Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2022/08/09 12:0 a.m.•5 views

Vulnerabilities discovered in Siemens products

Vulnerabilities have been discovered in several Siemens industrial products. A malicious party could potentially exploit them to cause a denial-of-service, to execute code execute code in the scope of the application, or possibly open a root/admin shell to open on the vulnerable system. The...

9.1CVSS7.5AI score0.01437EPSS
Exploits0
NCSC
NCSC
•added 2022/08/01 12:0 a.m.•5 views

Vulnerability fixed in SonicWall Hosted Email Security

SonicWall has fixed a vulnerability in Hosted Email Security. An unauthenticated malicious person could exploit it to bypass the Capture ATP service, thereby bypass the functionality of the product. SonicWall has released updates to fix the vulnerability in Hosted Email Security 10.0.18.7423. For...

7.5CVSS6.9AI score0.00552EPSS
Exploits0
NCSC
NCSC
•added 2022/07/27 12:0 a.m.•5 views

Vulnerability fixed in Citrix ADC and Citrix Gateway

A vulnerability has been fixed in Citrix ADC and Citrix Gateway. The vulnerability allows a remote malicious party to redirect a potential victim via the Citrix application to be redirected to a malicious website, allowing the application, for example, to be abused in phishing attacks. By using t...

6.1CVSS6.9AI score0.00399EPSS
Exploits0
NCSC
NCSC
•added 2022/07/25 12:0 a.m.•5 views

Vulnerabilities fixed in Scooter Software Beyond Compare

Vulnerabilities have been fixed in Scooter Software Beyond Compare. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code under the SYSTEM user's privileges and the obtain elevated user privileges. For the vulnerability with attribute CVE-2022-36414, it is only...

7.8CVSS7.6AI score0.00212EPSS
Exploits0
NCSC
NCSC
•added 2022/07/21 12:0 a.m.•5 views

Vulnerabilities fixed in Drupal

Drupal developers have fixed multiple vulnerabilities in Drupal core. The vulnerabilities can lead to the following categories of damage: Remote code execution Administrator/Root permissions. Access to sensitive data Increased user privileges Cross-Site Scripting XSS The vulnerability with...

7.5CVSS7.2AI score0.01422EPSS
Exploits0
NCSC
NCSC
•added 2022/07/20 12:0 a.m.•5 views

Vulnerabilities fixed in Zyxel products

Zyxel has fixed several vulnerabilities in a number of products, including USG and ATP firewalls. A malicious party could vulnerabilities potentially exploit them to obtain higher permissions or obtain sensitive information through a path traversal. To exploit the vulnerabilities, the malicious...

7.8CVSS6.8AI score0.01117EPSS
Exploits4
NCSC
NCSC
•added 2022/07/20 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Primavera

Oracle has fixed vulnerabilities in the following products: Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera Unifier The vulnerabilities potentially enable a malicious party to execute attacks that lead to denial-of-service DoS. An overview of all fixed...

7.5CVSS6.6AI score0.0486EPSS
Exploits1
NCSC
NCSC
•added 2022/07/13 12:0 a.m.•5 views

Vulnerabilities fixed in Citrix Hypervisor

Vulnerabilities have been fixed in Citrix Hypervisor and Citrix XenServer. The vulnerabilities potentially enable a malicious party to able to derive memory content from another virtual machine. These vulnerabilities are only present when the vulnerable products are used on AMD Zen 1 or AMD Zen 2...

6.5CVSS6AI score0.00772EPSS
Exploits0
NCSC
NCSC
•added 2022/07/11 12:0 a.m.•5 views

Fixed vulnerabilities in IBM MQ (Operator and Queue manager)

IBM has fixed multiple vulnerabilities in supporting software provided with IBM MQ Operator and Queue manager. The vulnerabilities are in the Golang software provided. A malicious party could potentially exploit the vulnerabilities to obtain increased user privileges, sensitive data and/or...

7.5CVSS9.5AI score0.06934EPSS
Exploits4
NCSC
NCSC
•added 2022/06/22 12:0 a.m.•5 views

Vulnerabilities fixed in Dell SupportAssistant

Vulnerabilities have been fixed in Dell SupportAssist. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Remote code execution User Rights Access to system data Increased...

9.6CVSS6.8AI score0.01091EPSS
Exploits0
NCSC
NCSC
•added 2022/06/22 12:0 a.m.•5 views

Vulnerability fixed in RealVNC VNC Server

RealVNC has fixed a vulnerability in VNC Server for Windows. A local, authenticated malicious party can exploit the exploit the vulnerability to obtain elevated privileges on the system on which VNC Server is installed. The vulnerability is caused by an installation file executing files in %TEMP%...

7.8CVSS6.7AI score0.0066EPSS
Exploits1
NCSC
NCSC
•added 2022/06/14 12:0 a.m.•5 views

Vulnerabilities fixed in TYPO3

Vulnerabilities have been fixed in TYPO3. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data TYPO3 has released updates to address the...

7.2CVSS6.2AI score0.01165EPSS
Exploits0
NCSC
NCSC
•added 2022/06/03 12:0 a.m.•5 views

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. Credentials of users are printed in readable text in the IBM Spectrum Protect Plus virgo log file. IBM has released updates to fix the vulnerabilities in Spectrum Protect Plus 10.1.0.0-10.1.9.32. For more information, see:...

7.5CVSS6.8AI score0.00658EPSS
Exploits0
NCSC
NCSC
•added 2022/06/02 12:0 a.m.•5 views

Vulnerabilities fixed in HPE ProLiant Intel BIOS

Vulnerabilities have been fixed in the Intel BIOS of HPE ProLiant DX servers. The vulnerabilities in DX Gen 10 servers with features DX170r, DX190r, DX360, DX380, DX560 and DX4200 allow a local malicious person able to obtain sensitive information or increase privileges. HPE has made updates...

7.8CVSS6.7AI score0.00268EPSS
Exploits0
NCSC
NCSC
•added 2022/06/01 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Multiple vulnerabilities have been fixed in the Red Hat OpenShift Container Platform. These vulnerabilities allow an attacker to able to perform a Cross-Site Scripting XSS attack on the subversion plugin of Jenkins or a denial-of-service DoS in GoLang. Red Hat has made updates available for Red H...

7.5CVSS6.4AI score0.7855EPSS
Exploits0
NCSC
NCSC
•added 2022/05/30 12:0 a.m.•5 views

Zero-day vulnerability discovered in Microsoft Word

A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...

7.1AI score
Exploits0
NCSC
NCSC
•added 2022/05/20 12:0 a.m.•5 views

Vulnerability fixed in Oracle E-Business suite

Oracle has fixed a vulnerability in Oracle E-Business Suite. A malicious party could use the vulnerability to access gain access to sensitive information. The malicious party does not need prior authentication to do so. Oracle indicates that the vulnerability is not present in the Oracle SaaS clo...

7.5CVSS6.8AI score0.70589EPSS
Exploits1
NCSC
NCSC
•added 2022/05/19 12:0 a.m.•5 views

Vulnerabilities fixed in VMWare products

VMware has fixed two vulnerabilities in Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager. An unauthenticated malicious person with access to the management environment could potentially exploit the vulnerabilities to gain gain...

9.8CVSS7.3AI score0.52813EPSS
Exploits11
NCSC
NCSC
•added 2022/05/18 12:0 a.m.•5 views

Vulnerabilities fixed in NVIDIA drivers

NVIDIA has fixed vulnerabilities in its GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution Administrator/Root privileges Increased user privileges The...

9.9CVSS7.6AI score0.01492EPSS
Exploits0
NCSC
NCSC
•added 2022/05/13 12:0 a.m.•5 views

Vulnerability fixed in Check Point Endpoint Security Client

Check Point has fixed a vulnerability in Check Point Endpoint Security Client for Windows. A local malicious agent could exploit the vulnerability to obtain elevated privileges and then execute arbitrary code under those privileges. To do so, the malicious party must place rogue files in a...

7.8CVSS7.5AI score0.04076EPSS
Exploits0
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•5 views

Vulnerability fixed in Dell iDRAC9

Dell has fixed a vulnerability in iDRAC9.The vulnerability allows an unauthenticated malicious party to bypass authentication bypass authentication and gain access to the VNC console. Dell has released updates to fix the vulnerability. For more information, see:...

10CVSS7.2AI score0.53824EPSS
Exploits0
NCSC
NCSC
•added 2022/05/11 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Framemaker. The vulnerabilities allow a malicious party to cause a denial-of-service or execute arbitrary code under privileges of the application. To do this, the malicious party must persuade the victim to open a rogue file. Adobe has released updates to fix t...

9.3CVSS7.4AI score0.02459EPSS
Exploits0
NCSC
NCSC
•added 2022/05/11 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Enterprise Linux kernel

Oracle has fixed vulnerabilities in the Oracle Linux kernel. The vulnerabilities allow a local malicious person to cause a denial-of-service, obtain elevated privileges or gain access to system information. Successful exploit requires authentication. -= Oracle =- Oracle has made updates available...

8.6CVSS6.6AI score0.05524EPSS
Exploits15
NCSC
NCSC
•added 2022/05/10 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Azure

A vulnerability has been fixed in Microsoft Azure. The vulnerability allows an authenticated malicious person to execute arbitrary code. The vulnerability is in a driver used to run in Azure Synapse pipelines and Azure Data Factory Integration Runtime IR to connect to Amazon Redshift. The malicio...

7.8CVSS7AI score0.03686EPSS
Exploits0
NCSC
NCSC
•added 2022/05/10 12:0 a.m.•5 views

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure...

9.8CVSS8.1AI score0.60122EPSS
Exploits3
NCSC
NCSC
•added 2022/05/10 12:0 a.m.•5 views

Vulnerability fixed in ecdsautils

Debian has fixed a vulnerability in ecdsautils. This is a library used for cryptographic applications based based on ECDSA. The vulnerability is in functionality for validating of ECDSA signatures. The flaw causes an application considers specially crafted signatures to be valid when they are not...

10CVSS7.1AI score0.48235EPSS
Exploits6
NCSC
NCSC
•added 2022/05/06 12:0 a.m.•5 views

Vulnerabilities fixed in Splunk

Vulnerabilities have been fixed in Splunk. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Access to system data Increased user privileges Updates have been...

8.8CVSS6.5AI score0.0139EPSS
Exploits0
NCSC
NCSC
•added 2022/04/29 12:0 a.m.•5 views

Vulnerabilities fixed in Zoom

Vulnerabilities have been fixed in Zoom. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Access to sensitive data Increased user privileges Zoom has released updates to fix...

7.9CVSS6.7AI score0.00975EPSS
Exploits0
NCSC
NCSC
•added 2022/04/25 12:0 a.m.•5 views

Vulnerability fixed in WSO2 products

A serious vulnerability has been fixed in several products of WSO2. A malicious person with access to the network can exploit the exploit the vulnerability to execute arbitrary code or gain access to sensitive data. Public exploit code is available. This exploit code allows a remote malicious par...

10CVSS7.5AI score0.99999EPSS
Exploits22
NCSC
NCSC
•added 2022/04/25 12:0 a.m.•5 views

Vulnerabilities fixed in Dell PowerEdge Server

Vulnerabilities have been fixed in Dell PowerEdge Server. The vulnerabilities are located in the Broadcom Emulex HBA Manager/OneCommand Manager used in Dell PowerEdge Servers. The vulnerabilities allow a remote malicious person to able to launch attacks that result in the following categories of...

9.8CVSS7.4AI score0.02355EPSS
Exploits1
NCSC
NCSC
•added 2022/04/21 12:0 a.m.•5 views

Vulnerability fixed in Kibana

A vulnerability has been fixed in Kibana. A malicious party could potentially exploit the vulnerability to obtain sensitive information. The vulnerability is not in the default configuration. Only Kibana installations that explicitly use Elastic Stack monitoring are potentially vulnerable. Elasti...

5.3CVSS6.6AI score0.00863EPSS
Exploits0
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•5 views

Vulnerabilities fixed in OpenJPEG

Vulnerabilities have been fixed in OpenJPEG. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data -= openSUSE =- The developers of openSUSE have made updates...

8.8CVSS7.8AI score0.04932EPSS
Exploits7
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•5 views

Vulnerability fixed in Veritas NetBackup OpsCenter and OpsCenter Analytics

A vulnerability has been fixed in Veritas NetBackup OpsCenter and OpsCenter Analytics. The vulnerability allows an authenticated remote malicious person able to perform Cross-Site ScriptingXSS. execution. Veritas has made mitigation measures and updates available to fix the vulnerability. For mor...

5.4CVSS6.8AI score0.00438EPSS
Exploits0
NCSC
NCSC
•added 2022/04/15 12:0 a.m.•5 views

Vulnerabilities fixed in McAfee Agent

Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially enable a malicious party to gain elevated privileges or access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. McAfee has made updates available to address t...

8.4CVSS7.9AI score0.00936EPSS
Exploits2
NCSC
NCSC
•added 2022/04/14 12:0 a.m.•5 views

Vulnerability fixed in PAN-OS

A vulnerability has been fixed in PAN-OS. A malicious person with access to the DNS proxy feature of PAN-OS software could use a Man-in-the-Middle MITM method specifically crafted traffic to the firewall causing the service to be unexpectedly restarted. restart. The vulnerability is in the...

5.9CVSS6.8AI score0.00704EPSS
Exploits0
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•5 views

Vulnerability fixed in HAProxy

A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...

7.5CVSS6.8AI score0.16563EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in supporting products of Azure. A malicious party could potentially exploit them to appropriate elevated privileges and gain access gain access to sensitive data. The vulnerabilities in Azure Site Recovery are located specifically in the VMWare-to-Azure and...

7.2CVSS6.6AI score0.02306EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Windows Defender

A vulnerability has been fixed in Microsoft Windows Defender. A malicious party can exploit this vulnerability to cause a denial-of-service. This requires a user to be tricked into handling a rogue file on the system. Windows Defender: |----------------|------|------------------------------------...

5.5CVSS6.1AI score0.02713EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Dynamics

A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

9CVSS7.5AI score0.02776EPSS
Exploits0
NCSC
NCSC
•added 2022/04/07 12:0 a.m.•5 views

Vulnerabilities fixed in FortiClient

Vulnerabilities have been fixed in FortiClient for Linux and Windows. The vulnerabilities allow a local malicious agent to to gain access to system data and obtain elevated privileges. Fortinet has released updates to fix the vulnerability. More information can be found on the pages below:...

8.8CVSS6.7AI score0.00888EPSS
Exploits0
NCSC
NCSC
•added 2022/03/30 12:0 a.m.•5 views

Vulnerabilities fixed in Salt

Several vulnerabilities have been fixed in Salt. The vulnerabilities allow a malicious person to perform the following attacks execute: - altering piller data sent by the master to the minion - denial-of-service on a minion process by impersonating a rogue master - resending file server...

8.8CVSS7AI score0.01586EPSS
Exploits0
NCSC
NCSC
•added 2022/03/25 12:0 a.m.•5 views

Vulnerability found in Atlassian Confluence Datacenter

A vulnerability has been found in Atlassian Confluence Datacenter. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code. Confluence Datacenter systems are only vulnerable when using the cluster functionality. Confluence...

8.1CVSS6.9AI score0.03711EPSS
Exploits1
NCSC
NCSC
•added 2022/03/25 12:0 a.m.•5 views

Vulnerability fixed in SonicOS

SonicWall has fixed a vulnerability in SonicOS. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service, and potentially execute arbitrary code execute arbitrary code in the firewall process. SonicWall has released updates to fix the vulnerability in SonicO...

9.8CVSS7.6AI score0.57324EPSS
Exploits3
NCSC
NCSC
•added 2022/03/23 12:0 a.m.•5 views

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6560040...

6.5CVSS6.6AI score0.00945EPSS
Exploits0
NCSC
NCSC
•added 2022/03/21 12:0 a.m.•5 views

Vulnerability fixed in IBM Specturm Protect

IBM has fixed a vulnerability in Spectrum Protect Server. By exploiting this vulnerability obtain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Server 8.1.14.100. For more information, see:...

9CVSS6.7AI score0.02125EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•5 views

Vulnerabilities fixed in Bareos

Vulnerabilities have been fixed in Bareos. The vulnerability with reference CVE-2022-24755 can be exploited to bypass authentication. circumvention. To exploit this vulnerability, the Bareos Director must be configured with PAM as the authentication agent. The vulnerability with attribute...

9.8CVSS7.1AI score0.01996EPSS
Exploits2
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•5 views

Vulnerabilities fixed in CyberArk Privileged Session Manager and Password Vault Manager

Vulnerabilities have been fixed in the CyberArk Privileged Session Manager and Password Vault Manager. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to...

7.5AI score
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•5 views

Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of several Dell products. The vulnerabilities make it possible for a local malicious person with elevated privileges to execute code while the system is active in System Management Mode SMM. Dell has made updates available to fix the vulnerabilities fix...

8.2CVSS7AI score0.00275EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•5 views

Vulnerabilities fixed in Sophos SG UTM

Vulnerabilities have been fixed in Sophos SG UTM. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data Sophos has fixed the vulnerabilities in SG UTM version 9.710. More...

8.8CVSS9.6AI score0.11296EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•5 views

Vulnerability fixed in ARM, AMD and Intel processors

Researchers at VU Amsterdam have found a new variant of the Spectre vulnerability. The researchers have dubbed the attack Branch History Injection. Previous mitigation for Spectre v2 is not sufficient to fully fix the vulnerability, according to the researchers. According to the researchers, this...

6.8CVSS5.8AI score0.00508EPSS
Exploits0
Total number of security vulnerabilities4189