Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2021/12/02 12:0 a.m.•5 views

Vulnerability fixed in Cryptshare server

A vulnerability has been fixed in the Web App component of Cryptshare server. This vulnerability allows a malicious user of the system to, via an "HTML injection" attack to redirect the recipient of a "confidential" message to an arbitrary web page. The recipient must open such a message message...

5.4CVSS6.6AI score0.00665EPSS
Exploits1
NCSC
NCSC
•added 2021/11/30 12:0 a.m.•5 views

Vulnerability concealed in FortiClient

A vulnerability has been fixed in FortiClient and FortiClient EMS. An insecure search path could allow an attacker to launch a DLL-Hijack attack. Through the exploitation of this vulnerability, an attacker can obtain elevated privileges on the vulnerable system. Fortinet has released updates to f...

7.8CVSS6.6AI score0.00243EPSS
Exploits0
NCSC
NCSC
•added 2021/11/18 12:0 a.m.•5 views

Fixed vulnerabilities in the BIOS belonging to Intel processors

Intel has fixed two vulnerabilities in the BIOS code of the Pentium, Celeron, Xeon and Core processors. A malicious person with physical access and the authentication to access the BIOS could potentially exploit the vulnerabilities to grant himself elevated privileges and thus potentially execute...

6.7CVSS8AI score0.03095EPSS
Exploits0
NCSC
NCSC
•added 2021/11/15 12:0 a.m.•5 views

Vulnerabilities fixed in Zoom

Zoom has fixed several vulnerabilities in the Zoom client and connector. A malicious party could potentially exploit them to cause a denial-of-service, to execute arbitrary code with user privileges, or to gain access to sensitive data. The most serious vulnerability is in the windows client, in...

9CVSS7.7AI score0.01338EPSS
Exploits0
NCSC
NCSC
•added 2021/11/09 12:0 a.m.•5 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in the following products: SAP ABAP Platform Kernel SAP Commerce SAP ERP Financial Accounting SAP ERP HCM Portugal SAP Focused SAP GUI for Windows SAP NetWeaver Application Server for ABAP and ABAP Platform. SAP Solution Manager The vulnerabilities potentially enable...

8.8CVSS6.8AI score0.02647EPSS
Exploits0
NCSC
NCSC
•added 2021/11/09 12:0 a.m.•5 views

Vulnerabilities fixed in Siemens SIMATIC WINCC

Siemens has fixed vulnerabilities in WinCC. A authenticated malicious person could exploit the vulnerabilities to execute a "Path Traversal" and thus appropriate elevated privileges, read and write arbitrary files and manipulate write and thereby manipulate data and/or gain access gain access to...

9.9CVSS7.1AI score0.01233EPSS
Exploits0
NCSC
NCSC
•added 2021/11/09 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows a malicious person to execute arbitrary execute arbitrary code under the application's permissions. The following table summarizes the vulnerability. |----------------|------|-------------------------------------|...

8.8CVSS7.5AI score0.02146EPSS
Exploits0
NCSC
NCSC
•added 2021/11/05 12:0 a.m.•5 views

Vulnerability fixed in FortiClientEMS

A vulnerability has been fixed in FortiClientEMS. The vulnerability allows an authenticated remote malicious person to to execute arbitrary code. Fortinet categorizes this vulnerability according to the CVSSv3 method with a score of 4. Fortinet has released updates to fix the vulnerability. More...

5.4CVSS6.9AI score0.00711EPSS
Exploits0
NCSC
NCSC
•added 2021/11/04 12:0 a.m.•5 views

Vulnerability fixed in Cisco Prime Infrastructure

A vulnerability has been fixed in Cisco Prime Infrastructure. The vulnerability is known as a so-called Stored-Cross-Site Scripting and allows a malicious party to execute execute malicious code in the victim's Web browser. Cisco has released updates to fix the vulnerability. More information can...

5.4CVSS6.5AI score0.0058EPSS
Exploits0
NCSC
NCSC
•added 2021/11/04 12:0 a.m.•5 views

Vulnerability fixed in Cisco AnyConnect Secure Mobility Client

A vulnerability has been fixed in Cisco AnyConnect Secure Mobility Client. The vulnerability allows a locally authenticated malicious party to obtain elevated privileges. Cisco has released updates to fix the vulnerabilities. More information can be found on the page below:...

7.8CVSS6.5AI score0.00235EPSS
Exploits0
NCSC
NCSC
•added 2021/11/04 12:0 a.m.•5 views

Vulnerability fixed in Cisco Email Security Appliance (ESA)

A vulnerability has been fixed in Cisco Email Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. In order to vulnerability, a malicious party must send a rogue e-mail to the appliance. Due to insufficient inp...

7.5CVSS6.7AI score0.01248EPSS
Exploits0
NCSC
NCSC
•added 2021/11/03 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat OpenShift

Vulnerabilities have been fixed in OpenShift. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Red Hat categorizes these vulnerabilities according to the...

8.8CVSS6.5AI score0.10276EPSS
Exploits8
NCSC
NCSC
•added 2021/11/02 12:0 a.m.•5 views

Vulnerability fixed in Tenable Nessus

Tenable has fixed a vulnerability in Nessus. The vulnerability allows a malicious person with limited privileges to to execute certain commands on Nessus Agent hosts. The use of these commands is normally reserved for legitimate system administrators with the required privileges. Tenable did not...

6.7CVSS7.1AI score0.00298EPSS
Exploits0
NCSC
NCSC
•added 2021/11/02 12:0 a.m.•5 views

Vulnerabilities fixed in Python

Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...

6.5CVSS7AI score0.04675EPSS
Exploits1
NCSC
NCSC
•added 2021/10/28 12:0 a.m.•5 views

Vulnerabilities fixed in Juniper Junos OS

Vulnerabilities have been fixed in Junos OS and Junos OS Evolved. The vulnerabilities allow an authenticated malicious person to obtain elevated privileges. These privileges can then be exploited to perform a denial-of-service Dos attack or executing code under root. These attacks are seen as...

7.8CVSS6.8AI score0.00236EPSS
Exploits0
NCSC
NCSC
•added 2021/10/26 12:0 a.m.•5 views

Vulnerability fixed in Juniper Junos OS

Juniper has fixed a vulnerability in Junos OS on the QFX5000 Series. The vulnerability results in potentially sensitive system information, including kernel versions, being leaked in communication between the routing engine and the packet forwarding engine. A malicious person with access to the...

5.3CVSS6.7AI score0.00815EPSS
Exploits0
NCSC
NCSC
•added 2021/10/22 12:0 a.m.•5 views

Vulnerability fixed in Pulse Connect Secure

A vulnerability has been fixed in Pulse Connect Secure. A unauthenticated administrator could potentially exploit it to cause a denial-of-service. Pulse Secure has released updates and a workaround to fix the vulnerability. For more information, see:...

7.8CVSS6.8AI score0.02123EPSS
Exploits0
NCSC
NCSC
•added 2021/10/20 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Essbase

Oracle has fixed vulnerabilities in Hyperion Essbase Administration Services. The vulnerabilities allow a malicious potentially be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to...

10CVSS7.5AI score0.01813EPSS
Exploits0
NCSC
NCSC
•added 2021/10/20 12:0 a.m.•5 views

Vulnerability fixed in Huawei S5700 switch series

Huawei has fixed a vulnerability in its S5700 switch series. A remote malicious person could exploit the vulnerability to cause a denial-of-service attack. Huawei has released updates to fix the vulnerability. More information can be found on the page below:...

7.5CVSS6.6AI score0.00655EPSS
Exploits0
NCSC
NCSC
•added 2021/10/20 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Systems Solaris, ZFS Storage Appliance Kit and Ethernet switches

Oracle has fixed vulnerabilities in Solaris, ZFS Storage Appliance Kit and ES2-64 and ES2-72 switches. The vulnerabilities potentially enable a malicious party to launch attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User...

9.8CVSS7.3AI score0.68067EPSS
Exploits0
NCSC
NCSC
•added 2021/10/20 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in the following JD Edwards products: JD Edwards EnterpriseOne Tools JD Edwards World Security JD Edwards EnterpriseOne Orchestrator The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...

7.5CVSS7.3AI score0.32362EPSS
Exploits5
NCSC
NCSC
•added 2021/10/15 12:0 a.m.•5 views

Vulnerability fixed in Palo Alto Networks GlobalProtect

A vulnerability has been fixed in Palo Alto Networks GlobalProtect app. A malicious party could potentially exploit it to perform a man-in-the-middle attack or to execute execute arbitrary code under SYSTEM privileges. Palo Alto Networks has released updates to fix the vulnerability fix in...

9.3CVSS7.4AI score0.01383EPSS
Exploits0
NCSC
NCSC
•added 2021/10/14 12:0 a.m.•5 views

Vulnerabilities fixed in IBM Cognos

IBM has fixed vulnerabilities in Cognos. The vulnerabilities allow a remote malicious person to manipulate data manipulate. To do so, the malicious party must induce the victim to run rogue Java Web Start applications or rogue Java applets. execute. IBM has released updates to fix the...

5.9CVSS9AI score0.04238EPSS
Exploits0
NCSC
NCSC
•added 2021/10/12 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows and Hyper-V. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of securit...

9CVSS6.6AI score0.73381EPSS
Exploits11
NCSC
NCSC
•added 2021/10/07 12:0 a.m.•5 views

Vulnerability fixed in Cisco Anyconnect Secure Client

Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client for linux and macOS. A locally authenticated malicious party could exploit the vulnerability to load a rogue shared library, which allows the malicious party to execute arbitrary code execute with root privileges and gain access...

7CVSS7.4AI score0.00171EPSS
Exploits0
NCSC
NCSC
•added 2021/10/01 12:0 a.m.•5 views

Vulnerabilities found in Corel products

FortiGuard Labs has found vulnerabilities in the following Corel products: Corel CorelDraw Standard Corel PDF Fusion Corel PhotoPaint Corel Presentations Corel WordPerfect A malicious party can exploit these vulnerabilities to execute arbitrary code under application privileges or to gain access ...

9.3CVSS7.5AI score0.03024EPSS
Exploits0
NCSC
NCSC
•added 2021/09/30 12:0 a.m.•5 views

Vulnerabilities found in Apple iOS and iPadOS

A security researcher has found three vulnerabilities in Apple iOS and iPadOS. A malicious party can exploit these vulnerabilities exploit them to gain access to sensitive data. This includes contact data stored on the device and metadata about interactions with these persons. Successful misuse...

6.7AI score
Exploits0
NCSC
NCSC
•added 2021/09/27 12:0 a.m.•5 views

Vulnerabilities fixed in Debian

Vulnerabilities have been fixed in Debian. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to sensitive data Increased user rights -=...

8.8CVSS7.6AI score0.01692EPSS
Exploits8
NCSC
NCSC
•added 2021/09/23 12:0 a.m.•5 views

Vulnerability fixed in Mattermost

A vulnerability has been fixed in Mattermost. The vulnerability allows a remote malicious person to execute arbitrary code execute arbitrary code under user privileges. To do this, the malicious party must induce the victim to enter rogue code. Mattermost has released updates to fix the...

6.1CVSS7.5AI score0.00611EPSS
Exploits0
NCSC
NCSC
•added 2021/09/22 12:0 a.m.•5 views

Vulnerabilities fixed in Zoho ManageEngine ADManager Plus Pro

Vulnerabilities have been fixed in ManageEngine ADManager Plus Pro. The vulnerabilities allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution User rights Increased...

9.8CVSS7.5AI score0.93401EPSS
Exploits0
NCSC
NCSC
•added 2021/09/22 12:0 a.m.•5 views

Vulnerabilities fixed in openSUSE kernel

Vulnerabilities have been fixed in openSUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data -= openSUSE =- The developers of openSUSE ha...

8.8CVSS6.6AI score0.03354EPSS
Exploits8
NCSC
NCSC
•added 2021/09/21 12:0 a.m.•5 views

Vulnerability fixed in SonicWall

A vulnerability has been fixed in SonicWall. The vulnerability allows a local malicious party to obtain elevated privileges to obtain and thus potentially execute arbitrary code. The vulnerability is located in the installer of the SonicWall VPN Global VPN Client. SonicWall has released updates t...

7.8CVSS6.9AI score0.00403EPSS
Exploits0
NCSC
NCSC
•added 2021/09/17 12:0 a.m.•5 views

Vulnerability discovered in Schneider Electric EcoStruxure Control Expert

A vulnerability has been discovered in Schneider Electric EcoStruxure Control Expert. The vulnerability could cause a malicious script to be deployed deployed to an unauthorized location which in turn could lead to the execution of code. Schneider Electric has published mitigating measures. More...

9.3CVSS6.8AI score0.261EPSS
Exploits0
NCSC
NCSC
•added 2021/09/17 12:0 a.m.•5 views

Vulnerabilities fixed in Netgear SmartSwitches

Netgear has fixed three vulnerabilities in a large number of SmartSwitches Seventh Inferno, Demon's Cries and Draconian Fear. The vulnerabilities allow a malicious party to cause a denial-of-service, or, when the vulnerabilities are used in tandem, to reset the password of the local admin reset...

9.8CVSS6.7AI score0.01756EPSS
Exploits2
NCSC
NCSC
•added 2021/09/14 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics Business Central Control. A malicious party could exploit the vulnerability to perform of a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is...

5.4CVSS5.7AI score0.0093EPSS
Exploits0
NCSC
NCSC
•added 2021/09/10 12:0 a.m.•5 views

Vulnerability fixed in AVEVA System Platform

A vulnerability has been fixed in Platform Common Services PCS Portal which is a component of AVEVA System Platform. It concerns a certain "DLL hijacking" vulnerability. A local malicious person could potentially exploit the vulnerability to execute arbitrary code execute with the privileges of t...

7.8CVSS7.1AI score0.00215EPSS
Exploits0
NCSC
NCSC
•added 2021/09/08 12:0 a.m.•5 views

Vulnerabilities fixed in Google Android

Google has fixed vulnerabilities in the Android OS. A malicious party could misuse the vulnerabilities to gain access to sensitive data or give himself elevated privileges. To do this, the malicious party must trick the victim into installing a rogue app to install. The vulnerability with referen...

10CVSS7AI score0.00796EPSS
Exploits0
NCSC
NCSC
•added 2021/09/08 12:0 a.m.•5 views

Vulnerability fixed in IBM WebSphere

A vulnerability has been fixed in the Dojo library used used by WebSphere Application Server. By exploiting this vulnerability, a remote malicious person may be able to inject arbitrary code onto the system. IBM has released updates to fix the vulnerabilities. More information can be found on the...

7.7CVSS7.3AI score0.0399EPSS
Exploits1
NCSC
NCSC
•added 2021/09/08 12:0 a.m.•5 views

Multiple vulnerabilities fixed in Fortinet products

Fortinet has fixed multiple vulnerabilities in Fortinet products. The vulnerabilities allow a malicious person to execute attacks that potentially lead to: Bypassing security measure Bypassing authentication Remote code execution User rights Spoofing Accessing sensitive data Fortinet has released...

9.3CVSS7.7AI score0.8482EPSS
Exploits0
NCSC
NCSC
•added 2021/09/02 12:0 a.m.•5 views

Vulnerability fixed in Cisco Prime Infrastructure and Evolved Programmable Network Manager

Cisco has fixed a vulnerability in Prime Infrastructure and Evolved Programmable Network Manager. An authenticated malicious person with access to the command-line interface could exploit the exploit the vulnerability to gain access to sensitive information. Cisco has released updates to fix the...

5.5CVSS7AI score0.00225EPSS
Exploits0
NCSC
NCSC
•added 2021/08/26 12:0 a.m.•5 views

Vulnerabilities fixed in IBM AIX

Vulnerabilities have been fixed in IBM AIX. A local malicious party can, by exploiting these vulnerabilities, gain gain root privileges on the vulnerable system or can cause a Denial-of-Service exploit on the local system. IBM has released updates to fix the vulnerabilities in AIX. For more...

8.4CVSS6.8AI score0.00262EPSS
Exploits0
NCSC
NCSC
•added 2021/08/26 12:0 a.m.•5 views

Vulnerability fixed in Atlassian Confluence

A vulnerability has been fixed in Atlassian Confluence. A malicious party could potentially exploit the vulnerability to execute arbitrary code under the application's permissions. Atlassian has released updates to fix the vulnerability in Confluence. For more information, see:...

9.8CVSS7.4AI score0.99999EPSS
Exploits45
NCSC
NCSC
•added 2021/08/26 12:0 a.m.•5 views

Vulnerabilities fixed in Xen

Xen's developers have fixed several vulnerabilities in Xen. A local malicious person could exploit the vulnerabilities to cause a denial-of-service, both in the guest system as well as the underlying host. Also, potentially the vulnerabilities could be exploited to obtain sensitive data in memory...

7.8CVSS6.6AI score0.0187EPSS
Exploits0
NCSC
NCSC
•added 2021/08/25 12:0 a.m.•5 views

Vulnerabilities fixed in VMware vRealize

VMware has fixed vulnerabilities in vRealize. A malicious person with access to the vRealize Operations Manager API could potentially exploit the vulnerabilities potentially exploit them to obtain sensitive data via accessing log files and arbitrary files, potentially possibly taking over a user...

7.5CVSS7AI score0.0116EPSS
Exploits1
NCSC
NCSC
•added 2021/08/23 12:0 a.m.•5 views

Vulnerabilities fixed in Arista MOS on 7130 switches

Several vulnerabilities have been fixed in Arista 7130 switches that use the Metamako Operating System MOS. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Bypassing authentication Bypassing security measure Remote...

9.8CVSS7.7AI score0.0093EPSS
Exploits0
NCSC
NCSC
•added 2021/08/20 12:0 a.m.•5 views

Vulnerability fixed in Icinga

A vulnerability has been fixed in Icinga. Within Icinga TLS certificate verification is used. However However, the validity of the Certificate Authority is not checked. A malicious party can thus circumvent bypass security. Updates have been released to fix the vulnerabilities. More information c...

7.5CVSS7.1AI score0.0142EPSS
Exploits0
NCSC
NCSC
•added 2021/08/20 12:0 a.m.•5 views

Vulnerability fixed in Rapid7 Nexpose

A vulnerability has been fixed in Rapid7 Nexpose. The vulnerability allows a malicious party to read and edit tickets that should not be available to the account the malicious party is logged in should be available. Rapid7 has released updates to fix the vulnerability. More information can be fou...

5.5CVSS6.5AI score0.00474EPSS
Exploits0
NCSC
NCSC
•added 2021/08/19 12:0 a.m.•5 views

Vulnerability fixed in BIND

A vulnerability has been fixed in BIND. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The vulnerability manifests itself when the RRL functionality is enabled. By default, this is not case. ISC has released updates to fix and mitigation. More...

7.5CVSS6.7AI score0.03559EPSS
Exploits1
NCSC
NCSC
•added 2021/08/17 12:0 a.m.•5 views

Vulnerability fixed in BlackBerry QNX Real Time Operating System, QNX SDP, QNX OS for Safety, and QNX OS for Medical

Blackberry has fixed a vulnerability in QNX Real Time Operating System. The vulnerability is known by attribute CVE-2021-22156 and is part of a collection of vulnerabilities known as BadAlloc. A malicious person who manages to gain access to a vulnerable system can exploit the exploit the...

9.8CVSS7.2AI score0.018EPSS
Exploits0
NCSC
NCSC
•added 2021/08/17 12:0 a.m.•5 views

Vulnerability fixed in Zoom Client for Meetings

A vulnerability has been fixed in Zoom Client for Meetings. The vulnerability allows a remote malicious person to execute arbitrary code. To exploit this vulnerability exploit two other misconfigurations within the Zoom client while the attacker is is connected to the victim. Zoom indicates that...

6.8AI score
Exploits0
Total number of security vulnerabilities4190