Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
added 2020/12/08 12:0 a.m.7 views

Vulnerabilities fixed in openSUSE kernel

Vulnerabilities have been fixed in openSUSE. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user privileges -= OpenSUSE =- The developers of...

7.8CVSS7.2AI score0.06692EPSS
Exploits9
NCSC
NCSC
added 2020/12/08 12:0 a.m.7 views

Vulnerabilities in multiple TCP/IP stacks

Researchers at Forescout Research Labs have found 33 vulnerabilities found in four open source TCP/IP stacks. In the research called AMNESIA:33, four vulnerabilities are identified as critical. The highest assigned CVSS score is 9.8. The vulnerabilities allow a malicious party to carry out attack...

9.8CVSS7.5AI score0.58695EPSS
Exploits0
NCSC
NCSC
added 2020/12/07 12:0 a.m.7 views

Vulnerability fixed in Kibana

A vulnerability has been fixed in Kibana. The vulnerability allows a malicious party the opportunity to spoof a URL and to cause a Denial-of-Service. Elastic has released bug fixes to address the vulnerability. fix. More information can be found on the pages below: Bug 1898572:...

6.1CVSS6.6AI score0.00643EPSS
Exploits0
NCSC
NCSC
added 2020/12/01 12:0 a.m.7 views

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira. The vulnerability allows a remote malicious person to manipulate to manipulate Jira templates. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below:...

5.5CVSS6.6AI score0.0077EPSS
Exploits0
NCSC
NCSC
added 2020/11/20 12:0 a.m.7 views

Vulnerability fixed in MISP

CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS attack, potentially executing arbitrary code in the context of the browser. CIRCL has released updates to fix the...

6.1CVSS7.4AI score0.00802EPSS
Exploits0
NCSC
NCSC
added 2020/11/13 12:0 a.m.7 views

Multiple vulnerabilities fixed in Intel systems

Intel has fixed several vulnerabilities in Converged Security and Manageability Engine CSME, Server Platform Services SPS, Trusted Execution Engine TXE, Dynamic Application Loader DAL, Active Management Technology AMT and Standard Manageability ISM. Malicious parties can exploit the vulnerabiliti...

9.8CVSS7.1AI score0.01675EPSS
Exploits0
NCSC
NCSC
added 2020/11/13 12:0 a.m.7 views

Vulnerabilities fixed in macOS

Apple has released a new version of macOS. This version 11.01 Big Sur fixes a large number of vulnerabilities. A malicious party can exploit the vulnerabilities to access gain access to sensitive data, execute arbitrary code with user privileges or to cause a denial-of-service. The vulnerabilitie...

9.3CVSS7.5AI score0.22178EPSS
Exploits7
NCSC
NCSC
added 2020/11/13 12:0 a.m.7 views

Vulnerability fixed in EcoStruxure Control Expert

A vulnerability has been fixed that could cause a crash of the PLC simulator in EcoStruxure Control Expert software when a specially crafted request is received via Modbus. Schneider Electric has made available a firmware update that fixes the vulnerability. For more information, see:...

7.5CVSS6.9AI score0.01272EPSS
Exploits0
NCSC
NCSC
added 2020/11/05 12:0 a.m.7 views

Vulnerabilities fixed in Cisco Unified Communications Manager

Due to a vulnerability in Cisco Unified Communications Manager -software, an authenticated remote malicious party could cause the Cisco XCP Authentication Service on an affected device to be restarted, resulting in a Denial-of-Service DoS. Cisco has released an update to fix the vulnerability. Mo...

6.5CVSS6.6AI score0.0115EPSS
Exploits0
NCSC
NCSC
added 2020/11/03 12:0 a.m.7 views

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person remote or otherwise to potentially able to carry out attacks leading to the following categories of damage: Remote code execution User rights Circumvention of security measure Denial-of-Service...

10CVSS7.5AI score0.05142EPSS
Exploits1
NCSC
NCSC
added 2020/11/02 12:0 a.m.7 views

Serious vulnerability fixed in Oracle Weblogic Server

Oracle has released an update for Weblogic Server to fix a serious vulnerability. This new vulnerability is related to the Fusion Middleware vulnerability with attribute CVE-2020-14882, for which an update was released in October. This was described by the NCSC in security advisory NCSC-2020-0858...

10CVSS7.7AI score0.99997EPSS
Exploits43
NCSC
NCSC
added 2020/10/29 12:0 a.m.7 views

Vulnerabilities fixed in Juniper Networks Junos OS

Vulnerabilities have been fixed in Junos OS. The vulnerabilities allow a malicious party to launch a denial-of-service attack and to execute arbitrary code under the privileges of the user. Juniper has released updates to fix the vulnerabilities. More information can be found on the pages below:...

10CVSS7.6AI score0.74513EPSS
Exploits2
NCSC
NCSC
added 2020/10/28 12:0 a.m.7 views

Vulnerabilities fixed in QNAP QTS

QNAS has fixed vulnerabilities in the QTS operating system. The vulnerabilities allow a remote malicious person to to inject arbitrary commands. It is good practice to have the user interface for a system like QTS to be exposed on a separate administrator network. QNAP has released updates to fix...

7.2CVSS6.9AI score0.02178EPSS
Exploits0
NCSC
NCSC
added 2020/10/23 12:0 a.m.7 views

Vulnerabilities fixed in Red Hat OpenShift

Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of security measure Remote code execution User right...

10CVSS7.2AI score0.21052EPSS
Exploits19
NCSC
NCSC
added 2020/10/22 12:0 a.m.7 views

Vulnerability fixed in Snort

A vulnerability has been fixed in Snort. The vulnerability allows an unauthenticated remote malicious person to enable an security measure to bypass. Cisco has released updates to fix the vulnerability. More information can be found on the page below: https://tools.cisco.com/security/center/conte...

5.8CVSS6.8AI score0.02279EPSS
Exploits0
NCSC
NCSC
added 2020/10/22 12:0 a.m.7 views

Vulnerability in Ghisler Total Commander

There is a vulnerability in Ghisler Total Commander. The vulnerability allows a local malicious person to obtain elevated permissions by replacing the Total Commander binary. The developers of Total Commander have indicated that they will not fix the vulnerability will not be fixed. According to...

7.3CVSS6.5AI score0.00389EPSS
Exploits1
NCSC
NCSC
added 2020/10/21 12:0 a.m.7 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in the following Oracle E-Business Suite products: Applications Manager Marketing Application Object Library Trade Management Universal Work Queue Installed Base CRM Technical Foundation One-to-One Fulfillment Applications Framework E-Business Suite Secure...

10CVSS7.7AI score0.02797EPSS
Exploits0
NCSC
NCSC
added 2020/10/20 12:0 a.m.7 views

Vulnerability fixed in Nexpose

A vulnerability has been fixed in Nexpose. The vulnerability allows an authenticated malicious party to execute an SQL injection to execute and thereby obtain sensitive data. Rapid7 has released updates to fix the vulnerability. More information can be found on the page below:...

8.1CVSS7.6AI score0.01123EPSS
Exploits0
NCSC
NCSC
added 2020/10/14 12:0 a.m.7 views

Vulnerabilities fixed in Citrix Gateway Plug-in for Windows

Citrix has fixed two vulnerabilities in the Citrix Gateway Plug-in for Windows. By exploiting these vulnerabilities could potentially gain elevated privileges acquire elevated privileges on the vulnerable system. Citrix has released updates to fix the vulnerabilities. For more information, see:...

9.8CVSS7.1AI score0.01634EPSS
Exploits0
NCSC
NCSC
added 2020/10/13 12:0 a.m.7 views

Vulnerabilities fixed in SUSE

Several vulnerabilities have been fixed in SUSE Linux Enterprise. The vulnerabilities potentially enable a local malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to syste...

7.8CVSS6.7AI score0.00492EPSS
Exploits0
NCSC
NCSC
added 2020/10/13 12:0 a.m.7 views

Vulnerabilities fixed in Siemens Ruggedcom and Scalance

Siemens has fixed multiple vulnerabilities in several Ruggedcom and Scalance products. A remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service of dnsmasq or execute arbitrary code. To do this requires sending malicious network traffic to the vulnerable...

9.8CVSS8.4AI score0.98745EPSS
Exploits21
NCSC
NCSC
added 2020/10/07 12:0 a.m.7 views

Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel

Oracle has fixed vulnerabilities in the Oracle Unbreakable Enterprise kernel. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitiv...

10CVSS6.9AI score0.16523EPSS
Exploits16
NCSC
NCSC
added 2020/10/01 12:0 a.m.7 views

Vulnerability fixed in Trend Micro Anti-virus

A vulnerability has been fixed in Trend Micro Anti-Virus for Mac. The vulnerability allows a malicious person to obtain elevated privileges. Trend Micro has released updates to fix the vulnerability. fix. More information can be found on the page below:...

7.8CVSS6.5AI score0.00621EPSS
Exploits0
NCSC
NCSC
added 2020/10/01 12:0 a.m.7 views

Vulnerability fixed in Red Hat Satellite

A vulnerability has been fixed in Red Hat Satellite. The vulnerability allows a local malicious person to obtain sensitive data by reading the temporary memory. This vulnerability is exploitable only if an installation of Satellite via RPM an installation of Satellite has taken place. -= Red Hat ...

8.8CVSS6.5AI score0.00315EPSS
Exploits0
NCSC
NCSC
added 2020/09/08 12:0 a.m.7 views

Vulnerability discovered in Siemens SIMATIC S&-300 and S7-400 CPUs

Siemens has discovered a vulnerability in the SIMATIC S7-300 and S7-400 CPUs. An unauthenticated malicious person can exploit the exploit the vulnerability to eavesdrop on network traffic and thereby obtaining login credentials. To exploit the vulnerability, the attacker must have access to the...

6.5CVSS6.9AI score0.00712EPSS
Exploits0
NCSC
NCSC
added 2020/09/07 12:0 a.m.7 views

Vulnerabilities fixed in Nagios

Several vulnerabilities have been fixed in Nagios. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Increased user privileges For now, not ever...

10CVSS7.1AI score0.04751EPSS
Exploits0
NCSC
NCSC
added 2020/09/04 12:0 a.m.7 views

Vulnerabilities fixed in Sophos UTM Up2Date

Sophos has fixed multiple vulnerabilities in Up2Date for Sophos UTM. The vulnerabilities allow a remote malicious person potentially able to cause a denial-of-service or gain access gain access to sensitive information. Sophos has released updates to fix the vulnerabilities in Sophos UTM Up2Data...

8.6CVSS8AI score0.93422EPSS
Exploits9
NCSC
NCSC
added 2020/09/03 12:0 a.m.7 views

Vulnerabilities fixed in Kaspersky Security Center

Kaspersky has fixed multiple vulnerabilities in Kaspersky Security Center. The vulnerabilities allow a local malicious able to cause a denial-of-service or obtain elevated privileges obtain elevated privileges on the local system. Not all of the vulnerabilities have assigned a CVE number. Kaspers...

7.8CVSS6.8AI score0.00432EPSS
Exploits0
NCSC
NCSC
added 2020/09/03 12:0 a.m.7 views

Vulnerabilities fixed in OpenSUSE kernel

The developers of OpenSUSE have fixed several vulnerabilities fixed in the OpenSUSE Linux kernel. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data...

7.8CVSS7.3AI score0.60631EPSS
Exploits4
NCSC
NCSC
added 2020/08/26 12:0 a.m.7 views

Vulnerability in Autodesk 3ds max actively exploited

Autodesk says it is actively observing abuse of a vulnerability in 3ds max software. A variant of the MAXScript exploit "PhysXPluginMfx" allows a remote malicious person to to execute arbitrary code within the context of the application. To do this, the malicious party must entice the victim to...

7.6AI score
Exploits0
NCSC
NCSC
added 2020/08/14 12:0 a.m.7 views

Vulnerabilities fixed in Apache HTTP server

Vulnerabilities have been fixed in Apache. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data -= Ubuntu =- Canonical has...

9.8CVSS8.2AI score0.90039EPSS
Exploits4
NCSC
NCSC
added 2020/08/11 12:0 a.m.7 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication Circumvention of security...

9.8CVSS6.8AI score0.42741EPSS
Exploits11
NCSC
NCSC
added 2020/08/11 12:0 a.m.7 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code, to gain elevated privileges or to perform a denial-of-service DoS attack. Below is a summary of the various vulnerabilities described by...

9.3CVSS7.5AI score0.06561EPSS
Exploits0
NCSC
NCSC
added 2020/08/10 12:0 a.m.7 views

Vulnerabilities fixed in Apache HTTP Server

Vulnerabilities have been fixed in Apache HTTP Server. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial of Service Apache has made updates available to address the vulnerabilities. fixes. More information can ...

7.5CVSS7.7AI score0.89744EPSS
Exploits2
NCSC
NCSC
added 2020/08/04 12:0 a.m.7 views

Vulnerabilities fixed in GRUB2

Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...

8.2CVSS7.9AI score0.01588EPSS
Exploits1
NCSC
NCSC
added 2020/05/27 12:0 a.m.7 views

Multiple vulnerabilities fixed in macOS

Apple has fixed several vulnerabilities in macOS. The vulnerabilities allow a malicious person remote or otherwise to perform able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root...

9.3CVSS7.4AI score0.09219EPSS
Exploits6
NCSC
NCSC
added 2020/02/21 12:0 a.m.7 views

Vulnerabilities fixed in Cisco products

Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Cisco has released updates to fix the vulnerabilities. More...

6.5CVSS6.4AI score0.28307EPSS
Exploits15
NCSC
NCSC
added 2020/02/11 12:0 a.m.7 views

Vulnerability fixed in Microsoft SQL Server Reporting Services

There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to improper processing of page requests. If successfully exploited, the vulnerability allows an authenticated remote malicious person to execute arbitrary execu...

8.8CVSS7.9AI score0.99046EPSS
Exploits14
NCSC
NCSC
added 2020/02/11 12:0 a.m.7 views

Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products

Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...

7.5CVSS6.8AI score0.01311EPSS
Exploits0
NCSC
NCSC
added 2020/02/06 12:0 a.m.7 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities are all in the Cisco Discovery Protocol CDP. The vulnerabilities allow an unauthenticated malicious person using a rogue CDP packet to establish a Denial-of-Service and potentially execute arbitrary code execution. Because CDP...

8.8CVSS7.1AI score0.11685EPSS
Exploits0
NCSC
NCSC
added 2020/01/28 12:0 a.m.7 views

Vulnerability fixed in Spring Framework

A vulnerability has been fixed in Spring Framework. The vulnerability allows a malicious party to perform a reflected file download RFD attack. The developers of Spring Framework have released updates to fix the vulnerability. More information can be found at the page below:...

8CVSS6.6AI score0.88077EPSS
Exploits2
NCSC
NCSC
added 2020/01/14 12:0 a.m.7 views

Vulnerabilities fixed in Nginx

A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...

5.3CVSS8.9AI score0.14961EPSS
Exploits3
NCSC
NCSC
added 2019/10/07 12:0 a.m.7 views

Vulnerabilities fixed in Jackson databind

Debian has fixed vulnerabilities in Jackson databind. The vulnerabilities allow a malicious party to execute arbitrary code execute under user privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to the deserialization of an...

9.8CVSS7.3AI score0.45205EPSS
Exploits3
NCSC
NCSC
added 2019/04/04 12:0 a.m.7 views

Vulnerability fixed in PostgreSQL

Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...

9CVSS7AI score0.91877EPSS
Exploits17
NCSC
NCSC
added 2016/05/11 12:0 a.m.7 views

Multiple vulnerabilities fixed in Aruba networks products

Multiple vulnerabilities have been discovered in various Aruba Networks products including Instant and ArubaOS access points, the Airwave management platform and the PAPI protocol that these systems mutually use. Some vulnerabilities have been fixed, others will be fixed in a future update, and f...

9.8CVSS7.9AI score0.05123EPSS
Exploits3
NCSC
NCSC
added 4 days ago6 views

Vulnerabilities in GitHub Enterprise Server

GitHub has identified several vulnerabilities in GitHub Enterprise Server, particularly in versions prior to 3.21 and 3.22. The first vulnerability involves stored XSS attacks, where authenticated attackers can inject malicious JavaScript payloads into discussion titles. These scripts are execute...

6.5CVSS6AI score0.00257EPSS
Exploits0References6
NCSC
NCSC
added 2026/06/24 9:1 a.m.6 views

The vulnerabilities in libssh2 are addressed through libssh.

LibSSH has vulnerabilities in libssh2, including versions up to 1.11.1. The first vulnerability involves a denial-of-service attack during the pre-authentication phase, within the SSHMSGEXTINFO handler. A malicious SSH server can send a specially constructed extensioncount value, causing the clie...

9.2CVSS6.2AI score0.00732EPSS
Exploits10References2
NCSC
NCSC
added 2026/06/17 8:55 a.m.6 views

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...

9.9CVSS5.4AI score0.00555EPSS
Exploits0References1
NCSC
NCSC
added 2026/04/30 8:0 a.m.6 views

Vulnerability handling functions in cPanel and WHM

cPanel has identified a vulnerability in its cPanel and WHM products, including versions after 11.40 and before the specific patched releases. The vulnerability involves an authentication bypass that occurs due to the injection of CRLF characters in session files, allowing attackers to impersonat...

9.8CVSS6AI score0.981EPSS
Exploits64References1
NCSC
NCSC
added 2026/04/22 11:33 a.m.6 views

Vulnerabilities in Oracle Identity Manager Connector

Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...

9.1CVSS7.1AI score0.00413EPSS
Exploits0References2
Total number of security vulnerabilities4189