Lucene search
K
NcscMost viewed

4187 matches found

NCSC
NCSC
•added 2022/09/09 12:0 a.m.•6 views

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Aruba has fixed vulnerabilities in ClearPass Policy Manager CPPM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Remote code execution Administrator/Roo...

8.8CVSS8.2AI score0.01386EPSS
Exploits0
NCSC
NCSC
•added 2022/08/30 12:0 a.m.•6 views

Vulnerabilities fixed in WatchGuard firewalls

Several vulnerabilities have been fixed in WatchGuard firewall products. An unauthenticated remote malicious agent could vulnerability potentially exploit it to execute arbitrary code under root privileges. To be exploited, however, the management interface, however, must be accessible via the...

9.8CVSS7.8AI score0.01477EPSS
Exploits1
NCSC
NCSC
•added 2022/08/29 12:0 a.m.•6 views

Vulnerabilities fixed in Foxit PDF Editor

Vulnerabilities have been fixed in Foxit PDF Editor. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, to obtain sensitive data, or to execute arbitrary code in the scope of the application. This requires the malicious party to trick the victim into opening a rogue...

7.5CVSS7.7AI score0.00927EPSS
Exploits2
NCSC
NCSC
•added 2022/08/25 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco NX-OS and FXOS

Cisco has fixed vulnerabilities in NX-OS and FXOS for various Firepower, Nexus and UCS hardware. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or use command-injection to execute commands on the vulnerable system with root privileges. To exploit the...

8.8CVSS7.4AI score0.01022EPSS
Exploits0
NCSC
NCSC
•added 2022/08/25 12:0 a.m.•6 views

Vulnerabilities fixed in SonicWall SMA100

Sonicwall has fixed two vulnerabilities in the firmware of SMA100 systems. An authenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service, or to gain access to system data. The vulnerability that could lead to access to system data has not been assigned...

8.8CVSS7AI score0.01357EPSS
Exploits0
NCSC
NCSC
•added 2022/08/24 12:0 a.m.•6 views

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in the underlying software of QRadar SIEM. The vulnerabilities are in supporting software, such as Expat, Eclipse, the Kernel and SASL. For the vulnerabilities, previous security advisories have been issued. These updates to QRadar SIEM are a bundle. A malicious part...

9.8CVSS7.3AI score0.99298EPSS
Exploits20
NCSC
NCSC
•added 2022/08/19 12:0 a.m.•6 views

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in IBM MQ. Through an XML External Entity Injection XXE, a malicious party can cause a Denial-of-Service by running the MQ environment out of memory run, or gain access to sensitive information. IBM has released updates to fix the vulnerability in MQ 8.0, 9.1 and 9.2...

9.1CVSS7AI score0.0141EPSS
Exploits0
NCSC
NCSC
•added 2022/08/17 12:0 a.m.•6 views

Vulnerabilities fixed in Splunk

Splunk has fixed vulnerabilities in Splunk Enterprise and Universal Forwarder. A malicious party could potentially exploit them to cause a denial-of-service, bypassing security measures or to gain access to system data. The most serious vulnerability involves causing a Denial-of-Service. For this...

10CVSS6.7AI score0.95764EPSS
Exploits6
NCSC
NCSC
•added 2022/08/16 12:0 a.m.•6 views

Vulnerabilities fixed in ArcGis products

Esri has fixed vulnerabilities in ArcGis Portal and ArcReader. A malicious party could exploit the vulnerabilities to obtain system information, access sensitive data without prior authorization, or to perform a cross-site scripting XSS attack. Such attacks can lead to the execution of JavaScript...

9.6CVSS6.4AI score0.00851EPSS
Exploits0
NCSC
NCSC
•added 2022/08/15 12:0 a.m.•6 views

Vulnerabilities fixed in HP Integrated Lights-out (ILO)

HP has fixed vulnerabilities in the firmware of HP Integrated Lights-out of several HP Apollo, Proliant, Edgeline and StoreEasy server systems. A local malicious person with access to the systems, or the physical management infrastructure, could exploit them to cause a denial-of-service, the...

8.8CVSS7.2AI score0.00403EPSS
Exploits0
NCSC
NCSC
•added 2022/08/15 12:0 a.m.•6 views

Vulnerability fixed in Zoom for macOS

Zoom has fixed a vulnerability in the Zoom Client for macOS. A local malicious person with user privileges could exploit to execute arbitrary code under privileges of root. The vulnerability is located in Zoom's installer and makes it possible to substitute the zoom client update for any other...

8.8CVSS7.6AI score0.00177EPSS
Exploits0
NCSC
NCSC
•added 2022/08/09 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code, bypass security measures and/or obtain elevated user privileges. The vulnerabilities marked CVE-2022-33636 and CVE-2022-33649 potentially enable a...

9.6CVSS7.3AI score0.01894EPSS
Exploits0
NCSC
NCSC
•added 2022/07/27 12:0 a.m.•6 views

Vulnerabilities fixed in Emerson DeltaV

Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the vulnerabilities to execute arbitrary code and manipulating...

7.8CVSS7.2AI score0.00228EPSS
Exploits0
NCSC
NCSC
•added 2022/06/16 12:0 a.m.•6 views

Vulnerabilities fixed in Tenable Nessus Agent

Vulnerabilities have been fixed in Tenable Nessus Agent. The vulnerabilities allow a malicious person with elevated privileges to able to execute arbitrary code under administrator privileges and the read arbitrary files on the underlying system. Tenable has released a new version of Nessus Agent...

9CVSS7.8AI score0.01247EPSS
Exploits0
NCSC
NCSC
•added 2022/06/07 12:0 a.m.•6 views

Vulnerabilities fixed in Google Android and Samsung Mobile (Android)

Google has fixed several vulnerabilities in Android. In addition to the vulnerabilities fixed by Google, Samsung has also fixed 21 additional vulnerabilities fixed specifically for Samsung Mobile hardware. A malicious party could potentially exploit them to cause the following categories of damag...

10CVSS7.5AI score0.08575EPSS
Exploits2
NCSC
NCSC
•added 2022/05/23 12:0 a.m.•6 views

Vulnerability fixed in Cisco IOS XR

A vulnerability has been fixed in Cisco IOS XR. The vulnerability in the health check RPM of Cisco IOS XR software could allow an unauthenticated, remote malicious party to gain access gain access to the Redis environment. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For...

6.5CVSS7.1AI score0.1176EPSS
Exploits0
NCSC
NCSC
•added 2022/05/18 12:0 a.m.•6 views

Vulnerability fixed in SonicWall SMA100

SonicWall has fixed a vulnerability in the SMA100. The vulnerability allows an authenticated remote malicious person potentially be able to use the management interface to execute arbitrary commands execute as "root" on the underlying system, or to cause a denial-of-service. SonicWall has release...

9CVSS7.3AI score0.1111EPSS
Exploits0
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•6 views

Vulnerabilities fixed in SUSE Linux Enterprise kernel

SUSE has fixed vulnerabilities in the Linux kernel. A authenticated malicious person could potentially exploit them to cause a denial-of-service or to obtain elevated privileges. -= SUSE =- SUSE has made updates available to fix the vulnerability fixes in SUSE 12 and 15. You can install these...

7.8CVSS5.7AI score0.01179EPSS
Exploits1
NCSC
NCSC
•added 2022/05/03 12:0 a.m.•6 views

Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of security measure Remote code execution User rights...

8.8CVSS6.8AI score0.82003EPSS
Exploits4
NCSC
NCSC
•added 2022/05/03 12:0 a.m.•6 views

Vulnerabilities fixed in switches from Avaya and Aruba Networks

Researchers at cybersecurity firm Armis have discovered vulnerabilities discovered in implementations of the NanoSSL library. Armis has discovered that in certain network equipment from Aruba and Avaya error messages are not properly processed causing security problems. Previously, Armis has foun...

9.8CVSS7.7AI score0.21364EPSS
Exploits0
NCSC
NCSC
•added 2022/04/21 12:0 a.m.•6 views

Vulnerability fixed in Jira Seraph

A vulnerability has been fixed in Jira Seraph, the web framework used for authentication within Jira. The vulnerability allows a remote malicious party to circumvent authentication bypass authentication by sending a specially prepared HTTP request to the server. The application is only vulnerable...

9.8CVSS6.9AI score0.88333EPSS
Exploits2
NCSC
NCSC
•added 2022/04/21 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation ...

8.5CVSS6.8AI score0.01995EPSS
Exploits0
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...

8.2CVSS7.5AI score0.01655EPSS
Exploits1
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise FIN Cash Management PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise PRTL Interaction Hub PeopleSoft Enterprise CS Academic Advisement The vulnerabilities potentially enable a malicious person to execute...

8.8CVSS8.6AI score0.97906EPSS
Exploits11
NCSC
NCSC
•added 2022/04/19 12:0 a.m.•6 views

Vulnerabilities fixed in Autodesk products

Autodesk has fixed vulnerabilities in several products including AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code under rights of the application. To do this, the malicious party needs to victim to open a rogue file. Autodesk has released updates to...

7.8CVSS7.8AI score0.07734EPSS
Exploits0
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•6 views

Vulnerabilities fixed in Apache Subversion (SVN)

Apache has fixed vulnerabilities in Subversion SVN. The vulnerabilities allow an unauthenticated remote malicious agent to remotely capable of causing a denial-of-service or obtain system information. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15...

7.5CVSS7AI score0.09254EPSS
Exploits1
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Spoofing Access to sensitive data The tables below provide an...

8CVSS7AI score0.03301EPSS
Exploits0
NCSC
NCSC
•added 2022/04/07 12:0 a.m.•6 views

Vulnerabilities fixed in VMware products

Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Bypassing authentication Circumvention of security measure Remote code...

10CVSS7.9AI score0.99997EPSS
Exploits38
NCSC
NCSC
•added 2022/04/06 12:0 a.m.•6 views

Vulnerabilities fixed in MediaWiki

There are vulnerabilities in MediaWiki. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To exploit, the malicious party must be able to modify page titles or only be able to modify a specially prepared URI to visit. A malicious party can exploi...

7.5CVSS6.9AI score0.01152EPSS
Exploits3
NCSC
NCSC
•added 2022/04/04 12:0 a.m.•6 views

Vulnerability fixed in ABB 800xA for AC. 800MCompact

ABB has fixed a vulnerability in 800xA, Control Software for AC 800MCompact. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to perform a denial-of-service. ABB has released updates to fix the vulnerability. Mitigating measures have als...

7.8CVSS6.9AI score0.0091EPSS
Exploits1
NCSC
NCSC
•added 2022/03/10 12:0 a.m.•6 views

Vulnerability fixed in PAN-OS

A vulnerability has been fixed in PAN-OS. The vulnerability with reference CVE-2022-0022 allows a malicious person with access to the system's password hashes, to crack the hashes to crack and thus gain access to the passwords. This vulnerability arose because PAN-OS uses a weak cryptographic...

4.6CVSS6.8AI score0.00122EPSS
Exploits0
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•6 views

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in Photoshop, Illustrator and After Effects. The vulnerabilities allow a malicious person to to execute arbitrary code within the context of the user, or gain access to sensitive data. To exploit the vulnerabilities, an attacker must entice a user to open a rogue...

9.3CVSS7.8AI score0.04306EPSS
Exploits0
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User...

9CVSS7.6AI score0.56376EPSS
Exploits0
NCSC
NCSC
•added 2022/03/07 12:0 a.m.•6 views

Vulnerabilities fixed in Bitdefender products

Vulnerabilities have been fixed in Bitdefender products. The vulnerabilities allow a local malicious agent to cause a denial-of-service or to obtain elevated privileges. obtained. Bitdefender has released updates to address the vulnerabilities. fixes. More information can be found on the pages...

7.8CVSS6.4AI score0.00758EPSS
Exploits0
NCSC
NCSC
•added 2022/03/04 12:0 a.m.•6 views

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in several components of IBM Spectrum Control. These include vulnerabilities in third-party software parties such as Apache Log4j, Dojo, Java SE, Gson and Websphere Liberty. A malicious party could exploit the vulnerabilities to cause damage cause damage in the...

9.8CVSS9.7AI score0.97906EPSS
Exploits10
NCSC
NCSC
•added 2022/02/24 12:0 a.m.•6 views

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed two vulnerabilities in JunOS for the MX and SRX series systems. An unauthenticated remote malicious person could exploit the vulnerabilities to cause a denial-of-service on the systems that have SIP Application Layer Gateway SIP ALG active. This gateway is active when the system...

7.5CVSS7.2AI score0.00945EPSS
Exploits0
NCSC
NCSC
•added 2022/02/17 12:0 a.m.•6 views

Vulnerability fixed in Cisco Email Security Appliance

Cisco has fixed a vulnerability in the Email Security Appliance ESA. A malicious party could potentially exploit it to cause a denial-of-service. To exploit this vulnerability, a malicious party must send a specially prepared e-mail to a vulnerable device. By default, DANE validation is not enabl...

7.5CVSS6.8AI score0.01804EPSS
Exploits0
NCSC
NCSC
•added 2022/02/09 12:0 a.m.•6 views

Vulnerability fixed in Adobe After Effects

Adobe has fixed a vulnerability in After Effects. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the...

7.8CVSS7.7AI score0.02804EPSS
Exploits0
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•6 views

Vulnerabilities fixed in Siemens products

Several vulnerabilities have been fixed in Siemens products. The vulnerabilities potentially allow a malicious party to gain access to sensitive data or cause a denial-of-service cause. To exploit the vulnerabilities, the malicious party must have access to the production environment. It is good...

8.8CVSS8.3AI score0.50445EPSS
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•6 views

Vulnerability fixed in XWiki

A vulnerability has been fixed in XWiki. A malicious party can exploit the exploit the vulnerability to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. For the vulnerabilit...

5.4CVSS6.6AI score0.0087EPSS
Exploits1
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•6 views

Vulnerability fixed in F5 BIG-IP

F5 has fixed a vulnerability in BIG-IP. A malicious person with rights to execute regular expressions could exploit the exploit the vulnerability to cause a denial-of-service, or potentially execute arbitrary code on the system. F5 has released updates to fix the vulnerability in BIG-IP 16.1.2,...

8.6CVSS7.8AI score0.04879EPSS
Exploits0
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•6 views

Vulnerability fixed in Zoho ManageEngine Desktop Central

A vulnerability has been fixed in Zoho ManageEngine Desktop Central. The vulnerability allows a logged-in user to change passwords of other users, including users with elevated privileges. Zoho has released updates to fix the vulnerability. More information can be found on the page below:...

6.5CVSS6.6AI score0.0192EPSS
Exploits1
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•6 views

Vulnerability fixed in Arista EOS

A vulnerability has been fixed in Arista EOS. Arista EOS is a Linux-based operating system installed on network equipment from Arista. With eAPI it is possible to remotely manage and configure Arista's network equipment. When authentication is based on certificates, it is possible that eAPI...

9.8CVSS7AI score0.00735EPSS
Exploits0
NCSC
NCSC
•added 2022/01/31 12:0 a.m.•6 views

Vulnerabilities fixed in Samba

Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious person to perform attacks leading to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Access to system data The vulnerability with attribute...

9CVSS7.8AI score0.74042EPSS
Exploits1
NCSC
NCSC
•added 2022/01/25 12:0 a.m.•6 views

Vulnerabilities fixed in Trend Micro Deep Security

Two vulnerabilities have been fixed in Trend Micro Deep Security Agent for Linux. The vulnerability with attribute CVE-2022-23119 can be exploited if access is gained to the Deep Security Manager or on devices on which the agent is not yet not yet activated or configured. The vulnerability with...

7.8CVSS7.6AI score0.2225EPSS
Exploits2
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Essbase

Oracle has fixed vulnerabilities in the following products: Hyperion Essbase Hyperion Essbase Administration Services The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...

9.9CVSS8.6AI score0.87816EPSS
Exploits2
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in the following Oracle E-Business Suite products: Configurator Time and Labor iStore Trade Management Partner Management Installed Base Sourcing Project Costing The vulnerabilities enable a malicious person to carry out attacks execute attacks that result in the...

8.1CVSS6.5AI score0.28839EPSS
Exploits1
NCSC
NCSC
•added 2022/01/18 12:0 a.m.•6 views

Vulnerabilities fixed in Expat

Developers have fixed vulnerabilities in Expat. The vulnerabilities allow a remote malicious person to perform a Denial-of-Service. To do this, the malicious party must send an XML tag with an overflow of attributes to the vulnerable XML server send or trigger an integer overflow on various...

9.8CVSS9.5AI score0.04829EPSS
Exploits2
NCSC
NCSC
•added 2022/01/13 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Increased user privileges Cisco has released updates to fix the...

9.6CVSS6.1AI score0.01649EPSS
Exploits1
NCSC
NCSC
•added 2021/12/27 12:0 a.m.•6 views

Vulnerabilities fixed in NetBSD

Vulnerabilities have been fixed in NetBSD's IP stack. Because the randomizer for IP packet ID is not turned on by default, and the randomizer is not random enough when it is enabled, a malicious party can analyze the IP traffic and possibly gain access to sensitive data via a man-in-the-middle...

7.5CVSS6.9AI score0.00964EPSS
Exploits0
Total number of security vulnerabilities4187