVSS6.6AI score0.01184EPSS
Exploits0
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Connectors MySQL Server MySQL Enterprise Monitor The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in t...

8.1CVSS8.9AI score0.60122EPSS
Exploits4
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•7 views

Vulnerability fixed in GitLab

A vulnerability has been fixed in GitLab. A malicious party could exploit the vulnerability to obtain sensitive information with the application's permissions through the uploading a prepared "design" file. To do this, "Large File Support" LFS must be enabled for the GitLab server or the specific...

7.2CVSS6.8AI score0.00998EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•7 views

Vulnerability fixed in SonicWall network switches

SonicWall has fixed a vulnerability in several network switches. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause or read system memory. The vulnerability resides in the way LLDP network traffic is processed...

8.1CVSS6.8AI score0.00635EPSS
Exploits0
NCSC
NCSC
•added 2021/07/08 12:0 a.m.•7 views

Vulnerabilities fixed in Android

Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased user privileges As usual, Google has disclosed...

8CVSS7.3AI score0.01393EPSS
Exploits0
NCSC
NCSC
•added 2021/07/07 12:0 a.m.•7 views

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code...

9.8CVSS6.9AI score0.01498EPSS
Exploits7
NCSC
NCSC
•added 2021/07/06 12:0 a.m.•7 views

Vulnerability fixed in MISP

A vulnerability has been fixed in MISP. An unauthenticated remote malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers have...

9.8CVSS6.3AI score0.01087EPSS
Exploits0
NCSC
NCSC
•added 2021/07/02 12:0 a.m.•7 views

Vulnerability fixed in XWiki

Advanced Open Source Enterprise Wiki has fixed a vulnerability fixed in XWiki. The vulnerability allows an unauthenticated malicious person able to reset a counter that tracks the number of failed login attempts to zero. This makes it possible to launch a brute-force attack. Updates have been...

5.5CVSS6.7AI score0.00499EPSS
Exploits0
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•7 views

InjectaBLE vulnerability discovered in Bluetooth Low Energy (BLE)

Researchers at the LAAS-CNRS laboratory have demonstrated the ability to obtain a be able to obtain full man-in-the-middle status from two Bluetooth Low Energy BLE devices that have an unencrypted connection have. The man-in-the-middle attack does not work on encrypted connections. However, it is...

5.3CVSS6.7AI score0.00402EPSS
Exploits0
NCSC
NCSC
•added 2021/06/24 12:0 a.m.•7 views

Vulnerabilities fixed in Red Hat OpenShift

Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Red Hat ha...

9.8CVSS7.8AI score0.62906EPSS
Exploits16
NCSC
NCSC
•added 2021/06/23 12:0 a.m.•7 views

Vulnerability fixed in VMware products

A vulnerability has been fixed in VMware products. The vulnerability allows a malicious party to obtain elevated privileges obtain in a Windows guest system. VMware has released updates to fix the vulnerability. More information can be found on the page below:...

7.8CVSS6.5AI score0.01382EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•7 views

Vulnerability fixed in Pulse Connect Secure

A vulnerability has been fixed in Pulse Connect Secure. A authenticated malicious person could potentially abuse it to execute arbitrary code under root privileges. To do this, however, the user must have the rights to view a Samba SMB share via the "Windows File Share Browser" functionality. Sin...

9CVSS7.4AI score0.69377EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•7 views

Vulnerability fixed in MantisBT

A vulnerability has been fixed in MantisBT. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. MantisBT has released updates to fix...

6.1CVSS6.7AI score0.01825EPSS
Exploits1
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Finesse

Cisco has fixed two vulnerabilities in Finesse. A unauthenticated remote malicious person could exploit the vulnerability with reference CVE-2021-1245 to perform a cross-site scripting XSS attack. Such an attack can lead to the execution of arbitrary code in the context of the browser of the...

6.5CVSS7AI score0.01428EPSS
Exploits0
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•7 views

Vulnerabilities fixed in Bosch IP Cameras

Bosch has fixed vulnerabilities in IP cameras CPP4, CPP6, CPP7, CPP13 and AVIOTEC. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, obtaining sensitive information, manipulating manipulate camera settings or perform a cross-site scripting...

9.8CVSS6.7AI score0.01433EPSS
Exploits0
NCSC
NCSC
•added 2021/06/09 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe products

Several vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The exact damage varies by...

9.3CVSS7.7AI score0.46031EPSS
Exploits0
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•7 views

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...

9.8CVSS7.8AI score0.01556EPSS
Exploits0
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•7 views

Vulnerabilities fixed in Citrix ADC and Citrix Gateway

Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2020-8299 potentially exploit it to cause a denial-of-service from the same local network segment. The vulnerability with CVE attribute...

6.5CVSS6.7AI score0.0301EPSS
Exploits1
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•7 views

Vulnerabilities fixed in SAP Netweaver

Vulnerabilities have been fixed in SAP Netweaver. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Remote code execution User rights...

9.8CVSS6.7AI score0.01594EPSS
Exploits3
NCSC
NCSC
•added 2021/06/02 12:0 a.m.•7 views

Vulnerability fixed in FortiGate SSL VPN Portal

FortiGuard has fixed a vulnerability in e FortiGate SSL VPN portal. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...

6.1CVSS6.7AI score0.01061EPSS
Exploits0
NCSC
NCSC
•added 2021/05/26 12:0 a.m.•7 views

Vulnerability fixed in Nginx

A vulnerability has been fixed in Nginx. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause and potentially execute arbitrary code by sending a specially prepared DNS response. Nginx is only vulnerable if the "resolver directive" is used in the...

7.7CVSS9.3AI score0.52838EPSS
Exploits10
NCSC
NCSC
•added 2021/05/21 12:0 a.m.•7 views

Vulnerability fixed in Huawei S5700 switch series

Huawei has fixed a vulnerability in its S5700 switch series. A remote malicious person could exploit the vulnerability to cause a denial-of-service attack. Huawei categorizes this vulnerability according to the CVSSv3 method with a score of 6.5. Huawei has released updates to fix the vulnerabilit...

7.5CVSS6.6AI score0.00696EPSS
Exploits0
NCSC
NCSC
•added 2021/05/20 12:0 a.m.•7 views

Vulnerability fixed in Xerox printer drivers

Xerox has fixed a vulnerability in its printer driver for Windows. A remote malicious person could, by exploiting of this vulnerability obtain elevated privileges on the vulnerable system. Few substantive details about the vulnerability have been made publicly available. Xerox has released update...

7.8CVSS7AI score0.02902EPSS
Exploits1
NCSC
NCSC
•added 2021/05/20 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Finesse

Vulnerabilities have been fixed in Cisco Finesse. The vulnerability with reference CVE-2021-1254 allows an authenticated malicious person remotely capable of executing a Cross-Site scripting attack and thereby executing arbitrary code under the privileges of the user. The vulnerability with...

6.1CVSS6.8AI score0.00783EPSS
Exploits0
NCSC
NCSC
•added 2021/05/20 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco products

Cisco has fixed a local file inclusion vulnerability in ADE-OS as used to deploy Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE and Cisco Prime Infrastructure. The vulnerability with attribute CVE-2021-1306 enables a local, authenticated malicious party to able...

9CVSS7.3AI score0.02115EPSS
Exploits0
NCSC
NCSC
•added 2021/05/19 12:0 a.m.•7 views

Vulnerability fixed in Dell Remote Access Controller (iDRAC).

A vulnerability has been fixed in Dell Remote Access Controller iDRAC. The vulnerability allows a remote malicious person to able to bypass authentication. With exploiting this vulnerability, the malicious party gains access to the virtual console of iDRAC. iDRAC is a management environment. It i...

10CVSS6.6AI score0.01726EPSS
Exploits0
NCSC
NCSC
•added 2021/05/19 12:0 a.m.•7 views

Vulnerability fixed in Huawei CloudEngine

A vulnerability has been fixed in several Huawei CloudEngine products. The vulnerability allows a malicious party to capable of causing a denial-of-service. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...

5.3CVSS6.6AI score0.00685EPSS
Exploits0
NCSC
NCSC
•added 2021/05/11 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Spoofing Remote code execution User rights Access to sensitive data Below is a summary of the various...

8.8CVSS7.5AI score0.50628EPSS
Exploits7
NCSC
NCSC
•added 2021/05/11 12:0 a.m.•7 views

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Increased user privileges Siemens categorizes...

7.8CVSS8.2AI score0.98745EPSS
Exploits8
NCSC
NCSC
•added 2021/05/10 12:0 a.m.•7 views

Vulnerabilities fixed in Atlassian Confluence

Vulnerabilities have been fixed in Atlassian Confluence Server. The vulnerabilities allow an authenticated remote malicious agent to remote user to gain access to system data and to execute arbitrary code under the user's privileges. Atlassian has released updates to address the vulnerabilities...

5.4CVSS7.6AI score0.01201EPSS
Exploits0
NCSC
NCSC
•added 2021/05/04 12:0 a.m.•7 views

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...

10CVSS8.4AI score0.12084EPSS
Exploits4
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•7 views

Multiple vulnerabilities fixed in RedHat OpenShift

Red Hat has fixed multiple vulnerabilities in the jackson databind of their OpenShift Container platform for RHEL 8. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data or execute arbitrary code under the privileges of the application. Many of t...

10CVSS9AI score0.62906EPSS
Exploits18
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to...

9.8CVSS8.8AI score0.42993EPSS
Exploits5
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Solaris

Vulnerabilities have been fixed in Oracle Solaris. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...

7.8CVSS7.2AI score0.00305EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS7.2AI score0.99019EPSS
Exploits17
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•7 views

Vulnerabilities fixed in PAN-OS

A security vulnerability exists regarding log files in Palo Alto Networks PAN-OS software, in which the connection details for a scheduled configuration export are recorded recorded in system logs. PAN-OS developers have issued updates to PAN-OS to address the vulnerabilities. More information...

4.4CVSS6.8AI score0.00253EPSS
Exploits1
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•7 views

Vulnerabilities fixed in WhatsApp

Vulnerabilities have been fixed in WhatsApp. A malicious party could potentially exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service. The vulnerability with CVE attribute CVE-2021-24027 only applies to applicable to WhatsApp for Android and WhatsApp Busines...

10CVSS6.9AI score0.03805EPSS
Exploits1
NCSC
NCSC
•added 2021/04/02 12:0 a.m.•7 views

Vulnerability fixed in HP Integrated Lights Out Amplifier Pack

HP has fixed a vulnerability in Integrated Lights Out Amplifier Pack. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the...

6.1CVSS6.8AI score0.00621EPSS
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•7 views

Vulnerability found in Keycloak

A vulnerability has been found in Keycloak. The vulnerability allows a malicious person to use the new-account console to execute to execute arbitrary code. Red Hat reports that the vulnerability in version 13 of Keycloak has been fixed. At Keycloak itself, this information cannot be found found...

7.5CVSS6.9AI score0.0119EPSS
Exploits0
NCSC
NCSC
•added 2021/03/25 12:0 a.m.•7 views

Vulnerabilities fixed in OpenSSL

Two vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerability with reference CVE-2021-3449 potentially exploit it to cause a denial-of-service. To do this requires sending a specially prepared "renegotiation ClientHello" message needs to be sent fro...

7.4CVSS8.6AI score0.62906EPSS
Exploits4
Total number of security vulnerabilities4190