Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2021/08/06 12:0 a.m.•5 views

Vulnerabilities fixed in Pulse Connect Secure

Pulse Connect has fixed vulnerabilities in Pulse Connect Secure. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remote code execution...

7.2CVSS7.5AI score0.9648EPSS
Exploits5
NCSC
NCSC
•added 2021/08/04 12:0 a.m.•5 views

Vulnerabilities fixed in ForsiOS

FortiGuard Labs has fixed several vulnerabilities in FortiOS. The vulnerabilities allow a malicious party to execute attacks that potentially lead to the execution of arbitrary code under the user's privileges. FortiGuard Labs has released updates to fix the vulnerabilities fixes in FortiOS SSL...

8.8CVSS7.4AI score0.00761EPSS
Exploits0
NCSC
NCSC
•added 2021/08/04 12:0 a.m.•5 views

Vulnerabilities fixed in FortiManager and FortiAnalyzer

A vulnerability has been fixed in FortiManager and FortiAnalyzer. A malicious party could potentially exploit them to execute arbitrary code with elevated privileges or gain access to sensitive data. Fortinet has released updates to fix the vulnerability. More information can be found on the page...

8.8CVSS7.5AI score0.03206EPSS
Exploits1
NCSC
NCSC
•added 2021/08/02 12:0 a.m.•5 views

Vulnerability fixed in PowerDNS

A vulnerability has been fixed in PowerDNS. The vulnerability allows an unauthenticated remote malicious agent to cause a denial-of-service. PowerDNS has released updates to fix the vulnerability. More information can be found on the page below:...

7.5CVSS6.8AI score0.64857EPSS
Exploits0
NCSC
NCSC
•added 2021/08/02 12:0 a.m.•5 views

Vulnerabilities fixed is MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow an unauthenticated remote malicious person to be able to execute arbitrary code in the victim's browser. To do so, the malicious party must induce the victim to follow a rogue hyper-link to follow CIRCL has released updates to fix...

5.4CVSS7.5AI score0.00672EPSS
Exploits0
NCSC
NCSC
•added 2021/07/29 12:0 a.m.•5 views

Vulnerabilities fixed in Xerox AltaLink systems

Xerox has released a cumulative update that fixes several vulnerabilities that could lead to: Security measure circumvention SQL Injection Accessing sensitive data Xerox has released updates to address the vulnerabilities in AltaLink systems. For more information, see:...

9.8CVSS7.5AI score0.01017EPSS
Exploits0
NCSC
NCSC
•added 2021/07/28 12:0 a.m.•5 views

Vulnerability fixed in MISP

A vulnerability has been fixed in MISP. A malicious party can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application is visited. MISP has released updates ...

5.4CVSS6.7AI score0.00504EPSS
Exploits0
NCSC
NCSC
•added 2021/07/26 12:0 a.m.•5 views

Vulnerability fixed in MIT Kerberos

A vulnerability has been fixed in krb5, part of MIT's Kerberos. A malicious party could potentially exploit the vulnerability to cause a denial-of-service on the KDC process through a specially prepared request. -= Debian =- Debian has made updates to krb5 available for Debian 10.0 Buster to fix...

7.5CVSS7.4AI score0.10276EPSS
Exploits0
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe After Effects

Adobe has fixed vulnerabilities in After Effects. A malicious party could potentially exploit the vulnerabilities to access gain access to system data, or execute arbitrary code with the application's permissions. To do this, the malicious party must trick the victim into opening a rogue file...

9.3CVSS7.4AI score0.02481EPSS
Exploits0
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Orchestrator and EnterpriseOne Tools. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication...

9.8CVSS8.5AI score0.17611EPSS
Exploits0
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Virtualization products

Oracle has fixed vulnerabilities in Secure Global Desktop and VirtualBox. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Access to sensitive da...

9.9CVSS6.7AI score0.0158EPSS
Exploits0
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Photoshop

Adobe has fixed vulnerabilities in Photoshop. A local malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or gain access to system files. Adobe has released updates to fix the vulnerabilities in Photoshop 2020 and 2021. For more information,...

9.3CVSS7.6AI score0.05033EPSS
Exploits0
NCSC
NCSC
•added 2021/07/20 12:0 a.m.•5 views

Vulnerability fixed in Juniper Junos OS

Two vulnerabilities have been fixed in Juniper JunOS. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To do this, an attacker needs to send valid network traffic in a specific sequence to the device. The traffic should be destined for the Junip...

7.8CVSS7.1AI score0.00993EPSS
Exploits0
NCSC
NCSC
•added 2021/07/20 12:0 a.m.•5 views

Vulnerability fixed in FortiNet products

A vulnerability has been fixed in Fortinet FortiManager and FortiAnalyzer. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code under root privileges. To do this, a malicious party must send a specially prepared network packet to...

9.8CVSS7.7AI score0.08703EPSS
Exploits0
NCSC
NCSC
•added 2021/07/20 12:0 a.m.•5 views

Fixed vulnerabilities in the Lexmark Universal Printer Driver

Lexmark has fixed vulnerabilities in the Universal Printer Driver. A local malicious person with rights to install/activate new printers could install/activate, could exploit the vulnerabilities to execute arbitrary code with SYSTEM privileges. Lexmark has released updates to fix the...

7.8CVSS7.3AI score0.01413EPSS
Exploits3
NCSC
NCSC
•added 2021/07/15 12:0 a.m.•5 views

Vulnerability fixed in NetBSD

The developers of NetBSD have fixed a vulnerability in kernfs. The vulnerability allows an authenticated malicious person to able to read any files on the file system, including files both system and userspace for which the malicious party is not originally authorized. No CVE ID has been disclose...

6.3AI score
Exploits0
NCSC
NCSC
•added 2021/07/14 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Acrobat

Adobe has fixed vulnerabilities in Acrobat, Acrobat DC and Acrobat Reader. The vulnerabilities potentially enable a malicious person able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Increase...

9.3CVSS7.6AI score0.66052EPSS
Exploits1
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Identity Services Engine ISE. An authenticated malicious person could exploit the vulnerabilities on the management interface to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser us...

4.8CVSS6.5AI score0.00594EPSS
Exploits0
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Actively exploited vulnerability fixed in ForgeRock AM

ForgeRock has fixed a vulnerability in ForgeRock Access Manager AM. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code under the application's permissions. To do this, malicious network traffic should be sent to a...

10CVSS7.4AI score0.99999EPSS
Exploits8
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Vulnerabilities Fixed in Microsoft Malware Protection Engine

Microsoft has fixed vulnerabilities in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. A local malicious agent could vulnerabilities potentially exploit them to execute code under elevated privileges execute code. Windows...

9.3CVSS6.7AI score0.02856EPSS
Exploits0
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Exchange

Vulnerabilities have been fixed in Microsoft Exchange. Microsoft indicates that the vulnerabilities with reference CVE-2021-34523 and CVE-2021-34473 were already fixed in the April updates but this has been now being administered. Below is a summary of the various vulnerabilities described for ea...

10CVSS6.6AI score0.99999EPSS
Exploits20
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Mozilla has...

9.8CVSS7.2AI score0.03582EPSS
Exploits3
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Vulnerability fixed in Siemens SIMIT

Siemens has fixed a vulnerability in SIMIT. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or to gain access to data stored in system memory. For this vulnerability, Proof-of-Concept code is publicly available. Siemens has released updates to fix the...

9.1CVSS7.1AI score0.33304EPSS
Exploits1
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•5 views

Vulnerability fixed in NetIQ Advanced Authentication

Micro Focus has fixed a vulnerability in NetIQ Advanced Authentication. The vulnerability allows a malicious party to bypass bypass multi-factor authentication. No substantive details about this vulnerability made publicly available. Micro Focus has released updates to fix the vulnerability fix i...

6.5CVSS6.9AI score0.00685EPSS
Exploits0
NCSC
NCSC
•added 2021/07/07 12:0 a.m.•5 views

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights released updates to addre...

7.5CVSS7.1AI score0.01439EPSS
Exploits0
NCSC
NCSC
•added 2021/07/05 12:0 a.m.•5 views

Vulnerabilities fixed in OpenVPN

Vulnerabilities have been fixed in the Windows versions of OpenVPN and OpenVPN Connect. A local malicious party could potentially exploit them to execute arbitrary code under the rights of the OpenVPN process. To do this, the malicious party must modify the OpenVPN configuration file such that th...

7.8CVSS7.6AI score0.00568EPSS
Exploits0
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in OpenShift Container Platform. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...

8.1CVSS8.7AI score0.7795EPSS
Exploits1
NCSC
NCSC
•added 2021/06/30 12:0 a.m.•5 views

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in Zimbra. The vulnerabilities allow a remote malicious person to launch a so-called cross-site scripting, and open-redirect attack. To do this, the attacker must trick the victim into following a rogue link to follow. Zimbra has released patches to fix the...

9.8CVSS6.7AI score0.0327EPSS
Exploits2
NCSC
NCSC
•added 2021/06/24 12:0 a.m.•5 views

Fixed vulnerabilities in Dell boot functionality.

Eclypsium has discovered vulnerabilities in Dell SupportAssist for Windows. The vulnerabilities allow an unauthenticated remote malicious person able to execute arbitrary code in the BIOS before the operating system is booted. The malicious must perform a man-in-the-middle attack to do so and...

7.5CVSS7.8AI score0.00626EPSS
Exploits0
NCSC
NCSC
•added 2021/06/24 12:0 a.m.•5 views

Vulnerability fixed in MediaWiki

A vulnerability has been fixed in MediaWiki. The vulnerability allows an authenticated remote malicious person to delete delete pages while the account is locked. MediaWiki has released new versions to fix the vulnerability. fix. More information can be found on the page below:...

7.5CVSS6.5AI score0.01943EPSS
Exploits1
NCSC
NCSC
•added 2021/06/23 12:0 a.m.•5 views

Vulnerability found in Lexmark drivers

An IBM X-Force researcher has discovered a vulnerability in the LMbdsvc component in the Lexmark printer drivers for Windows. The vulnerability allows a locally authenticated malicious person to able to execute arbitrary code under system privileges. One and all is described in the following...

7.5AI score
Exploits0
NCSC
NCSC
•added 2021/06/22 12:0 a.m.•5 views

Vulnerabilities fixed in Dovecot

Dovecot's developers have fixed two vulnerabilities. An authenticated remote malicious person can exploit the vulnerabilities exploit them to cause a denial-of-service, execute execute commands with application privileges or to obtain sensitive data. -= Ubuntu =- Canonical has made updates...

7.5CVSS6.9AI score0.02837EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•5 views

Vulnerability fixed in Fortinet FortiClient for macOS

A vulnerability has been fixed in Fortinet FortiClient for macOS. By exploiting this vulnerability to gain root privileges on the vulnerable system. See also the page below from the discoverers of this vulnerability, for more information: https://www.zerodayinitiative.com/advisories/ZDI-21-693/...

7.8CVSS7.1AI score0.00426EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•5 views

Vulnerability fixed in VMware Tools for Windows

A vulnerability has been fixed in VMware Tools for Windows. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by exploiting a race condition in the VM3DMP driver. VMware has released updates to fix the vulnerability. For more information, see:...

5.5CVSS6.8AI score0.00479EPSS
Exploits0
NCSC
NCSC
•added 2021/06/16 12:0 a.m.•5 views

Vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed vulnerabilities in IBM Spectrum Protect Backup Archive Client and IBM Spectrum Protect for Space Management. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to execute under elevated privileges execute arbitrary code. IBM has...

8.4CVSS7.2AI score0.00345EPSS
Exploits0
NCSC
NCSC
•added 2021/06/16 12:0 a.m.•5 views

Vulnerability fixed in VMware vRealize Business for Cloud

VMware has fixed a vulnerability in virtual appliances of vRealize Business for Cloud. An unauthenticated remote malicious agent could remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code. To do so, the malicious party must maliciously send network...

9.8CVSS7.5AI score0.01981EPSS
Exploits0
NCSC
NCSC
•added 2021/06/16 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat OpenShift

Red Hat has fixed vulnerabilities in OpenShift Container Platform. A malicious party could potentially exploit them to obtain elevated privileges on the vulnerable system or to cause a denial-of-service. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can...

8.6CVSS8.5AI score0.03478EPSS
Exploits1
NCSC
NCSC
•added 2021/06/15 12:0 a.m.•5 views

Vulnerability fixed in OTRS

A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to send a rogue email message that must then be sent by the OTRS application to process. OTRS has released...

6.5CVSS6.7AI score0.00976EPSS
Exploits0
NCSC
NCSC
•added 2021/06/09 12:0 a.m.•5 views

Vulnerability fixed in Citrix Cloud Connector

Citrix has discovered a vulnerability in the Cloud Connector client application. When the client is installed using command line parameters, these parameters are stored in readable text in the installation log file. These parameters may contain sensitive data, which a malicious person with access...

7.5CVSS6.8AI score0.01064EPSS
Exploits0
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft .NET Core and Visual Studio

Microsoft has fixed vulnerabilities in .NET Core, Visual Studio and Visual Studio Code. An unauthenticated malicious person at remote user could potentially exploit it to cause a denial-of-service. The vulnerability with attribute CVE-2021-31938 could potentially be exploited by a local malicious...

7.8CVSS6.5AI score0.05138EPSS
Exploits0
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•5 views

Vulnerability fixed in Xerox AltaLink systems

Xerox has fixed a vulnerability in AltaLink systems. A remote malicious person could exploit the vulnerability to conduct execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to access the system. No CVE vulnerability h...

6.4AI score
Exploits0
NCSC
NCSC
•added 2021/06/04 12:0 a.m.•5 views

Vulnerability fixed in Red Hat Enterprise Linux

Red Hat has fixed a vulnerability in the Public Key Infrastructure PKI Core package. A component of this package writes out the administrator password during installation to a log file that is unjustifiably readable by any local user. A local malicious person with knowledge of the location of thi...

7.8CVSS6.4AI score0.00183EPSS
Exploits0
NCSC
NCSC
•added 2021/06/03 12:0 a.m.•5 views

Vulnerability fixed in Redis

A vulnerability has been fixed in Redis. A malicious person at remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code under application privileges. The vulnerability is caused by an integer overflow that can be triggered via the command "STRALGO LCS" c...

8.8CVSS7.8AI score0.04207EPSS
Exploits0
NCSC
NCSC
•added 2021/06/03 12:0 a.m.•5 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab Community Edition and GitLab Enterprise Edition. The vulnerabilities allow a remote malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...

7.7CVSS6.5AI score0.01058EPSS
Exploits0
NCSC
NCSC
•added 2021/06/02 12:0 a.m.•5 views

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights...

8.8CVSS7.6AI score0.01368EPSS
Exploits0
NCSC
NCSC
•added 2021/06/02 12:0 a.m.•5 views

Vulnerability fixed in WhatsApp

A vulnerability has been fixed in the Android versions of WhatsApp and WhatsApp Business. It involves a path-traversal vulnerability which could potentially be exploited remotely to overwrite files used by WhatsApp. There few substantive details of the vulnerability have been made publicly...

9.1CVSS6.8AI score0.01134EPSS
Exploits0
NCSC
NCSC
•added 2021/06/01 12:0 a.m.•5 views

Vulnerability fixed in Squid

A vulnerability has been fixed in Squid. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause cause a denial-of-service. To do this, a rogue HTTP response message should be sent to the Squid service. The developers have released updates to fix the...

6.5CVSS6.8AI score0.79583EPSS
Exploits0
NCSC
NCSC
•added 2021/05/31 12:0 a.m.•5 views

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. The vulnerabilities allow an authenticated malicious person to execute scripts without having the necessary permissions to do so. In addition, a malicious person with inactive account could bypass a security measure that allows access to the account to be...

8.8CVSS7.1AI score0.02102EPSS
Exploits1
NCSC
NCSC
•added 2021/05/28 12:0 a.m.•5 views

Vulnerability fixed in Siemens SIMATIC

Siemens has fixed a vulnerability in several SIMATIC products. An unauthenticated malicious person with access to TCP port 102 could potentially exploit the vulnerability to manipulate system memory, execute arbitrary code and gain access to system data. Siemens has released updates to fix the...

9.8CVSS7.7AI score0.05184EPSS
Exploits0
NCSC
NCSC
•added 2021/05/28 12:0 a.m.•5 views

Vulnerability fixed in SonicWall Network Security Manager

A vulnerability has been fixed in the SonicWall Network Security Manager. The vulnerability allows an authenticated malicious person remotely capable of injecting OS commands by sending a specially-prepared HTTP request. SonicWall has released updates to fix the vulnerability. fix. More informati...

9CVSS6.7AI score0.11642EPSS
Exploits1
Total number of security vulnerabilities4190