Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2021/05/26 12:0 a.m.•6 views

Vulnerabilities fixed in Dell Precision products

Vulnerabilities have been fixed in Dell Precision products. The vulnerabilities allow a local malicious person to obtain elevated rights or to cause a denial-of-service. Dell has released updates to fix the vulnerabilities. More information can be found on the page below:...

6.7CVSS6.4AI score0.00371EPSS
Exploits0
NCSC
NCSC
•added 2021/05/26 12:0 a.m.•6 views

Vulnerability fixed in Nginx

A vulnerability has been fixed in Nginx. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause and potentially execute arbitrary code by sending a specially prepared DNS response. Nginx is only vulnerable if the "resolver directive" is used in the...

7.7CVSS9.3AI score0.52838EPSS
Exploits10
NCSC
NCSC
•added 2021/05/19 12:0 a.m.•6 views

Vulnerabilities fixed in Red Hat kernel

Red Hat has fixed vulnerabilities in its kernel. The vulnerabilities allow a local malicious party to circumvent a security measure to bypass and to cause a denial-of-service cause. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can install these updates usin...

7.8CVSS5.7AI score0.03292EPSS
Exploits6
NCSC
NCSC
•added 2021/05/17 12:0 a.m.•6 views

Vulnerabilities fixed in Liferay Portal

Vulnerabilities have been fixed in Liferay Portal. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure...

7.5CVSS6.8AI score0.01148EPSS
Exploits0
NCSC
NCSC
•added 2021/05/11 12:0 a.m.•6 views

Vulnerability fixed in SAP NetWeaver

A vulnerability has been fixed in SAP NetWeaver. The vulnerability allows a malicious party to remotely execute arbitrary code execute. As usual, SAP is making few details publicly available. SAP has released updates to fix the vulnerabilities. More information can be found at:...

8.2CVSS6.9AI score0.0027EPSS
Exploits0
NCSC
NCSC
•added 2021/05/11 12:0 a.m.•6 views

Vulnerability fixed in Microsoft Dynamics 365 for Finance and Operations

A vulnerability has been fixed in Dynamics 365 for Finance and Operations. An authenticated malicious party can exploit the vulnerability exploit it to perform Cross-Site-Scripting XSS on a logged-in user. Such an attack could result in the execution of arbitrary script code in the browser used t...

6.1CVSS6.4AI score0.01323EPSS
Exploits0
NCSC
NCSC
•added 2021/05/10 12:0 a.m.•6 views

Vulnerabilities fixed in Atlassian Confluence

Vulnerabilities have been fixed in Atlassian Confluence Server. The vulnerabilities allow an authenticated remote malicious agent to remote user to gain access to system data and to execute arbitrary code under the user's privileges. Atlassian has released updates to address the vulnerabilities...

5.4CVSS7.6AI score0.01201EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•6 views

Vulnerabilities fixed in NVidia drivers and tools

NVidia has fixed several vulnerabilities in the drivers and tools of GPU video cards. Malicious parties can exploit the vulnerabilities exploit them to cause a denial-of-service, obtain obtain system data, or execute arbitrary code under the GPU's privileges. Because GPU drivers sit very close to...

7.8CVSS7.5AI score0.00498EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Supply Chain

Vulnerabilities have been fixed in Oracle Supply Chain Suite. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...

9.8CVSS8.6AI score0.28839EPSS
Exploits1
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to...

9.8CVSS8.8AI score0.42993EPSS
Exploits5
NCSC
NCSC
•added 2021/04/19 12:0 a.m.•6 views

Vulnerability fixed in VMware NSX-T

VMware has fixed a vulnerability in NSX-T. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. VMware has released updates to fix the vulnerability in NSX-T 3.1.2. For more information, see:...

7.8CVSS7.1AI score0.00217EPSS
Exploits0
NCSC
NCSC
•added 2021/04/19 12:0 a.m.•6 views

Vulnerability fixed in LibreOffice

LibreOffice has fixed a vulnerability. A malicious party can bypass the deny-list in the Windows version and execute arbitrary code execute under user privileges by inserting a rogue hyperlink into a document. The Document Foundation has released updates to fix the vulnerability in LibreOffice...

9.3CVSS7.3AI score0.0417EPSS
Exploits1
NCSC
NCSC
•added 2021/04/16 12:0 a.m.•6 views

Vulnerability fixed in Cisco IOS XR

Due to a vulnerability in the CLI of Cisco IOS XR 64-bit software allows an authenticated, local attacker to inject arbitrary commands inject arbitrary commands executed with root privileges on the underlying Linux operating system OS of an affected device. Cisco has released updates to fix the...

7.8CVSS6.9AI score0.00322EPSS
Exploits0
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•6 views

Vulnerabilities fixed in PAN-OS

A security vulnerability exists regarding log files in Palo Alto Networks PAN-OS software, in which the connection details for a scheduled configuration export are recorded recorded in system logs. PAN-OS developers have issued updates to PAN-OS to address the vulnerabilities. More information...

4.4CVSS6.8AI score0.00253EPSS
Exploits1
NCSC
NCSC
•added 2021/04/13 12:0 a.m.•6 views

Vulnerabilities fixed in SAP Netweaver products

Several vulnerabilities have been fixed in SAP Netweaver products. By exploiting the vulnerabilities, a malicious party within the local network to bypass authentication, view sensitive information or cause cross-site scripting and Denial-of-Service. SAP has made updates available to address the...

8.3CVSS6.2AI score0.02162EPSS
Exploits2
NCSC
NCSC
•added 2021/04/09 12:0 a.m.•6 views

Vulnerability fixed in Tableau Server

A vulnerability has been fixed in Tableau Server. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website redirect when sharing a "view." Salesforce has released updates to fix the vulnerability fix in Tableau Server...

6.1CVSS6.8AI score0.01338EPSS
Exploits2
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•6 views

Vulnerability fixed in FreeBSD

A vulnerability has been fixed in FreeBSD. The vulnerability allows a locally authenticated malicious person to obtain to obtain system credentials. -= FreeBSD =- FreeBSD has made updates available to fix the vulnerability fix in kernel. More information about these updates can be found at:...

5.5CVSS6.4AI score0.00336EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•6 views

Vulnerabilities fixed in ClamAV

Vulnerabilities have been fixed in ClamAV. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the permissions with which the service is running. By exploiting the vulnerability with CVE attribute CVE-2021-1386, a...

7.8CVSS8AI score0.03155EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•6 views

Vulnerabilities concealment in Oracle Linux

Vulnerabilities have been fixed in Oracle Linux. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Increased user rights -= Oracle =- Oracle has made updates...

8.1CVSS8.3AI score0.06563EPSS
Exploits6
NCSC
NCSC
•added 2021/04/06 12:0 a.m.•6 views

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to obtain sensitive data. This security advisory addresses two OpenSSL vulnerabilities that also appear in security advisory NCSC-2021-0259. For this reason, they are not included in the probability damage...

7.4CVSS6.1AI score0.62906EPSS
Exploits4
NCSC
NCSC
•added 2021/03/30 12:0 a.m.•6 views

Vulnerability fixed in Mitel MiContact Center

Mitel has fixed a vulnerability in MiContact Center. The vulnerability allows an authenticated malicious party with access to the Enterprise License Manager portal is able to obtain system data obtain. Mitel has released updates to fix the vulnerability. More information can be found on the page...

9.8CVSS6.5AI score0.02516EPSS
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•6 views

Vulnerabilities fixed in FreeBSD

Several vulnerabilities have been fixed in FreeBSD. The vulnerabilities allow a malicious person, potentially unauthenticated remote, be able to carry out attacks resulting in the following categories of damage: Bypassing authentication Bypassing security measure Accessing sensitive data Access t...

8.7CVSS6.7AI score0.02315EPSS
Exploits2
NCSC
NCSC
•added 2021/03/25 12:0 a.m.•6 views

Vulnerabilities fixed in OpenSSL

Two vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerability with reference CVE-2021-3449 potentially exploit it to cause a denial-of-service. To do this requires sending a specially prepared "renegotiation ClientHello" message needs to be sent fro...

7.4CVSS8.6AI score0.62906EPSS
Exploits4
NCSC
NCSC
•added 2021/03/11 12:0 a.m.•6 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed multiple vulnerabilities in its BIG-IP product line. The vulnerabilities allow a potentially unauthenticated remote malicious person is able to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

10CVSS8.3AI score0.99898EPSS
Exploits22
NCSC
NCSC
•added 2021/03/09 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in Visual Studio and Visual Studio Code. The vulnerabilities allow a malicious person able to execute arbitrary code under the privileges of the user. The vulnerability with reference CVE-2021-21300 has been classified by Microsoft rated "Critical" the...

9.3CVSS7.3AI score0.88644EPSS
Exploits5
NCSC
NCSC
•added 2021/03/05 12:0 a.m.•6 views

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure...

7.2CVSS6.5AI score0.00838EPSS
Exploits0
NCSC
NCSC
•added 2021/03/04 12:0 a.m.•6 views

Vulnerability fixed in Cisco ESA and SMA

A vulnerability has been fixed in the web-based administrator interface Cisco AsyncOS for Cisco ESA and SMA. The vulnerability allows an authenticated remote malicious party to able to obtain sensitive data. Cisco has released updates to fix the vulnerability. More information can be found on the...

6.5CVSS6.5AI score0.00523EPSS
Exploits0
NCSC
NCSC
•added 2021/03/04 12:0 a.m.•6 views

Vulnerabilities fixed in Clustered Data ONTAP

NetApp has fixed two vulnerabilities in Clustered Data ONTAP. The vulnerabilities could be exploited by a malicious person to gather information about the vulnerable system or cause a denial-of-service. To cause a Denial-of-Service, the malicious party must be authenticated on the vulnerable...

6.5CVSS6.6AI score0.01149EPSS
Exploits0
NCSC
NCSC
•added 2021/03/02 12:0 a.m.•6 views

Serious vulnerabilities fixed in Microsoft Exchange Server

Vulnerabilities have been fixed in Microsoft Exchange Server. A combination of several vulnerabilities allow a malicious person remotely able to execute arbitrary code under SYSTEM privileges Microsoft states that the vulnerabilities with attribute CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 a...

9.8CVSS7.3AI score0.99999EPSS
Exploits69
NCSC
NCSC
•added 2021/03/01 12:0 a.m.•6 views

Vulnerability fixed in Kaspersky Endpoint Security

Kaspersky has fixed a vulnerability in Kaspersky Endpoint Security and Kaspersky Rescue Disk. A local malicious person with administrator privileges or a malicious person with physical access to the vulnerable device could exploit the vulnerability to bypass of UEFI Secure Boot. This could allow...

6.8CVSS6.6AI score0.00231EPSS
Exploits0
NCSC
NCSC
•added 2021/02/24 12:0 a.m.•6 views

Vulnerabilities fixed in Intel BIOS

Intel has fixed vulnerabilities in the BIOS which is used along with specific Xeon and Atom processors. The vulnerabilities enable a locally authenticated malicious person to opportunity to obtain elevated privileges. The malicious party needs physical access to the vulnerable machine to do so...

7.8CVSS6.6AI score0.00414EPSS
Exploits0
NCSC
NCSC
•added 2021/02/24 12:0 a.m.•6 views

Vulnerability fixed in IBM Integration Bus

A vulnerability has been fixed in IBM Integration Bus. The vulnerability allows a remote malicious party to perform a denial-of-service attack. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6416609...

7.5CVSS8.4AI score0.05197EPSS
Exploits1
NCSC
NCSC
•added 2021/02/18 12:0 a.m.•6 views

Vulnerability fixed in Cisco Anyconnect Client

Cisco has fixed a vulnerability in the Anyconnect client for Windows. A local, authenticated malicious party could exploit the exploit the vulnerability to perform a DLL hijack and thus potentially execute arbitrary code under SYSTEM privileges. Cisco has released updates to fix the vulnerability...

7.8CVSS7.3AI score0.01253EPSS
Exploits1
NCSC
NCSC
•added 2021/02/12 12:0 a.m.•6 views

Vulnerability fixed in vSphere Replication

VMWare has fixed a vulnerability in vSphere Replicator. A malicious person with management privileges in Replicator can exploit the vulnerability exploit it to execute arbitrary code with system privileges on the underlying system. Because such an attack fits into the so-called "evil admin"...

7.2CVSS7.7AI score0.02074EPSS
Exploits0
NCSC
NCSC
•added 2021/02/11 12:0 a.m.•6 views

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. A unauthenticated remote malicious party can exploit the vulnerability exploit it to cause a denial-of-service. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.7.2 10.1.7 ifix2. For more information, see:...

7.5CVSS6.8AI score0.02313EPSS
Exploits0
NCSC
NCSC
•added 2021/02/11 12:0 a.m.•6 views

Vulnerabilities fixed in SUSE Linux kernel

Several vulnerabilities have been fixed in SUSE Linux Enterprise Server. The vulnerabilities enable a malicious person remote or otherwise to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root...

8.8CVSS7AI score0.06563EPSS
Exploits2
NCSC
NCSC
•added 2021/02/10 12:0 a.m.•6 views

Vulnerabilities fixed in Apple macOS

Vulnerabilities have been fixed in Apple macOS. The vulnerabilities allow a local malicious person to obtain elevated privileges to obtain or execute arbitrary code with kernel privileges. The vulnerability with attribute CVE-2021-3156 is known as the sudo vulnerability named "Baron Samedit." Mor...

9.3CVSS8.3AI score0.99295EPSS
Exploits81
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•6 views

Vulnerability fixed in Siemens TIA Portal

Siemens has fixed a vulnerability in TIA Portal. A local malicious party could potentially exploit the vulnerability to obtain elevated privileges and thus execute arbitrary code execute code with SYSTEM privileges. To exploit the vulnerability, the malicious party must have physical access to th...

7.8CVSS7.5AI score0.00862EPSS
Exploits0
NCSC
NCSC
•added 2021/02/03 12:0 a.m.•6 views

Vulnerabilities fixed in GitLab Community and Enterprise Edition

GitLab has fixed a number of vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data...

4.3CVSS6.4AI score0.01023EPSS
Exploits1
NCSC
NCSC
•added 2021/02/02 12:0 a.m.•6 views

Vulnerabilities fixed in Clustered Data ONTAP

NetApp has fixed two vulnerabilities. An unauthorized malicious party can use the vulnerabilities to discover the presence of data, which is stored outside his authorizations. stored. NetApp has released updates to fix the vulnerabilities in Clustered Data ONTAP. For more information, see:...

3.5CVSS7.1AI score0.00548EPSS
Exploits0
NCSC
NCSC
•added 2021/01/28 12:0 a.m.•6 views

Vulnerabilities fixed in Apache ActiveMQ

Vulnerabilities have been fixed in Apache ActiveMQ. The vulnerabilities allow a malicious party to bypass authentication bypassing. Bypassing authentication is only possible when the optional LDAP login module is used. Apache has released updates to fix the vulnerability. More information can be...

7.5CVSS6.9AI score0.11239EPSS
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•6 views

Vulnerability fixed in Apple XCode

Apple has fixed a vulnerability in XCode. A malicious could potentially exploit the vulnerability to gain access to arbitrary files and thus sensitive data. The malicious party must entice the victim to install a malicious application. -= Apple =- Apple has made updates available for XCode to fix...

5.5CVSS6.7AI score0.00642EPSS
Exploits0
NCSC
NCSC
•added 2021/01/21 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco Data Center Network Manager

Cisco has fixed multiple vulnerabilities in several Data Center Network Manager components. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Bypassing authentication Circumvention of...

8.8CVSS7.8AI score0.01901EPSS
Exploits0
NCSC
NCSC
•added 2021/01/21 12:0 a.m.•6 views

Vulnerability fixed in VLC

A vulnerability has been fixed in VLC. The vulnerability allows a malicious party capable of causing a denial-of-service and possibly executing arbitrary code under the privileges of the user. To exploit the vulnerability, a user must open a malicious file open. VLC has released updates to fix th...

7.4AI score
Exploits0
NCSC
NCSC
•added 2021/01/21 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in the following Oracle Hyperion products: Hyperion Infrastructure Technology Hyperion Financial Reporting The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that...

9.8CVSS7.4AI score0.99019EPSS
Exploits10
NCSC
NCSC
•added 2021/01/19 12:0 a.m.•6 views

Vulnerability fixed in Atlassian Confluence

A vulnerability has been fixed in Atlassian Confluence. The vulnerability allows a malicious party to cause a denial-of-service cause. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/CONFSERVER-60854...

6.5CVSS6.5AI score0.02214EPSS
Exploits0
NCSC
NCSC
•added 2021/01/15 12:0 a.m.•6 views

Vulnerability fixed in Elasticsearch

A vulnerability has been fixed in Elasticsearch. The vulnerability allows a malicious person to obtain system data. Elastic has released updates to fix the vulnerability. More information can be found on the page below: https://discuss.elastic.co/t/elasticsearch-7-10-2-security-update /261164...

4.8CVSS8.2AI score0.01241EPSS
Exploits0
NCSC
NCSC
•added 2021/01/14 12:0 a.m.•6 views

Vulnerabilities fixed in Juniper Junos OS

Juniper has fixed vulnerabilities in Junos OS. The vulnerabilities allow a remote malicious person to to bypass a security measure and to cause a denial-of-service cause. Juniper categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 8.8. Juniper has released...

8.8CVSS8.5AI score0.93422EPSS
Exploits6
NCSC
NCSC
•added 2021/01/13 12:0 a.m.•6 views

Vulnerabilities fixed in Aruba Airwave Glass

Vulnerabilities have been fixed in Aruba Airwave Glass. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root privileges...

10CVSS7.6AI score0.07241EPSS
Exploits0
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•6 views

Vulnerability fixed in FortiGate

A remotely authenticated malicious person is able to view the log entries of SSL VPN events from users in other VDOMs by executing "get vpn ssl monitor" from the command line. The sensitive data includes usernames, user groups and IP addresses. FortiGuard has made updates available to fix the...

5CVSS6.4AI score0.00529EPSS
Exploits0
Total number of security vulnerabilities4189