Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2020/12/24 12:0 a.m.•6 views

Vulnerability fixed in Zimbra

Synacor has fixed a vulnerability in Zimbra in the way in which XML entities are processed in zm-saml-consumer-store. This vulnerability makes it possible for a malicious person to perform a Denial-of-Service attack. Attacks carried out via this vulnerability are also known as "billion laughs"...

6.5CVSS6.7AI score0.01481EPSS
Exploits0
NCSC
NCSC
•added 2020/12/24 12:0 a.m.•6 views

Vulnerabilities fixed in Veritas products

Vulnerabilities have been fixed in Veritas Backup Exec and Veritas NetBackup. The vulnerabilities allow a local attacker to to obtain elevated privileges. The vulnerability makes it possible for the attacker to execute arbitrary code under SYSTEM or administrator. The vulnerabilities rated by...

7.8CVSS7.8AI score0.00931EPSS
Exploits1
NCSC
NCSC
•added 2020/12/23 12:0 a.m.•6 views

Serious vulnerability fixed in Zyxel products

A vulnerability has been fixed in Zyxel products. A researcher found an undocumented user whose both the username and password could be found in plaintext were in firmware. This undocumented account has admin rights. Zyxel has released updates to fix the vulnerability. Zyxel indicated that for AP...

10CVSS6.8AI score0.90049EPSS
Exploits2
NCSC
NCSC
•added 2020/12/22 12:0 a.m.•6 views

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to cause a denial-of-service cause. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6386466...

7.5CVSS6.6AI score0.01695EPSS
Exploits0
NCSC
NCSC
•added 2020/12/22 12:0 a.m.•6 views

Vulnerabilities fixed in HCL Lotus Notes

HCL has fixed two vulnerabilities in Lotus Notes. A malicious party could exploit the vulnerabilities for a Cross-Site-Scripting XSS attack, potentially running arbitrary execute arbitrary scripts in the victim's browser, or for the perform a denial-of-service DoS on the service. HCL has released...

10CVSS6.8AI score0.02226EPSS
Exploits0
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•6 views

Vulnerability fixed in Dell iDRAC

Dell has fixed a vulnerability in iDrac. A malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. iDRAC is a management environment. I...

6.1CVSS6.6AI score0.00991EPSS
Exploits0
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•6 views

Vulnerabilities fixed in LogRhythm SIEM

Vulnerabilities have been fixed in LogRhythm SIEM. The vulnerabilities allow a malicious person to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution Administrator/Root...

10CVSS7.6AI score0.03112EPSS
Exploits1
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•6 views

Vulnerabilities fixed in XStream

Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Manipulation of data Access to sensitive data The vulnerabilities are exploitable only when using the defau...

7.7CVSS6.7AI score0.82392EPSS
Exploits7
NCSC
NCSC
•added 2020/12/15 12:0 a.m.•6 views

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to cause a Denial-of-Service cause and perform a Cross-site scripting attack. F5 has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-5948:...

9.6CVSS6.8AI score0.01261EPSS
Exploits0
NCSC
NCSC
•added 2020/12/11 12:0 a.m.•6 views

Vulnerabilities fixed in ArubaOS

Hewlett Packard has fixed vulnerabilities in ArubaOS. The vulnerability with reference CVE-2020-24637 was known earlier this year become known as "Boothole" NCSC-2020-0614. This vulnerability allows a malicious person with sufficient access to the system to load a rogue kernel. The remaining...

10CVSS7.6AI score0.049EPSS
Exploits0
NCSC
NCSC
•added 2020/12/09 12:0 a.m.•6 views

Vulnerabilities fixed in Citrix Secure Mail

Citrix has fixed vulnerabilities in Citrix Secure Mail. A malicious party can use a rogue app to gain access to the email data and, to a lesser extent, the calendar data stored in the victim's Citrix Secure Mail. The vulnerability is located in Citrix Secure Mail for Android. Citrix Secure Mail f...

6.5CVSS6.6AI score0.02037EPSS
Exploits0
NCSC
NCSC
•added 2020/12/09 12:0 a.m.•6 views

Vulnerability discovered in WildFly

A vulnerability has been discovered in WildFly. The vulnerability allows an unauthenticated remote malicious person to perform a Denial-of-Service to cause. The vulnerability occurs when the application uses the OpenTracing APIs java interceptors. JBoss Community is working on updates...

7.1CVSS7.1AI score0.01109EPSS
Exploits0
NCSC
NCSC
•added 2020/12/09 12:0 a.m.•6 views

Vulnerability fixed in Apache Struts

A vulnerability has been fixed in Apache Struts. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under privileges of the Struts application. To exploit the vulnerability, the OGNL evaluation must be be enabled. Apache has released a new version to fix th...

9.8CVSS8.6AI score0.95922EPSS
Exploits11
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Azure. The vulnerabilities allow a malicious person to bypass security measures. Azure Sphere: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |. |----------------|------|-------------------------------------| |...

9.1CVSS6.5AI score0.0359EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with user privileges. Vulnerabilities related to Visual Studio can only be be exploited by convincing the user to open rogue files. Visual Studio:...

9.4CVSS7.4AI score0.03552EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

There are several vulnerabilities in Microsoft Windows. The vulnerabilities allow a malicious person to: - execute arbitrary code with user privileges; - grant themselves elevated privileges; - circumvent security measures; - gain access to sensitive data; - construct a DNS cache poisoning attack...

9.9CVSS7.3AI score0.27023EPSS
Exploits4
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•6 views

Vulnerabilities fixed in NetApp products

The makers of NetApp products have incorporated new versions of Eclipse Jetty server and Python into their products. With these, the release of sensitive information, the addition or modification of data or denial of service DoS is prevented. Netapp has released updates to fix the vulnerabilities...

9.8CVSS6.8AI score0.08235EPSS
Exploits1
NCSC
NCSC
•added 2020/12/01 12:0 a.m.•6 views

Vulnerabilities fixed in Atlassian Crucible

Atlassian has fixed vulnerabilities in Crucible. The vulnerabilities allow a remote malicious person to perform a denial-of-service. Atlassian has released updates to fix the vulnerabilities. fixes. More information can be found on the pages below: CVE-2020-14190:...

7.5CVSS6.8AI score0.01212EPSS
Exploits0
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•6 views

Vulnerability fixed in Xen

A vulnerability has been fixed in Xen. A malicious person who can execute code in a guest VM under elevated privileges can execute code, could vulnerability could potentially exploit it to cause a denial-of-service on the Xen hypervisor. Potentially, the vulnerability could also be exploited to...

8.8CVSS7AI score0.00373EPSS
Exploits0
NCSC
NCSC
•added 2020/11/16 12:0 a.m.•6 views

Vulnerability fixed in Nagios XI

Nagios has fixed several vulnerabilities in Nagios XI. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root privileges Increased us...

9CVSS7.3AI score0.06119EPSS
Exploits2
NCSC
NCSC
•added 2020/11/13 12:0 a.m.•6 views

Several vulnerabilities fixed in Citrix Hypervisor and XenDesktop

Citrix has fixed vulnerabilities in XenDesktop and Hypervisor. The vulnerabilities in XenDesktop allow a malicious party to to gain elevated privileges on a virtual Windows environment and execute code with SYSTEM privileges. The vulnerability in Hypervisor allows a remote malicious person to abl...

9CVSS8.1AI score0.03336EPSS
Exploits0
NCSC
NCSC
•added 2020/11/13 12:0 a.m.•6 views

Vulnerability fixed in EcoStruxure Control Expert

A vulnerability has been fixed that could cause a crash of the PLC simulator in EcoStruxure Control Expert software when a specially crafted request is received via Modbus. Schneider Electric has made available a firmware update that fixes the vulnerability. For more information, see:...

7.5CVSS6.9AI score0.01272EPSS
Exploits0
NCSC
NCSC
•added 2020/11/12 12:0 a.m.•6 views

Vulnerabilities fixed in McAfee Endpoint

McAfee has fixed vulnerabilities in Endpoint Security for Windows. A malicious party could exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with user privileges through a Cross-Site-Scripting Attack XSS or a Cross-Site-Request-Forgery XSRF. McAfee has released...

8.8CVSS6.9AI score0.00581EPSS
Exploits0
NCSC
NCSC
•added 2020/11/11 12:0 a.m.•6 views

Vulnerabilities fixed in Adobe Connect

Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...

6.1CVSS6.6AI score0.0148EPSS
Exploits0
NCSC
NCSC
•added 2020/11/06 12:0 a.m.•6 views

Vulnerabilities fixed in Apple iOS and iPadOS

Vulnerabilities have been fixed in Apple iOS and iPadOS, including three 0-day vulnerabilities. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Increased user...

9.3CVSS7.1AI score0.22178EPSS
Exploits3
NCSC
NCSC
•added 2020/11/02 12:0 a.m.•6 views

Serious vulnerability fixed in Oracle Weblogic Server

Oracle has released an update for Weblogic Server to fix a serious vulnerability. This new vulnerability is related to the Fusion Middleware vulnerability with attribute CVE-2020-14882, for which an update was released in October. This was described by the NCSC in security advisory NCSC-2020-0858...

10CVSS7.7AI score0.99997EPSS
Exploits43
NCSC
NCSC
•added 2020/10/29 12:0 a.m.•6 views

Vulnerability fixed in Red Hat JBoss

Vulnerabilities have been fixed in JBoss. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing system data Red Hat categorizes these vulnerabilities as "moderate. -= Re...

6.8AI score
Exploits0
NCSC
NCSC
•added 2020/10/28 12:0 a.m.•6 views

Vulnerabilities fixed in SonicWall

Vulnerabilities have been fixed in SonicWall Global VPN Client. The vulnerabilities allow a local malicious person to gain elevated rights and to execute arbitrary code under the user's privileges. SonicWall has released updates to address the vulnerabilities. fixes. More information can be found...

8.6CVSS7.5AI score0.01191EPSS
Exploits0
NCSC
NCSC
•added 2020/10/28 12:0 a.m.•6 views

Vulnerability fixed in FortiOS

A vulnerability has been fixed in FortiOS. The vulnerability allows an authenticated attacker to obtain sensitive data, for example, passwords stored in cleartext. Fortinet has released updates to fix the vulnerability. More information can be found on the page below:...

6.5CVSS6.3AI score0.00569EPSS
Exploits0
NCSC
NCSC
•added 2020/10/28 12:0 a.m.•6 views

Vulnerabilities fixed in Red Hat OpenShift

Vulnerabilities have been fixed in Red Hat OpenShift. The vulnerabilities allow a malicious party to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data -= Red Hat =- Red Hat has...

9.9CVSS9.1AI score0.0473EPSS
Exploits0
NCSC
NCSC
•added 2020/10/28 12:0 a.m.•6 views

Vulnerabilities fixed in Check Point Zone Alarm Extreme Security

Check Point fixed vulnerabilities in Zone Alarm Extreme Security. The vulnerabilities allow a local malicious party to able to delete files restored from an archive and to obtain elevated privileges. Check Point has released a new version to address the vulnerabilities fixes. More information can...

7.8CVSS6.5AI score0.00333EPSS
Exploits0
NCSC
NCSC
•added 2020/10/28 12:0 a.m.•6 views

Vulnerability fixed in FortiClient

A vulnerability has been fixed in FortiClient for Linux. The vulnerability enables a local malicious person who has the ability has the ability to run scripts or programs on the system is able to able to obtain elevated privileges. FortiNet has released updates to fix the vulnerability. More...

8.8CVSS6.3AI score0.00227EPSS
Exploits0
NCSC
NCSC
•added 2020/10/28 12:0 a.m.•6 views

Vulnerabilities fixed in Pulse Secure products for Windows, Linux and Mac

Vulnerabilities have been fixed in Pulse Secure products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security...

9.8CVSS6.5AI score0.9648EPSS
Exploits12
NCSC
NCSC
•added 2020/10/23 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Communications-producton

Oracle has fixed vulnerabilities in Communications Messaging Server. The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS...

5.5CVSS7.2AI score0.0255EPSS
Exploits0
NCSC
NCSC
•added 2020/10/21 12:0 a.m.•6 views

Vulnerability fixed in Adobe Creative Cloud

Adobe has fixed a vulnerability in Creative Cloud. The vulnerability allows a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...

7.8CVSS7.5AI score0.02951EPSS
Exploits0
NCSC
NCSC
•added 2020/10/21 12:0 a.m.•6 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Illustrator. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerabilities. More information can be found on the page below:...

7.8CVSS7.6AI score0.04715EPSS
Exploits0
NCSC
NCSC
•added 2020/10/21 12:0 a.m.•6 views

Vulnerability fixed in Adobe InDesign

Adobe has fixed a vulnerability in InDesign. The vulnerability allows a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...

5.5CVSS7.5AI score0.01799EPSS
Exploits0
NCSC
NCSC
•added 2020/10/19 12:0 a.m.•6 views

Vulnerability fixed in XWiki

A vulnerability has been fixed in XWiki. The vulnerability allows an authenticated malicious person to execute arbitrary code execute arbitrary code under the user's privileges. XWiki has released updates to fix the vulnerability. More information can be found on the page below:...

9CVSS7.4AI score0.03218EPSS
Exploits1
NCSC
NCSC
•added 2020/10/15 12:0 a.m.•6 views

Vulnerabilities fixed in Juniper Junos OS

Juniper Networks has fixed several vulnerabilities in Junos OS. A malicious person, whether remotely authenticated or not, could potentially exploit these vulnerabilities to carry out attacks leading to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

10CVSS7.9AI score0.98745EPSS
Exploits13
NCSC
NCSC
•added 2020/10/14 12:0 a.m.•6 views

Vulnerability fixed in IBM Security Access Manager

IBM has fixed a vulnerability in IBM Security Access Manager in which sessions are not deleted after a user is logged out. A malicious party could potentially reuse the session of a logged out user thereby potentially reuse it and thus gain elevated rights to the vulnerable system. IBM has releas...

6.3CVSS6.7AI score0.00555EPSS
Exploits0
NCSC
NCSC
•added 2020/10/08 12:0 a.m.•6 views

Vulnerability fixed in Cisco Webex Teams for Windows

Cisco has fixed a vulnerability in the Windows client of Cisco Webex Teams. The vulnerability allows a local, authenticated malicious person to execute arbitrary code execute under privileges of other local users. This requires a malicious DLL file must be placed in a specific location of the fil...

8.4CVSS7.2AI score0.00593EPSS
Exploits0
NCSC
NCSC
•added 2020/10/06 12:0 a.m.•6 views

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person remote or otherwise potentially able to carry out attacks leading to the following categories of damage: Remote code execution User rights. Access to sensitive data Access to system data...

10CVSS7.4AI score0.28338EPSS
Exploits2
NCSC
NCSC
•added 2020/10/02 12:0 a.m.•6 views

Vulnerabilities fixed in openSUSE

Vulnerabilities have been fixed in openSUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Access to system data Increased user privileges -= OpenSU...

7.8CVSS6.9AI score0.00492EPSS
Exploits0
NCSC
NCSC
•added 2020/10/01 12:0 a.m.•6 views

Vulnerability fixed in FortiOS

A vulnerability has been fixed in FortiOS. The vulnerability allows an authenticated malicious party the ability to cause a denial-of-service denial-of-service. Fortinet has released updates to fix the vulnerability. More information can be found on the page below:...

6.5CVSS6.5AI score0.01566EPSS
Exploits0
NCSC
NCSC
•added 2020/09/30 12:0 a.m.•6 views

Vulnerability fixed in Dell SonicWall

A vulnerability has been fixed in Dell SonicWall. It involves a domain name collision vulnerability. The web interface of SonicWall makes it possible for an attacker to obtain information about domain names used on an organization's internal network. organization. The attacker can register a foun...

5.3CVSS6.4AI score0.00985EPSS
Exploits0
NCSC
NCSC
•added 2020/09/25 12:0 a.m.•6 views

Vulnerabilities fixed in FortiOS

Vulnerabilities have been fixed in FortiOS. The vulnerabilities allow an authenticated remote malicious agent to opportunity to cause a denial-of-service via an SSL VPN. To exploit the vulnerability, a number of non-standard settings must have been made. FortiNet categorizes these vulnerabilities...

8.8CVSS6.6AI score0.00862EPSS
Exploits0
NCSC
NCSC
•added 2020/09/25 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco IOS and IOS XE

Vulnerabilities have been fixed in Cisco IOS and IOS XE. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Circumvention of security measure Remot...

9.1CVSS7.5AI score0.02226EPSS
Exploits0
NCSC
NCSC
•added 2020/09/25 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco Aironet

Vulnerabilities have been fixed in Cisco Aironet. The vulnerabilities allow a malicious party to launch attacks that lead to a denial-of-service DoS. After a successful attack, the affected device recover itself. Cisco has released updates to fix the vulnerabilities. More information can be found...

8.6CVSS6.7AI score0.01415EPSS
Exploits0
NCSC
NCSC
•added 2020/09/25 12:0 a.m.•6 views

Vulnerability fixed in F5 BIG-IP and BIG-IQ

A vulnerability has been fixed in F5 BIG-IP and BIG-IQ products. The vulnerability allows a malicious party to launch attacks execute attacks that lead to a denial-of-service DoS. F5 has released updates to fix the vulnerability. More information can be found on the page below:...

7.5CVSS6.7AI score0.01092EPSS
Exploits0
NCSC
NCSC
•added 2020/09/24 12:0 a.m.•6 views

Vulnerabilities fixed in Pulse Secure

Vulnerabilities have been fixed in Pulse Secure. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to system data Pulse Secure has released updates to address the...

7.2CVSS6.8AI score0.90759EPSS
Exploits2
Total number of security vulnerabilities4189