Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2022/11/11 12:0 a.m.•6 views

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in QRadar SIEM and in the QRadar Assistant App. A malicious party could potentially exploit them for attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS9.1AI score0.2241EPSS
Exploits14
NCSC
NCSC
•added 2022/10/25 12:0 a.m.•6 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...

9.8CVSS7.9AI score0.01996EPSS
Exploits0
NCSC
NCSC
•added 2022/10/24 12:0 a.m.•6 views

Vulnerability found in Cisco Identity Services Engine (ISE)

A vulnerability has been found in Cisco Identity Services Engine ISE. A malicious party could potentially exploit it to access and delete files stored on the vulnerable system. Successful exploitation requires authenticated access to the management interface required. It is good practice to make...

8.1CVSS6.9AI score0.0124EPSS
Exploits0
NCSC
NCSC
•added 2022/10/19 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the following products:...

8.1CVSS6.5AI score0.1158EPSS
Exploits1
NCSC
NCSC
•added 2022/10/19 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Systems

Vulnerabilities have been fixed in Oracle Systems. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root privileges Access to sensitive...

8.5CVSS9.1AI score0.97906EPSS
Exploits10
NCSC
NCSC
•added 2022/10/19 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle MySQL

Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive data Oracle has fixed vulnerabilities i...

9.8CVSS8.2AI score0.19193EPSS
Exploits9
NCSC
NCSC
•added 2022/10/19 12:0 a.m.•6 views

Vulnerability fixed in Oracle Hyperion

Oracle has fixed a vulnerability in Oracle Hyperion Infrastructure Technology. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code to execute under the application's permissions. Oracle has fixed vulnerabilities in the following products: - Oracle...

9.8CVSS7.2AI score0.42646EPSS
Exploits3
NCSC
NCSC
•added 2022/10/13 12:0 a.m.•6 views

Vulnerability fixed in Palo Alto PAN-OS

Palo Alto has fixed a vulnerability in PAN-OS. The vulnerability allows a malicious person to remotely bypass authentication and impersonate an existing PAN-OS Administrator. This allows the malicious party with administrator privileges to perform actions and execute arbitrary code. Palo Alto...

8.1CVSS7.4AI score0.0083EPSS
Exploits0
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...

8.8CVSS6.9AI score0.56269EPSS
Exploits0
NCSC
NCSC
•added 2022/10/12 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to impersonate another user. The vulnerability with attribute CVE-2022-37968 has a CVSS of 10.0. If an unauthenticated malicious person uses the randomly generat...

10CVSS6.5AI score0.19762EPSS
Exploits0
NCSC
NCSC
•added 2022/10/11 12:0 a.m.•6 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in RUGGEDCOM, among others, SCALANCE, SIMATIC, and Logo! products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of...

9.8CVSS7.8AI score0.70561EPSS
Exploits2
NCSC
NCSC
•added 2022/10/03 12:0 a.m.•6 views

Vulnerabilities fixed in IBM Tivoli Monitoring

IBM has fixed vulnerabilities in Tivoli Monitoring. The vulnerabilities are in underlying software, such as Java Runtime, zlib and Eclipse and allow a malicious person to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Tivoli...

7.5CVSS8.1AI score0.51733EPSS
Exploits1
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•6 views

Vulnerabilities found in Microsoft Exchange Sever

GTSC, a Vietnamese security company has found vulnerabilities in Microsoft Exchange Server 1. The vulnerabilities allow a malicious party able to execute a Server-Side Request Forgery and to execute arbitrary code. The vulnerabilities have similarities to the Exchange vulnerability from 2021 call...

8.8CVSS7.8AI score0.99964EPSS
Exploits16
NCSC
NCSC
•added 2022/09/29 12:0 a.m.•6 views

Vulnerabilities fixed in SolarWinds Orion

Vulnerabilities have been fixed in SolarWinds Orion. The vulnerabilities allow an authenticated malicious person with access to the network is able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access t...

8.8CVSS7.1AI score0.75174EPSS
Exploits0
NCSC
NCSC
•added 2022/09/29 12:0 a.m.•6 views

Vulnerabilities fixed in Matrix SDKs

Matrix has fixed vulnerabilities in the following SDKs; matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2. These SDKs are used in a number of Matrix-based clients including the popular Element. The vulnerabilities allow a malicious able to perform attacks that result in the following categori...

8.6CVSS7AI score0.01001EPSS
Exploits0
NCSC
NCSC
•added 2022/09/29 12:0 a.m.•6 views

Vulnerabilities fixed in Autodesk AutoCAD and Design Review

Vulnerabilities have been fixed in Autodesk AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code by having AutoCAD and Design Review process a rogue file to be processed. Autodesk has released updates to address the vulnerabilities. fix. More informatio...

7.8CVSS7.4AI score0.00658EPSS
Exploits0
NCSC
NCSC
•added 2022/09/14 12:0 a.m.•6 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication Remote code execution Administrator/Root rights Access to...

9.8CVSS7.7AI score0.03054EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•6 views

Vulnerabilities fixed in Sophos Firewall

Sophos has fixed vulnerabilities in Sophos Firewall. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks leading to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights Remote...

10CVSS7.5AI score0.99796EPSS
Exploits14
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Azure

A vulnerability has been fixed in Microsoft Azure. A authenticated malicious party could potentially abuse it to obtain elevated privileges and execute arbitrary code under root privileges. Microsoft indicates that proof-of-concept code is known for this vulnerability. Microsoft has made updates...

7.8CVSS7.2AI score0.00609EPSS
Exploits0
NCSC
NCSC
•added 2022/09/09 12:0 a.m.•6 views

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Aruba has fixed vulnerabilities in ClearPass Policy Manager CPPM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Remote code execution Administrator/Roo...

8.8CVSS8.2AI score0.01386EPSS
Exploits0
NCSC
NCSC
•added 2022/08/30 12:0 a.m.•6 views

Vulnerabilities fixed in WatchGuard firewalls

Several vulnerabilities have been fixed in WatchGuard firewall products. An unauthenticated remote malicious agent could vulnerability potentially exploit it to execute arbitrary code under root privileges. To be exploited, however, the management interface, however, must be accessible via the...

9.8CVSS7.8AI score0.01477EPSS
Exploits1
NCSC
NCSC
•added 2022/08/29 12:0 a.m.•6 views

Vulnerabilities fixed in Foxit PDF Editor

Vulnerabilities have been fixed in Foxit PDF Editor. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, to obtain sensitive data, or to execute arbitrary code in the scope of the application. This requires the malicious party to trick the victim into opening a rogue...

7.5CVSS7.7AI score0.00927EPSS
Exploits2
NCSC
NCSC
•added 2022/08/25 12:0 a.m.•6 views

Vulnerabilities fixed in SonicWall SMA100

Sonicwall has fixed two vulnerabilities in the firmware of SMA100 systems. An authenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service, or to gain access to system data. The vulnerability that could lead to access to system data has not been assigned...

8.8CVSS7AI score0.01357EPSS
Exploits0
NCSC
NCSC
•added 2022/08/25 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco NX-OS and FXOS

Cisco has fixed vulnerabilities in NX-OS and FXOS for various Firepower, Nexus and UCS hardware. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or use command-injection to execute commands on the vulnerable system with root privileges. To exploit the...

8.8CVSS7.4AI score0.01022EPSS
Exploits0
NCSC
NCSC
•added 2022/08/24 12:0 a.m.•6 views

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in the underlying software of QRadar SIEM. The vulnerabilities are in supporting software, such as Expat, Eclipse, the Kernel and SASL. For the vulnerabilities, previous security advisories have been issued. These updates to QRadar SIEM are a bundle. A malicious part...

9.8CVSS7.3AI score0.99298EPSS
Exploits20
NCSC
NCSC
•added 2022/08/17 12:0 a.m.•6 views

Vulnerabilities fixed in Splunk

Splunk has fixed vulnerabilities in Splunk Enterprise and Universal Forwarder. A malicious party could potentially exploit them to cause a denial-of-service, bypassing security measures or to gain access to system data. The most serious vulnerability involves causing a Denial-of-Service. For this...

10CVSS6.7AI score0.95764EPSS
Exploits6
NCSC
NCSC
•added 2022/08/16 12:0 a.m.•6 views

Vulnerabilities fixed in ArcGis products

Esri has fixed vulnerabilities in ArcGis Portal and ArcReader. A malicious party could exploit the vulnerabilities to obtain system information, access sensitive data without prior authorization, or to perform a cross-site scripting XSS attack. Such attacks can lead to the execution of JavaScript...

9.6CVSS6.4AI score0.00851EPSS
Exploits0
NCSC
NCSC
•added 2022/08/15 12:0 a.m.•6 views

Vulnerabilities fixed in HP Integrated Lights-out (ILO)

HP has fixed vulnerabilities in the firmware of HP Integrated Lights-out of several HP Apollo, Proliant, Edgeline and StoreEasy server systems. A local malicious person with access to the systems, or the physical management infrastructure, could exploit them to cause a denial-of-service, the...

8.8CVSS7.2AI score0.00403EPSS
Exploits0
NCSC
NCSC
•added 2022/08/15 12:0 a.m.•6 views

Vulnerability fixed in Zoom for macOS

Zoom has fixed a vulnerability in the Zoom Client for macOS. A local malicious person with user privileges could exploit to execute arbitrary code under privileges of root. The vulnerability is located in Zoom's installer and makes it possible to substitute the zoom client update for any other...

8.8CVSS7.6AI score0.00177EPSS
Exploits0
NCSC
NCSC
•added 2022/07/27 12:0 a.m.•6 views

Vulnerabilities fixed in Emerson DeltaV

Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the vulnerabilities to execute arbitrary code and manipulating...

7.8CVSS7.2AI score0.00228EPSS
Exploits0
NCSC
NCSC
•added 2022/06/16 12:0 a.m.•6 views

Vulnerabilities fixed in Tenable Nessus Agent

Vulnerabilities have been fixed in Tenable Nessus Agent. The vulnerabilities allow a malicious person with elevated privileges to able to execute arbitrary code under administrator privileges and the read arbitrary files on the underlying system. Tenable has released a new version of Nessus Agent...

9CVSS7.8AI score0.01247EPSS
Exploits0
NCSC
NCSC
•added 2022/06/07 12:0 a.m.•6 views

Vulnerabilities fixed in Google Android and Samsung Mobile (Android)

Google has fixed several vulnerabilities in Android. In addition to the vulnerabilities fixed by Google, Samsung has also fixed 21 additional vulnerabilities fixed specifically for Samsung Mobile hardware. A malicious party could potentially exploit them to cause the following categories of damag...

10CVSS7.5AI score0.08575EPSS
Exploits2
NCSC
NCSC
•added 2022/05/30 12:0 a.m.•6 views

Vulnerabilities fixed in Trend Micro Apex One

Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to increase its permissions and thereby load untrusted files. load. Trend Micro has released updates to fix the vulnerabilities fixes in Apex One. For more information, see:...

7.8CVSS7AI score0.00398EPSS
Exploits0
NCSC
NCSC
•added 2022/05/27 12:0 a.m.•6 views

Vulnerabilities fixed in Ctrix ADC and Gateway

Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. The vulnerabilities allow a remote malicious party able to effect a denial-of-service DoS. For CVE-2022-27508 does not require authentication, while CVE-2022-27507 does. The CVE-2022-27507 vulnerability is only exploitable when...

7.5CVSS7AI score0.01015EPSS
Exploits0
NCSC
NCSC
•added 2022/05/23 12:0 a.m.•6 views

Vulnerability fixed in Cisco IOS XR

A vulnerability has been fixed in Cisco IOS XR. The vulnerability in the health check RPM of Cisco IOS XR software could allow an unauthenticated, remote malicious party to gain access gain access to the Redis environment. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For...

6.5CVSS7.1AI score0.1176EPSS
Exploits0
NCSC
NCSC
•added 2022/05/19 12:0 a.m.•6 views

Vulnerability fixed in BIND

ISC has fixed a vulnerability in BIND. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party must prematurely break a TLS connection to the vulnerable server. TLS is used for both DNS over TLS DoT and DNS over HTT...

7.5CVSS6.5AI score0.04531EPSS
Exploits0
NCSC
NCSC
•added 2022/05/18 12:0 a.m.•6 views

Vulnerability fixed in SonicWall SMA100

SonicWall has fixed a vulnerability in the SMA100. The vulnerability allows an authenticated remote malicious person potentially be able to use the management interface to execute arbitrary commands execute as "root" on the underlying system, or to cause a denial-of-service. SonicWall has release...

9CVSS7.3AI score0.1111EPSS
Exploits0
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•6 views

Vulnerabilities fixed in SUSE Linux Enterprise kernel

SUSE has fixed vulnerabilities in the Linux kernel. A authenticated malicious person could potentially exploit them to cause a denial-of-service or to obtain elevated privileges. -= SUSE =- SUSE has made updates available to fix the vulnerability fixes in SUSE 12 and 15. You can install these...

7.8CVSS5.7AI score0.01169EPSS
Exploits1
NCSC
NCSC
•added 2022/05/10 12:0 a.m.•6 views

Vulnerabilities fixed in HPE Integrated Lights-Out

HPE has fixed a vulnerability in Integrated Lights-Out. The vulnerability allows an authenticated remote malicious party to able to cause a denial-of-service. Few substantive details about the vulnerability publicly available made available. HPE has released updates to fix the vulnerability. For...

7.5CVSS6.8AI score0.01818EPSS
Exploits0
NCSC
NCSC
•added 2022/05/03 12:0 a.m.•6 views

Vulnerabilities fixed in switches from Avaya and Aruba Networks

Researchers at cybersecurity firm Armis have discovered vulnerabilities discovered in implementations of the NanoSSL library. Armis has discovered that in certain network equipment from Aruba and Avaya error messages are not properly processed causing security problems. Previously, Armis has foun...

9.8CVSS7.7AI score0.21877EPSS
Exploits0
NCSC
NCSC
•added 2022/05/03 12:0 a.m.•6 views

Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of security measure Remote code execution User rights...

8.8CVSS6.8AI score0.82003EPSS
Exploits4
NCSC
NCSC
•added 2022/04/21 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation ...

8.5CVSS6.8AI score0.01995EPSS
Exploits0
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...

8.2CVSS7.5AI score0.01655EPSS
Exploits1
NCSC
NCSC
•added 2022/04/19 12:0 a.m.•6 views

Vulnerabilities fixed in Autodesk products

Autodesk has fixed vulnerabilities in several products including AutoCAD and Design Review. The vulnerabilities allow a malicious party to execute arbitrary code under rights of the application. To do this, the malicious party needs to victim to open a rogue file. Autodesk has released updates to...

7.8CVSS7.8AI score0.07734EPSS
Exploits0
NCSC
NCSC
•added 2022/04/15 12:0 a.m.•6 views

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in Asterisk and Certified Asterisk. These vulnerabilities potentially allow a malicious party to perform an SQL injection attack, issue arbitrary requests or download send arbitrary requests or download larger than allowed files. Asterisk has made updates available...

9.8CVSS7.5AI score0.16406EPSS
Exploits0
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•6 views

Vulnerabilities fixed in Apache Subversion (SVN)

Apache has fixed vulnerabilities in Subversion SVN. The vulnerabilities allow an unauthenticated remote malicious agent to remotely capable of causing a denial-of-service or obtain system information. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15...

7.5CVSS7AI score0.09254EPSS
Exploits1
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Spoofing Access to sensitive data The tables below provide an...

8CVSS7AI score0.03301EPSS
Exploits0
NCSC
NCSC
•added 2022/04/07 12:0 a.m.•6 views

Vulnerabilities fixed in VMware products

Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Bypassing authentication Circumvention of security measure Remote code...

10CVSS7.9AI score0.99997EPSS
Exploits38
NCSC
NCSC
•added 2022/04/06 12:0 a.m.•6 views

Vulnerabilities fixed in MediaWiki

There are vulnerabilities in MediaWiki. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To exploit, the malicious party must be able to modify page titles or only be able to modify a specially prepared URI to visit. A malicious party can exploi...

7.5CVSS6.9AI score0.01152EPSS
Exploits3
NCSC
NCSC
•added 2022/04/04 12:0 a.m.•6 views

Vulnerability fixed in ABB 800xA for AC. 800MCompact

ABB has fixed a vulnerability in 800xA, Control Software for AC 800MCompact. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to perform a denial-of-service. ABB has released updates to fix the vulnerability. Mitigating measures have als...

7.8CVSS6.9AI score0.0091EPSS
Exploits1
Total number of security vulnerabilities4189