Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2020/09/14 12:0 a.m.•6 views

Vulnerabilities fixed in Samsung Mobile

Samsung has fixed several vulnerabilities in its Android distribution. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...

10CVSS8.2AI score0.02821EPSS
Exploits3
NCSC
NCSC
•added 2020/09/14 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel

Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...

9.8CVSS6.8AI score0.12651EPSS
Exploits13
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•6 views

Vulnerabilities discovered in HMI Panels

Because SIMATIC HMI panels do not properly handle repeated login attempts correctly, they are susceptible to Brute-force attacks. A malicious party can use them to retrieve user names and passwords find out and thus issue random commands with permissions from the affected user account. To exploit...

9.8CVSS7.2AI score0.01477EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•6 views

Multiple vulnerabilities fixed in Microsoft browsers

There are multiple vulnerabilities in the Scripting Engine, Microsoft Edge and Microsoft Internet Explorer. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code or to obtain elevated privileges. The vulnerability with the highest rating has the attribute...

9.3CVSS7.1AI score0.03741EPSS
Exploits0
NCSC
NCSC
•added 2020/09/03 12:0 a.m.•6 views

Vulnerability fixed in Ansible

A vulnerability has been fixed in Ansible. The vulnerability allows a malicious person to bypass a security measure. To exploit the vulnerability, the malicious party must get a system administrator to get a rogue installation package to install. Ansible has released updates to fix the...

7.1CVSS6.5AI score0.00233EPSS
Exploits0
NCSC
NCSC
•added 2020/08/31 12:0 a.m.•6 views

Vulnerability fixed in Cisco IOS XR

Cisco has fixed a vulnerability in the Distance Vector Multicast Routing Protocol DVMRP functionality in IOS XR. The vulnerability allows an unauthenticated remote malicious person able to cause a Denial-of-Service on the vulnerable device. To do so, the malicious party needs to send rogue IGMP...

8.6CVSS6.8AI score0.03631EPSS
Exploits0
NCSC
NCSC
•added 2020/08/24 12:0 a.m.•6 views

Vulnerability fixed in Apache SOLR

SOLR's developers have fixed a vulnerability. The vulnerability allows a malicious party to gain access to sensitive data because the API of the Replication Handler accepts any location as the target location of the backup, restore and deletebackup commands. This allows a malicious party can...

8.8CVSS7AI score0.03805EPSS
Exploits0
NCSC
NCSC
•added 2020/08/11 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft browsers

Microsoft has fixed several vulnerabilities in Internet Explorer and Edge. All of the vulnerabilities allow a malicious person to able to execute arbitrary code in the context of the user when he manages to trick the user into opening a malicious Web site or document to open. Below is an overview...

9.3CVSS6.8AI score0.24188EPSS
Exploits0
NCSC
NCSC
•added 2020/08/11 12:0 a.m.•6 views

Vulnerability fixed in TeamViewer

A vulnerability has been fixed in TeamViewer. The vulnerability allows an unauthenticated remote malicious party to opportunity to cause TeamViewer to send out an NTLM request. The malicious party to do this must induce the victim to visit a rogue website. The NTLM request can be captured by the...

8.8CVSS6.9AI score0.25895EPSS
Exploits2
NCSC
NCSC
•added 2020/07/16 12:0 a.m.•6 views

Vulnerabilities fixed in Jenkins

Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...

8.8CVSS6.5AI score0.01433EPSS
Exploits0
NCSC
NCSC
•added 2020/07/16 12:0 a.m.•6 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data -= Apple =- Apple has made...

10CVSS7.4AI score0.08036EPSS
Exploits3
NCSC
NCSC
•added 2020/07/07 12:0 a.m.•6 views

Vulnerabilities fixed in MobileIron

MobileIron has fixed multiple vulnerabilities in MobileIron Core and Sentry. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Bypassing authentication Remote code execution Accessing sensitive data MobileIron has made little...

9.8CVSS7AI score0.99737EPSS
Exploits4
NCSC
NCSC
•added 2020/06/18 12:0 a.m.•6 views

Vulnerability fixed in Pulse Secure Client for Windows

A vulnerability has been fixed in Pulse Secure Client for Windows. The vulnerability allows a locally authenticated malicious party the ability to obtain elevated SYSTEM privileges. obtain. Security researcher Red Timmy Security has published a write-up regarding the vulnerability published at:...

7CVSS6.5AI score0.00793EPSS
Exploits3
NCSC
NCSC
•added 2020/06/17 12:0 a.m.•6 views

Vulnerabilities fixed in libexif

Several vulnerabilities have been fixed in libexif. A local malicious party could potentially exploit the vulnerabilities to gain access to sensitive information or obtain of elevated privileges on the vulnerable system. In addition, a remote malicious party could potentially exploit the...

9.1CVSS6.8AI score0.04262EPSS
Exploits0
NCSC
NCSC
•added 2020/05/09 12:0 a.m.•6 views

Vulnerabilities fixed in VMware vRealize Operations Manager

There are two vulnerabilities in VMware vRealize Operations Manager. These vulnerabilities, if exploited, can lead to the execute arbitrary code with administrator privileges on the Application Remote Collector ARC and all virtual systems on which an ARC Telegraph agent is installed. VMWare has...

9.8CVSS9.9AI score0.96405EPSS
Exploits25
NCSC
NCSC
•added 2020/03/11 12:0 a.m.•6 views

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious party to perform Cross-Site Scripting and cause a Denial-of-Service. To exploit the vulnerabilities, the malicious party must have access to the production network. It is good practice the production networ...

7.8CVSS6.7AI score0.01448EPSS
Exploits1
NCSC
NCSC
•added 2020/02/11 12:0 a.m.•6 views

Vulnerability fixed in Microsoft SQL Server Reporting Services

There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to improper processing of page requests. If successfully exploited, the vulnerability allows an authenticated remote malicious person to execute arbitrary execu...

8.8CVSS7.9AI score0.99046EPSS
Exploits14
NCSC
NCSC
•added 2019/11/14 12:0 a.m.•6 views

Vulnerability discovered in F5 BIG-IP and BIG-IQ

F5 has discovered a vulnerability in BIG-IP and BIG-IQ products. The vulnerability is located in lodash version 4.17.12, a javascript programming library. A malicious person with access to the Traffic Management User Interface TMUI or the iControl REST API could exploit the vulnerability to execu...

9.1CVSS7.2AI score0.05006EPSS
Exploits2
NCSC
NCSC
•added 2019/11/13 12:0 a.m.•6 views

Vulnerability fixed in TNEF

A new patch of TNEF has been released, in which a vulnerability has been fixed. The vulnerability allows a malicious person able to execute arbitrary code under the privileges of the user. TNEF has made available a patch that fixes the vulnerability. fix. More information can be found on the...

5.5CVSS7.5AI score0.01203EPSS
Exploits1
NCSC
NCSC
•added 2019/06/11 12:0 a.m.•6 views

Vulnerability fixed in glib

A vulnerability has been fixed for Glib in Ubuntu. The vulnerabilities allow a malicious person to perform attacks that lead to the following categoriesn of damage: - Denial-of-Service DoS; - Manipulation of data; - Circumvention of security measure; - Access to sensitive data; - Access to system...

9.8CVSS6.5AI score0.02602EPSS
Exploits0
NCSC
NCSC
•added 2026/06/16 1:30 p.m.•5 views

Kwetsbaarheid verholpen in Cisco Catalyst SD-WAN Manager

Cisco has identified a vulnerability in the Cisco Catalyst SD-WAN Manager. This vulnerability resides in the web user interface of the Cisco Catalyst SD-WAN Manager and involves a directory traversal flaw. This flaw is caused by improper input validation during the file upload process. An...

6.5CVSS6AI score0.07683EPSS
Exploits2References1
NCSC
NCSC
•added 2026/04/22 12:56 p.m.•5 views

vulnerabilities present in Oracle E-Business Suite

Oracle has identified vulnerabilities in the Oracle E-Business Suite. These vulnerabilities exist in various components of the Oracle E-Business Suite, including Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning, and Oracle Flow...

9.8CVSS6.7AI score0.01916EPSS
Exploits4References1
NCSC
NCSC
•added 2026/03/26 9:50 a.m.•5 views

Vulnerabilities fixed in Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS XE Software, specifically for several products such as Catalyst 9000 Series Switches, Catalyst CW9800 Family, and Cisco Meraki. The vulnerabilities include several issues, such as a memory leak in the IKEv2 implementation, vulnerabilities in the DHCP...

8.6CVSS5.8AI score0.00354EPSS
Exploits0References11
NCSC
NCSC
•added 2026/03/23 1:43 p.m.•5 views

Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway

Citrix has fixed vulnerabilities in their software related to insufficient input validation and a race condition in session management. The input validation vulnerability occurs because the software does not correctly check for input sizes or limits, which can lead to memory overreads. This can...

9.8CVSS5.8AI score0.83996EPSS
Exploits7References1
NCSC
NCSC
•added 2026/03/12 7:24 a.m.•5 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Quotation Management Insurance and SAP NetWeaver. Some of the fixed vulnerabilities are in third-party products - such as Oracle - that are incorporated into SAP products. The vulnerabilities include a code injection flaw, missing...

9.8CVSS5.9AI score0.6906EPSS
Exploits3References1
NCSC
NCSC
•added 2025/12/24 9:14 a.m.•5 views

Vulnerabilities fixed in Foxit PDF Reader

Foxit has fixed vulnerabilities in Foxit PDF Reader Specifically for versions prior to 2025.2.1, 14.0.1 and 13.2.1 on Windows and macOS. The vulnerabilities include a local privilege escalation, a use-after-free vulnerability and a memory corruption related to insufficient boundary checking when...

8.8CVSS7.8AI score0.00255EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/27 1:35 p.m.•5 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in its Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated users to cause Denial of Service DoS conditions by submitting malicious JSON requests. In addition, unauthenticated users could join arbitra...

7.7CVSS7AI score0.00443EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/12 12:17 p.m.•5 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Adobe Photoshop Desktop versions 26.8.1 and earlier. The vulnerability is in the way Adobe Photoshop handles files. This vulnerability can lead to arbitrary code execution when a user opens a malicious file. Adobe has released updates to fix the vulnerability. S...

7.8CVSS7.6AI score0.0029EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/11 6:33 p.m.•5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixed vulnerabilities in Dynamics The vulnerabilities are in Dynamics 365 On Premise and Dynamics Field Service and allow a malicious person to access sensitive data, or impersonate another user. Microsoft has made updates available that fix the described vulnerabilities. We encourage y...

8.7CVSS5.5AI score0.00865EPSS
Exploits0
NCSC
NCSC
•added 2025/10/31 9:31 a.m.•5 views

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox Specific for versions before 144.0.2 The vulnerability is in how a compromised child process can exploit a use-after-free issue in the GPU or browser process via WebGPU-related IPC calls. This can lead to a sandbox escape, which compromises the browser...

9.8CVSS7.7AI score0.00308EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/14 6:27 p.m.•5 views

Vulnerabilities fixed in Microsoft System Center

Microsoft has fixed vulnerabilities in System Center Configuration Manager. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, potentially gaining access to sensitive data or executing arbitrary code with elevated privileges. For successful misuse, the...

8.4CVSS7.3AI score0.00622EPSS
Exploits0
NCSC
NCSC
•added 2025/10/14 6:16 p.m.•5 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange Server. A malicious person could exploit the vulnerabilities to impersonate another user and grant themselves elevated privileges. For successful abuse, the malicious party must have prior authentication. Microsoft has made updates available that fi...

8.8CVSS6.8AI score0.00922EPSS
Exploits0
NCSC
NCSC
•added 2025/09/11 8:18 a.m.•5 views

Vulnerabilities fixed in Cisco NX-OS Software

Cisco has fixed vulnerabilities in Cisco NX-OS Software for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software, including IS-IS, PIM6, logging, command-line interface CLI, and the REST API of the Nexus Dashboard. These vulnerabilities can ...

7.4CVSS7.2AI score0.03221EPSS
Exploits0References6
NCSC
NCSC
•added 2025/08/29 8:37 a.m.•5 views

Vulnerability fixed in FreePBX

FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...

10CVSS7.9AI score0.93286EPSS
Exploits20References2
NCSC
NCSC
•added 2025/08/27 1:10 p.m.•5 views

Vulnerabilities fixed in IBM Cognos Command Center

IBM has fixed vulnerabilities in IBM Cognos Command Center Versions 10.2.4.1 and 10.2.5. The vulnerabilities in IBM Cognos Command Center allow malicious actors to hijack victims' click actions by tricking them into navigating to a malicious Web site. This can lead to further attacks that...

9.3CVSS7.1AI score0.00336EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/14 7:0 a.m.•5 views

Vulnerabilities fixed in Xerox FreeFlow Core

Xerox has fixed vulnerabilities in Xerox FreeFlow Core. The vulnerabilities include a Path Traversal vulnerability that can be exploited by attackers to gain access to unauthorized files, leading to Remote Code Execution RCE. There is also a vulnerability due to improper processing of XML input,...

9.8CVSS7.9AI score0.14723EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 10:0 a.m.•5 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Desktop Versions 12.3, 8 and earlier. The vulnerability is in how Photoshop Desktop handles opening maliciously crafted files. This vulnerability allows attackers to execute arbitrary code within the application. Adobe has released updates to fix the...

7.8CVSS7.7AI score0.00227EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/06 1:21 p.m.•5 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in the Apex One management console. The vulnerability in the management console allows a remote attacker without authentication to arbitrarily upload code and execute commands on affected installations. Both CVEs are similar, it just affects different CPU...

9.8CVSS8AI score0.20253EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/06 7:55 a.m.•5 views

Vulnerabilities fixed in Rockwell Automation Arena

Rockwell Automation has fixed vulnerabilities in Arena Simulation. The vulnerabilities are in the way Arena Simulation processes files, with this it is possible to manipulate and read memory. The vulnerabilities allow malicious actors to reveal sensitive information and execute arbitrary code whe...

8.7CVSS7.5AI score0.00283EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/23 7:46 a.m.•5 views

Vulnerabilities fixed in Cisco ISE and ISE-PIC

Cisco has fixed vulnerabilities in Cisco ISE and ISE-PIC. The vulnerabilities are in the way Cisco ISE and ISE-PIC process files through APIs and validate user input. Unauthenticated attackers with access to the API interface can exploit these vulnerabilities to upload and execute arbitrary files...

10CVSS8.1AI score0.96732EPSS
Exploits12References1
NCSC
NCSC
•added 2025/07/11 9:58 a.m.•5 views

Vulnerabilities fixed in Zoom Clients

Zoom has fixed vulnerabilities in Zoom Clients Specifically versions for Linux, Windows, iOS and macOS. The vulnerabilities include incorrect certificate validation in Zoom Workplace for Linux, a buffer overflow in specific Zoom Clients for Windows, cross-site scripting in Zoom Clients for Window...

9.1CVSS6.8AI score0.00569EPSS
Exploits0References6
NCSC
NCSC
•added 2025/07/11 9:57 a.m.•5 views

Vulnerability fixed in Juniper SRX300 Series

Juniper has fixed a vulnerability in the Routing Protocol Daemon rpd of its Junos OS, specifically for the SRX300 Series. The vulnerability is in how the Routing Protocol Daemon rpd on vulnerable SRX300 Series systems processes BGP updates. Unauthenticated attackers can send a specially crafted B...

8.7CVSS6.8AI score0.00457EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/08 6:24 p.m.•5 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure Service Fabric and Monitor Agent. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or to execute arbitrary code. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS...

7.5CVSS7.1AI score0.00839EPSS
Exploits0
NCSC
NCSC
•added 2025/07/03 7:43 a.m.•5 views

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...

10CVSS7.8AI score0.01061EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/20 11:4 a.m.•5 views

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to version 7.5.0 Update Package 12. The vulnerabilities include an ability for an authorized user to modify critical configuration files, which could lead to uploading malicious autoupdate files and executing arbitrary commands within the...

9.1CVSS7AI score0.0047EPSS
Exploits0References1
NCSC
NCSC
•added 2025/06/05 10:25 a.m.•5 views

Vulnerability fixed in Cisco Identity Services Engine for cloud platforms

Cisco has fixed a vulnerability in Identity Services Engine ISE for cloud platforms. The vulnerability involves a flaw in automatic password generation when Cisco ISE is installed on a cloud platform. This causes the same passwords to be used in different ISE cloud environments. This allows an...

9.9CVSS7AI score0.01046EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/27 11:42 a.m.•5 views

Vulnerability fixed in Siemens SiPass Integrated

Siemens has fixed a vulnerability in SiPass Integrated. The vulnerability is in the server applications of the SiPass Integrated system, specifically in the way it handles out-of-bounds reads. This can lead to a denial-of-service DoS, compromising the availability of services that depend on the...

8.7CVSS6.9AI score0.00577EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/22 8:14 a.m.•5 views

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Cisco Identity Services Engine ISE. The vulnerability is in the way Cisco ISE handles RADIUS messages. Unauthenticated remote attackers can exploit this vulnerability, which can lead to a denial-of-service DoS situation on affected devices, compromising their...

8.6CVSS8.5AI score0.00667EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/22 8:13 a.m.•5 views

Vulnerabilities fixed in Cisco Webex

Cisco has fixed vulnerabilities in Cisco Webex. The vulnerabilities are in the way Cisco Webex filters user input. Unauthenticated attackers can exploit these vulnerabilities to perform cross-site scripting XSS attacks by convincing users to click on malicious links. Such an attack can lead to...

6.1CVSS6.5AI score0.00257EPSS
Exploits0References1
NCSC
NCSC
•added 2025/05/21 9:12 a.m.•5 views

Vulnerabilities fixed in VMware Cloud Foundation

Broadcom has fixed vulnerabilities in VMware Cloud Foundation. The vulnerabilities include a directory traversal vulnerability that allows unauthorized access to internal services by attackers with network access to port 443. In addition, a vulnerability that could expose sensitive information to...

8.2CVSS8.7AI score0.00642EPSS
Exploits0References1
Total number of security vulnerabilities4189