Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
added 2020/09/04 12:0 a.m.7 views

Vulnerabilities fixed in Sophos UTM Up2Date

Sophos has fixed multiple vulnerabilities in Up2Date for Sophos UTM. The vulnerabilities allow a remote malicious person potentially able to cause a denial-of-service or gain access gain access to sensitive information. Sophos has released updates to fix the vulnerabilities in Sophos UTM Up2Data...

8.6CVSS8AI score0.93422EPSS
Exploits9
NCSC
NCSC
added 2020/09/03 12:0 a.m.7 views

Vulnerabilities fixed in Kaspersky Security Center

Kaspersky has fixed multiple vulnerabilities in Kaspersky Security Center. The vulnerabilities allow a local malicious able to cause a denial-of-service or obtain elevated privileges obtain elevated privileges on the local system. Not all of the vulnerabilities have assigned a CVE number. Kaspers...

7.8CVSS6.8AI score0.00432EPSS
Exploits0
NCSC
NCSC
added 2020/09/03 12:0 a.m.7 views

Vulnerabilities fixed in OpenSUSE kernel

The developers of OpenSUSE have fixed several vulnerabilities fixed in the OpenSUSE Linux kernel. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data...

7.8CVSS7.3AI score0.60631EPSS
Exploits4
NCSC
NCSC
added 2020/08/26 12:0 a.m.7 views

Vulnerability in Autodesk 3ds max actively exploited

Autodesk says it is actively observing abuse of a vulnerability in 3ds max software. A variant of the MAXScript exploit "PhysXPluginMfx" allows a remote malicious person to to execute arbitrary code within the context of the application. To do this, the malicious party must entice the victim to...

7.6AI score
Exploits0
NCSC
NCSC
added 2020/08/14 12:0 a.m.7 views

Vulnerabilities fixed in Apache HTTP server

Vulnerabilities have been fixed in Apache. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data -= Ubuntu =- Canonical has...

9.8CVSS8.2AI score0.90039EPSS
Exploits4
NCSC
NCSC
added 2020/08/11 12:0 a.m.7 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication Circumvention of security...

9.8CVSS6.8AI score0.42741EPSS
Exploits11
NCSC
NCSC
added 2020/08/11 12:0 a.m.7 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code, to gain elevated privileges or to perform a denial-of-service DoS attack. Below is a summary of the various vulnerabilities described by...

9.3CVSS7.5AI score0.06561EPSS
Exploits0
NCSC
NCSC
added 2020/08/10 12:0 a.m.7 views

Vulnerabilities fixed in Apache HTTP Server

Vulnerabilities have been fixed in Apache HTTP Server. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial of Service Apache has made updates available to address the vulnerabilities. fixes. More information can ...

7.5CVSS7.7AI score0.89744EPSS
Exploits2
NCSC
NCSC
added 2020/08/04 12:0 a.m.7 views

Vulnerabilities fixed in GRUB2

Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...

8.2CVSS7.9AI score0.01588EPSS
Exploits1
NCSC
NCSC
added 2020/05/27 12:0 a.m.7 views

Multiple vulnerabilities fixed in macOS

Apple has fixed several vulnerabilities in macOS. The vulnerabilities allow a malicious person remote or otherwise to perform able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root...

9.3CVSS7.4AI score0.09219EPSS
Exploits6
NCSC
NCSC
added 2020/02/21 12:0 a.m.7 views

Vulnerabilities fixed in Cisco products

Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Cisco has released updates to fix the vulnerabilities. More...

6.5CVSS6.4AI score0.28307EPSS
Exploits15
NCSC
NCSC
added 2020/02/11 12:0 a.m.7 views

Vulnerability fixed in Microsoft SQL Server Reporting Services

There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to improper processing of page requests. If successfully exploited, the vulnerability allows an authenticated remote malicious person to execute arbitrary execu...

8.8CVSS7.9AI score0.99046EPSS
Exploits14
NCSC
NCSC
added 2020/02/11 12:0 a.m.7 views

Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products

Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...

7.5CVSS6.8AI score0.01311EPSS
Exploits0
NCSC
NCSC
added 2020/01/28 12:0 a.m.7 views

Vulnerability fixed in Spring Framework

A vulnerability has been fixed in Spring Framework. The vulnerability allows a malicious party to perform a reflected file download RFD attack. The developers of Spring Framework have released updates to fix the vulnerability. More information can be found at the page below:...

8CVSS6.6AI score0.88077EPSS
Exploits2
NCSC
NCSC
added 2020/01/14 12:0 a.m.7 views

Vulnerabilities fixed in Nginx

A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...

5.3CVSS8.9AI score0.14961EPSS
Exploits3
NCSC
NCSC
added 2019/10/07 12:0 a.m.7 views

Vulnerabilities fixed in Jackson databind

Debian has fixed vulnerabilities in Jackson databind. The vulnerabilities allow a malicious party to execute arbitrary code execute under user privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to the deserialization of an...

9.8CVSS7.3AI score0.45205EPSS
Exploits3
NCSC
NCSC
added 2019/04/04 12:0 a.m.7 views

Vulnerability fixed in PostgreSQL

Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...

9CVSS7AI score0.91877EPSS
Exploits17
NCSC
NCSC
added 2016/05/11 12:0 a.m.7 views

Multiple vulnerabilities fixed in Aruba networks products

Multiple vulnerabilities have been discovered in various Aruba Networks products including Instant and ArubaOS access points, the Airwave management platform and the PAPI protocol that these systems mutually use. Some vulnerabilities have been fixed, others will be fixed in a future update, and f...

9.8CVSS7.9AI score0.05123EPSS
Exploits3
NCSC
NCSC
added 5 days ago6 views

Vulnerabilities in GitHub Enterprise Server

GitHub has identified several vulnerabilities in GitHub Enterprise Server, particularly in versions prior to 3.21 and 3.22. The first vulnerability involves stored XSS attacks, where authenticated attackers can inject malicious JavaScript payloads into discussion titles. These scripts are execute...

6.5CVSS6AI score0.00257EPSS
Exploits0References6
NCSC
NCSC
added 2026/06/24 9:1 a.m.6 views

The vulnerabilities in libssh2 are addressed through libssh.

LibSSH has vulnerabilities in libssh2, including versions up to 1.11.1. The first vulnerability involves a denial-of-service attack during the pre-authentication phase, within the SSHMSGEXTINFO handler. A malicious SSH server can send a specially constructed extensioncount value, causing the clie...

9.2CVSS6.2AI score0.00732EPSS
Exploits10References2
NCSC
NCSC
added 2026/06/17 8:55 a.m.6 views

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...

9.9CVSS5.4AI score0.00555EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/16 1:30 p.m.6 views

Kwetsbaarheid verholpen in Cisco Catalyst SD-WAN Manager

Cisco has identified a vulnerability in the Cisco Catalyst SD-WAN Manager. This vulnerability resides in the web user interface of the Cisco Catalyst SD-WAN Manager and involves a directory traversal flaw. This flaw is caused by improper input validation during the file upload process. An...

6.5CVSS6AI score0.07683EPSS
Exploits2References1
NCSC
NCSC
added 2026/04/22 11:33 a.m.6 views

Vulnerabilities in Oracle Identity Manager Connector

Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...

9.1CVSS7.1AI score0.00413EPSS
Exploits0References2
NCSC
NCSC
added 2026/04/17 8:37 a.m.6 views

Lack of vulnerability awareness in Cisco WebEx Services

Cisco has identified a vulnerability in Cisco Webex Services, specifically in the SSO integration with Control Hub. The vulnerability lies in the incorrect validation of certificates during the SSO integration of Cisco Webex Services through Control Hub. An unauthenticated external attacker can...

9.8CVSS6AI score0.0052EPSS
Exploits0References1
NCSC
NCSC
added 2026/04/14 7:24 p.m.6 views

Vulnerabilities in Microsoft SQL Server

Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...

8.8CVSS6AI score0.00706EPSS
Exploits0
NCSC
NCSC
added 2026/04/10 12:6 p.m.6 views

Vulnerability fixed in Juniper Networks Junos OS Evolved

Juniper has fixed a vulnerability in Junos OS Evolved running on PTX Series devices. A malicious party can exploit this vulnerability to increase privileges. The vulnerability is in the Flexible PIC Concentrators FPCs of Juniper Networks Junos OS Evolved on PTX systems. The vulnerability can lead...

8.5CVSS5.8AI score0.00114EPSS
Exploits0References1
NCSC
NCSC
added 2026/04/03 10:34 a.m.6 views

Vulnerabilities fixed in Cisco Integrated Management Controller

Cisco has fixed several vulnerabilities in Cisco Integrated Management Controller IMC. The vulnerabilities are in Cisco IMC's Web-based management interface. An unauthorized remote attacker can bypass authentication through password change functionality by sending specially formatted HTTP request...

9.8CVSS6.1AI score0.01094EPSS
Exploits0References4
NCSC
NCSC
added 2026/03/26 9:48 a.m.6 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in versions 18.8.7, 18.9.3, and 18.10.1. The vulnerabilities included denial-of-service scenarios that could be triggered by authenticated users via specific Webhook configurations and continuous integration inputs. In addition, there were issues with improper...

8.8CVSS5.8AI score0.00478EPSS
Exploits0References1
NCSC
NCSC
added 2026/03/13 8:33 a.m.6 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome versions before 146.0.7680.75. The vulnerabilities are in Google Chrome's V8 engine and Skia graphics library. The vulnerability in the V8 engine allows a malicious person to execute arbitrary code within the browser's sandboxed environment via a...

8.8CVSS6.1AI score0.02EPSS
Exploits1References1
NCSC
NCSC
added 2026/03/12 2:54 p.m.6 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities allow an authenticated domain user to remotely execute code on the backup server, which can lead to unauthorized control of backup operations. This issue is present in the backup server environment and can be...

9.9CVSS6AI score0.01329EPSS
Exploits0References2
NCSC
NCSC
added 2026/03/10 8:12 p.m.6 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and potentially execute SQL Statements with Sysadmin privileges. For successful abuse, the malicious party must have prior authorizations as a user. Of th...

8.8CVSS5.8AI score0.02044EPSS
Exploits0
NCSC
NCSC
added 2026/02/27 9:48 a.m.6 views

Vulnerability fixed in Juniper Junos OS Evolved

Juniper has fixed a vulnerability in Junos OS Evolved Specifically for PTX Series devices. The vulnerability is in the On-Box Anomaly detection framework of Junos OS Evolved that runs on PTX Series devices. The cause is an incorrect assignment of permissions that allows unauthenticated remote...

9.8CVSS6.1AI score0.17709EPSS
Exploits2References1
NCSC
NCSC
added 2026/02/06 9:20 a.m.6 views

Vulnerability fixed in Cisco TelePresence Collaboration Endpoint

Cisco has fixed a vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software. The vulnerability is in how the text viewer system does not perform sufficient input control. This can be exploited by unauthenticated remote attackers, leading to a denial-of-service DoS and affecti...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References1
NCSC
NCSC
added 2026/01/14 1:41 p.m.6 views

Vulnerabilities fixed in Adobe Dreamweaver Desktop

Adobe has fixed vulnerabilities in Dreamweaver Desktop Versions 21.6 and earlier. The vulnerabilities are in the way Dreamweaver Desktop validates input. This can lead to unauthorized file manipulation and execution of arbitrary code. Exploitation of these vulnerabilities requires user interactio...

8.6CVSS7.3AI score0.00716EPSS
Exploits0References1
NCSC
NCSC
added 2026/01/13 7:17 p.m.6 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server A malicious party can exploit the vulnerability to gain unauthorized access to DEBUG functionality and thereby generate, among other things, memory dumps. These dumps can also involve memory outside the scope of SQL Server, allowing the malicious...

7.2CVSS7.4AI score0.01242EPSS
Exploits0
NCSC
NCSC
added 2025/12/29 9:17 a.m.6 views

Vulnerabilities fixed in QNAP operating systems

QNAP has fixed vulnerabilities in QTS and QuTS hero The vulnerabilities include a critical flaw in argument separator processing, a NULL pointer dereference that can lead to denial-of-service DoS attacks, an SQL injection that enables unauthorized code execution, and an authentication bypass that...

9.8CVSS8.5AI score0.00919EPSS
Exploits0References1
NCSC
NCSC
added 2025/11/06 12:36 p.m.6 views

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Cisco Identity Services Engine. The vulnerability is located in the RADIUS setting of Cisco Identity Services Engine, which can be exploited by unauthenticated remote attackers. This vulnerability allows attackers to cause a logic error, potentially leading to a...

8.6CVSS6.9AI score0.00671EPSS
Exploits0References1
NCSC
NCSC
added 2025/11/03 8:14 a.m.6 views

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions 2025.0.0 to 2025.0.3, 2024.1.0 to 2024.1.7, and 2023.1.0 to 2023.1.16. The vulnerability involves uncontrolled resource consumption that can lead to resource depletion, which can affect the performance and availabilit...

8.2CVSS6.8AI score0.00466EPSS
Exploits0References1
NCSC
NCSC
added 2025/10/23 1:53 p.m.6 views

Vulnerabilities fixed in Oracle JD Edwards EnterpriseOne Tools

Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.4. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated attackers to compromise the system via HTTP, which can lead to unauthorized access and modification of...

10CVSS6.8AI score0.23932EPSS
Exploits2References1
NCSC
NCSC
added 2025/10/16 6:27 a.m.6 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 29.7, 28.7.9 and earlier. The vulnerabilities are in how Adobe Illustrator handles malicious files. A malicious party can exploit these vulnerabilities by tricking a user into opening a malicious file, which can lead to the execution o...

7.8CVSS7.1AI score0.00193EPSS
Exploits0References1
NCSC
NCSC
added 2025/10/16 6:25 a.m.6 views

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.9, 2022.7 and earlier. The vulnerabilities are in versions 2020.9, 2022.7 and earlier of Adobe Framemaker. The first vulnerability involves a Use After Free, which can lead to arbitrary code execution when a user opens a specially...

7.8CVSS7.6AI score0.00207EPSS
Exploits0References1
NCSC
NCSC
added 2025/10/15 6:22 a.m.6 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. The vulnerabilities include an insecure deserialization, a path traversal and multiple SQL injection vulnerabilities. The insecure deserialization can be exploited by local, authenticated attackers to gain elevated privileges, leading t...

8.8CVSS8.7AI score0.14489EPSS
Exploits0References1
NCSC
NCSC
added 2025/10/14 6:52 p.m.6 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in the JDBC driver for SQL Server. A malicious party could exploit the vulnerability to gain access to sensitive data, such as login credentials, through a Server-in-the-Middle attack. For successful exploitation, the malicious party must trick the victim into...

8.1CVSS7.2AI score0.0067EPSS
Exploits0
NCSC
NCSC
added 2025/10/14 6:16 p.m.6 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange Server. A malicious person could exploit the vulnerabilities to impersonate another user and grant themselves elevated privileges. For successful abuse, the malicious party must have prior authentication. Microsoft has made updates available that fi...

8.8CVSS6.8AI score0.00922EPSS
Exploits0
NCSC
NCSC
added 2025/10/14 11:22 a.m.6 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention o...

9.8CVSS7.6AI score0.06564EPSS
Exploits6References6
NCSC
NCSC
added 2025/10/08 11:43 a.m.6 views

Vulnerabilities fixed in Redis

Redis has fixed vulnerabilities in versions 8.2.1 and below. The vulnerabilities are in Redis' Lua scripting engine, which can be exploited by authenticated users. This can lead to remote code execution, out-of-bounds data access or server crashes. The vulnerabilities could compromise the integri...

9.9CVSS7.5AI score0.86767EPSS
Exploits15References2
NCSC
NCSC
added 2025/09/16 11:17 a.m.6 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include several problems such as unauthorized access to sensitive user data, memory management issues, and vulnerabilities that could lead to denial-of-service or unexpected application crashes. These vulnerabilities could be...

9.8CVSS7.5AI score0.73495EPSS
Exploits3References2
NCSC
NCSC
added 2025/09/11 8:18 a.m.6 views

Vulnerabilities fixed in Cisco NX-OS Software

Cisco has fixed vulnerabilities in Cisco NX-OS Software for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software, including IS-IS, PIM6, logging, command-line interface CLI, and the REST API of the Nexus Dashboard. These vulnerabilities can ...

7.4CVSS7.2AI score0.03221EPSS
Exploits0References6
NCSC
NCSC
added 2025/09/11 8:14 a.m.6 views

Vulnerabilities fixed in Cisco IOS XR Software

Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in how Cisco IOS XR Software handles management interface ACL processing, the installation process and ARP implementation. A malicious party can exploit these vulnerabilities to bypass configured access control list...

7.4CVSS7.7AI score0.00589EPSS
Exploits0References3
NCSC
NCSC
added 2025/09/10 10:49 a.m.6 views

Vulnerability fixed in Adobe Commerce and Magento

Adobe has fixed a vulnerability in Adobe Commerce and Magento. The vulnerability is in the way input is validated in Adobe Commerce and Magento. This vulnerability allows attackers to perform session takeover attacks without any user interaction, which can compromise the confidentiality and...

9.1CVSS6.9AI score0.96742EPSS
Exploits9References1
Total number of security vulnerabilities4190