Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
added 2021/06/16 12:0 a.m.5 views

Vulnerability fixed in VMware vRealize Business for Cloud

VMware has fixed a vulnerability in virtual appliances of vRealize Business for Cloud. An unauthenticated remote malicious agent could remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code. To do so, the malicious party must maliciously send network...

9.8CVSS7.5AI score0.01981EPSS
Exploits0
NCSC
NCSC
added 2021/06/16 12:0 a.m.5 views

Vulnerabilities fixed in Red Hat OpenShift

Red Hat has fixed vulnerabilities in OpenShift Container Platform. A malicious party could potentially exploit them to obtain elevated privileges on the vulnerable system or to cause a denial-of-service. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can...

8.6CVSS8.5AI score0.03478EPSS
Exploits1
NCSC
NCSC
added 2021/06/15 12:0 a.m.5 views

Vulnerability fixed in OTRS

A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to send a rogue email message that must then be sent by the OTRS application to process. OTRS has released...

6.5CVSS6.7AI score0.00976EPSS
Exploits0
NCSC
NCSC
added 2021/06/09 12:0 a.m.5 views

Vulnerability fixed in Citrix Cloud Connector

Citrix has discovered a vulnerability in the Cloud Connector client application. When the client is installed using command line parameters, these parameters are stored in readable text in the installation log file. These parameters may contain sensitive data, which a malicious person with access...

7.5CVSS6.8AI score0.01064EPSS
Exploits0
NCSC
NCSC
added 2021/06/08 12:0 a.m.5 views

Vulnerability fixed in Xerox AltaLink systems

Xerox has fixed a vulnerability in AltaLink systems. A remote malicious person could exploit the vulnerability to conduct execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to access the system. No CVE vulnerability h...

6.4AI score
Exploits0
NCSC
NCSC
added 2021/06/04 12:0 a.m.5 views

Vulnerability fixed in Red Hat Enterprise Linux

Red Hat has fixed a vulnerability in the Public Key Infrastructure PKI Core package. A component of this package writes out the administrator password during installation to a log file that is unjustifiably readable by any local user. A local malicious person with knowledge of the location of thi...

7.8CVSS6.4AI score0.00183EPSS
Exploits0
NCSC
NCSC
added 2021/06/03 12:0 a.m.5 views

Vulnerability fixed in Redis

A vulnerability has been fixed in Redis. A malicious person at remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code under application privileges. The vulnerability is caused by an integer overflow that can be triggered via the command "STRALGO LCS" c...

8.8CVSS7.8AI score0.04207EPSS
Exploits0
NCSC
NCSC
added 2021/06/03 12:0 a.m.5 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab Community Edition and GitLab Enterprise Edition. The vulnerabilities allow a remote malicious party potentially capable of performing attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...

7.7CVSS6.5AI score0.01058EPSS
Exploits0
NCSC
NCSC
added 2021/06/02 12:0 a.m.5 views

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights...

8.8CVSS7.6AI score0.01368EPSS
Exploits0
NCSC
NCSC
added 2021/06/02 12:0 a.m.5 views

Vulnerability fixed in WhatsApp

A vulnerability has been fixed in the Android versions of WhatsApp and WhatsApp Business. It involves a path-traversal vulnerability which could potentially be exploited remotely to overwrite files used by WhatsApp. There few substantive details of the vulnerability have been made publicly...

9.1CVSS6.8AI score0.01134EPSS
Exploits0
NCSC
NCSC
added 2021/06/01 12:0 a.m.5 views

Vulnerability fixed in Squid

A vulnerability has been fixed in Squid. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause cause a denial-of-service. To do this, a rogue HTTP response message should be sent to the Squid service. The developers have released updates to fix the...

6.5CVSS6.8AI score0.79583EPSS
Exploits0
NCSC
NCSC
added 2021/05/31 12:0 a.m.5 views

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. The vulnerabilities allow an authenticated malicious person to execute scripts without having the necessary permissions to do so. In addition, a malicious person with inactive account could bypass a security measure that allows access to the account to be...

8.8CVSS7.1AI score0.02102EPSS
Exploits1
NCSC
NCSC
added 2021/05/28 12:0 a.m.5 views

Vulnerability fixed in SonicWall Network Security Manager

A vulnerability has been fixed in the SonicWall Network Security Manager. The vulnerability allows an authenticated malicious person remotely capable of injecting OS commands by sending a specially-prepared HTTP request. SonicWall has released updates to fix the vulnerability. fix. More informati...

9CVSS6.7AI score0.11642EPSS
Exploits1
NCSC
NCSC
added 2021/05/26 12:0 a.m.5 views

Vulnerabilities verhopen in IBM WebSphere Appliction Server

IBM has fixed a vulnerability in WebSphere Application Server Java Batch. A malicious party could potentially exploit it to cause a denial-of-service or to gaining access to sensitive data. To do so, the malicious party induces the server to process a rogue XML file. processing. IBM has released...

8.2CVSS6.6AI score0.02071EPSS
Exploits0
NCSC
NCSC
added 2021/05/26 12:0 a.m.5 views

Vulnerability fixed in Salt

A vulnerability has been fixed in Salt. A malicious person could vulnerability potentially exploit it to execute execute arbitrary code. To do this, the malicious party must have the ability to place a rogue file on a Salt monitored device. This file should then be passed through the Snapper modu...

7.8CVSS7AI score0.03808EPSS
Exploits1
NCSC
NCSC
added 2021/05/25 12:0 a.m.5 views

Vulnerability fixed in Red Hat OpenShift Container Platform

A vulnerability has been fixed in runc, a component of Red Hat OpenShift Container Platform. The vulnerability allows a malicious user under certain circumstances to themselves, through a rogue container image, to gain access to the host's file system. For more information about the vulnerability...

8.5CVSS9.4AI score0.06604EPSS
Exploits0
NCSC
NCSC
added 2021/05/25 12:0 a.m.5 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. The vulnerabilities allow a malicious person possibly unauthenticated and remote able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Circumvention of security measure Remote code executi...

9.8CVSS9.4AI score0.84224EPSS
Exploits2
NCSC
NCSC
added 2021/05/21 12:0 a.m.5 views

Vulnerability fixed in QNAP QTS

QNAP has fixed a vulnerability in the QTS operating system. The vulnerability allows a local malicious person to perform a so-called path-traversal attack. In the event of a successful attack, a malicious party can compromise the integrity of files. QNAP has released updates to fix the...

8.8CVSS6.4AI score0.00938EPSS
Exploits0
NCSC
NCSC
added 2021/05/21 12:0 a.m.5 views

Vulnerability found in Mozilla Firefox

Researchers have found a vulnerability in Mozilla Firefox. The vulnerability allows a remote malicious person to execute arbitrary JavaScript code in the context of the web browser. To exploit this vulnerability, a malicious person to induce the victim to visit a rogue server. visit. Then, the...

7AI score
Exploits0
NCSC
NCSC
added 2021/05/19 12:0 a.m.5 views

Vulnerabilities fixed in QEMU and libvirt

Vulnerabilities have been fixed in QEMU and libvirt. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges -= Red Hat =- Red Hat...

7.2CVSS6.4AI score0.0183EPSS
Exploits2
NCSC
NCSC
added 2021/05/14 12:0 a.m.5 views

Vulnerabilities fixed in Adobe products

Adobe has fixed several vulnerabilities in After Effects, Creative Cloud, Illustrator, InDesign and Media Encoder. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access...

9.3CVSS7.6AI score0.05915EPSS
Exploits0
NCSC
NCSC
added 2021/05/12 12:0 a.m.5 views

Vulnerabilities fixed in Adobe products

Adobe has released security updates for Adobe Acrobat Reader and Adobe Acrobat DC for Windows and macOS. These updates fix multiple critical and important vulnerabilities. Successful misuse can lead to execution of arbitrary code in the context of the current user, obtaining elevated privileges...

9.6CVSS7.6AI score0.66918EPSS
Exploits1
NCSC
NCSC
added 2021/05/11 12:0 a.m.5 views

Vulnerabilities fixed in Microsoft Exchange

Vulnerabilities have been fixed in Microsoft Exchange. A malicious party could exploit the vulnerabilities to execute arbitrary code under the application's privileges, or possibly impersonate possibly impersonate another user. For the vulnerability with attribute CVE-2021-31207, Proof-of-Concept...

8.8CVSS6.9AI score0.99782EPSS
Exploits12
NCSC
NCSC
added 2021/05/06 12:0 a.m.5 views

Vulnerability found in Dell firmware update driver

A vulnerability has been fixed in the Dell dbutil23.sys driver for Windows systems. This driver has been installed by default on all Dell laptop and desktop systems since 2009. A local malicious person could, by exploiting this vulnerability to gain SYSTEM privileges on the vulnerable system. For...

8.8CVSS6.8AI score0.57474EPSS
Exploits17
NCSC
NCSC
added 2021/04/29 12:0 a.m.5 views

Vulnerability fixed in Snort

Cisco has fixed a vulnerability in Snort. A unauthenticated remote malicious agent could potentially exploit it to bypass a configured policy for HTTP traffic bypassing. As a result, rogue traffic might be not be properly processed by Snort. Cisco has released updates to fix the vulnerability in...

5.8CVSS7AI score0.01714EPSS
Exploits0
NCSC
NCSC
added 2021/04/28 12:0 a.m.5 views

Vulnerabilities fixed in Apple Safari

Vulnerabilities have been fixed in Apple Safari. The vulnerabilities potentially allow a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to induce the user to visit a rogue page. Also, a malicious party in this way can cause the syst...

6.1CVSS7.5AI score0.01358EPSS
Exploits0
NCSC
NCSC
added 2021/04/21 12:0 a.m.5 views

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Aruba has fixed multiple vulnerabilities in ClearPass Policy Manager. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...

9.8CVSS7.5AI score0.0322EPSS
Exploits0
NCSC
NCSC
added 2021/04/21 12:0 a.m.5 views

Vulnerabilities fixed in Oracle Java SE

Vulnerabilities have been fixed in Oracle Java. The vulnerabilities allow an unauthenticated remote malicious person to obtain system data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------|...

5.9CVSS9AI score0.03566EPSS
Exploits0
NCSC
NCSC
added 2021/04/21 12:0 a.m.5 views

Vulnerability fixed in Oracle SQL developer

A vulnerability has been fixed in Oracle SQL Developer. The vulnerability allows an unauthenticated remote malicious person able to access and manipulate sensitive data. data to be manipulated. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...

5.3CVSS8.5AI score0.08665EPSS
Exploits1
NCSC
NCSC
added 2021/04/20 12:0 a.m.5 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR and Thunderbird. The vulnerabilities can be exploited by a malicious be exploited to cause a denial-of-service, access gain access to data in the context of the application, or to potentially execute arbitrary code with application...

8.8CVSS7.4AI score0.01764EPSS
Exploits2
NCSC
NCSC
added 2021/04/20 12:0 a.m.5 views

Vulnerabilities fixed in Node.js

Several vulnerabilities have been fixed in Node.js. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. In addition, the vulnerabilities could be exploited to perform a prototype pollution attack. Depending on the Node.js application, this could...

9.8CVSS8.8AI score0.69062EPSS
Exploits5
NCSC
NCSC
added 2021/04/16 12:0 a.m.5 views

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform an XML External Entity XXE attack. This vulnerability is located in the way uploaded MP3 files are processed ...

6.9AI score
Exploits0
NCSC
NCSC
added 2021/04/16 12:0 a.m.5 views

Vulnerabilities fixed in McAfee Endpoint Security

Due to cleartext transfer of sensitive information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers that use DNS use, a remote attacker can view ENS requests and responses from GTI via DNS. McAfee has released...

6.5CVSS6.6AI score0.00509EPSS
Exploits0
NCSC
NCSC
added 2021/04/16 12:0 a.m.5 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed several vulnerabilities in BIG-IP. A unauthenticated malicious party could potentially exploit them to cause a denial-of-service. F5 has released updates to fix the vulnerabilities. For more information, see: CVE-2021-22975: https://support.f5.com/csp/article/K21971977 CVE-2021-22977...

7.5CVSS7.1AI score0.0102EPSS
Exploits0
NCSC
NCSC
added 2021/04/15 12:0 a.m.5 views

Vulnerability fixed in Mendix

The latest updates to Mendix fix a vulnerability that allows malicious authorized users can increase their privileges increase their privileges. Remove the authority to manage user roles for non-administrator roles to mitigate this security vulnerability for non-administrator users as a mitigatin...

8.8CVSS6.6AI score0.00804EPSS
Exploits0
NCSC
NCSC
added 2021/04/09 12:0 a.m.5 views

Vulnerability fixed in Forcepoint Web Security

A vulnerability has been fixed in Forcepoint Web Security. A malicious party can exploit the vulnerability to launch an XML External Entity Injection XXE attack when processing of XML data. An external attacker could exploit it to obtain sensitive information. Forcepoint has released updates to...

7.5CVSS7.1AI score0.01046EPSS
Exploits0
NCSC
NCSC
added 2021/04/08 12:0 a.m.5 views

Vulnerabilities found in Cisco Unified Communications Manager

Vulnerabilities have been found in Cisco Unified Communications Manager. The vulnerabilities allow a malicious party to manipulate data and obtain sensitive information. Cisco has not yet released updates to address the vulnerabilities. fix. More information can be found on the pages below:...

4.9CVSS6.6AI score0.01081EPSS
Exploits0
NCSC
NCSC
added 2021/04/07 12:0 a.m.5 views

Vulnerabilities fixed in Red Hat kernel

Vulnerabilities have been fixed in Red Hat kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Increased user privileges -= Red Hat...

8.1CVSS7.8AI score0.06563EPSS
Exploits6
NCSC
NCSC
added 2021/04/01 12:0 a.m.5 views

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed several vulnerabilities in Jira. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure Accessing sensitive data Accessing...

7.2CVSS6.9AI score0.02508EPSS
Exploits0
NCSC
NCSC
added 2021/04/01 12:0 a.m.5 views

Vulnerabilities fixed in Citrix Hypervisor (Xen)

Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a local malicious person with elevated permissions on a guest system able to cause the host system to crash. Citrix has released updates to fix the vulnerabilities. More information can be found on the page below:...

6.5CVSS6.7AI score0.00708EPSS
Exploits0
NCSC
NCSC
added 2021/04/01 12:0 a.m.5 views

Vulnerabilities fixed in LDB

Several vulnerabilities have been fixed in LDB. LDB is an embedded database in line with LDAP and is used among other things by SAMBA. An unauthenticated remote malicious party could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service on LDB cause. This...

7.5CVSS7.1AI score0.04328EPSS
Exploits0
NCSC
NCSC
added 2021/03/31 12:0 a.m.5 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to cause a denial-of-service or to obtain system data obtain. To do so, the malicious party must induce the victim to to visit a rogue website. Google has released updates to fix the vulnerabilities...

8.8CVSS6.7AI score0.01793EPSS
Exploits0
NCSC
NCSC
added 2021/03/29 12:0 a.m.5 views

Vulnerabilities fixed in McAfee ePolicy Orchestrator

McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privilege...

6.5CVSS6.4AI score0.00906EPSS
Exploits0
NCSC
NCSC
added 2021/03/26 12:0 a.m.5 views

Vulnerability fixed in Micro Focus products

A vulnerability has been fixed in several Micro Focus products. A malicious party could, by exploiting this vulnerability obtain the permissions with which the Operations Agent is is running on the vulnerable system. For Linux and Windows, these are root and SYSTEM users, respectively. Too little...

9.8CVSS6.9AI score0.01497EPSS
Exploits0
NCSC
NCSC
added 2021/03/23 12:0 a.m.5 views

Vulnerabilities fixed in Red Hat Certificate System

Several vulnerabilities have been fixed in Red Hat Certificate System. A malicious party can exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Red Hat has made...

6.1CVSS6.4AI score0.00961EPSS
Exploits0
NCSC
NCSC
added 2021/03/23 12:0 a.m.5 views

Vulnerability fixed in Adobe ColdFusion

Adobe has released updates to fix a vulnerability in ColdFusion. A malicious party could potentially exploit it to execute arbitrary code under the privileges of the application. Very limited details are currently available about the vulnerability. Adobe has released updates to fix the...

5.4CVSS7.8AI score0.37095EPSS
Exploits0
NCSC
NCSC
added 2021/03/23 12:0 a.m.5 views

Vulnerabilities fixed in Tivoli Netcool/OMNIbus

IBM Tivoli Netcool / OMNIbusGUI is vulnerable to stored cross-site scripting XSS. This security vulnerability CVE-2021-20336 allows users insert arbitrary JavaScript code into the Web interface, thereby altering the intended functionality, potentially lead to the release of login credentials with...

9.8CVSS8.8AI score0.95922EPSS
Exploits11
NCSC
NCSC
added 2021/03/16 12:0 a.m.5 views

Vulnerabilities fixed in the Ubuntu kernel

Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights -= Ubuntu =- Canonical...

8.8CVSS8.4AI score0.02417EPSS
Exploits1
NCSC
NCSC
added 2021/03/11 12:0 a.m.5 views

Vulnerabilities fixed in Schneider Electric PowerLogic

Schneider Electric has fixed vulnerabilities in a number of PowerLogic products. An unauthenticated malicious person at remote could potentially exploit the vulnerabilities to cause a denial-of-service or to execute arbitrary code. Schneider Electric has released updates to address the...

9.8CVSS7AI score0.02428EPSS
Exploits0
NCSC
NCSC
added 2021/03/11 12:0 a.m.5 views

Vulnerabilities fixed in F5 BIG-IQ

F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...

9.1CVSS7AI score0.00998EPSS
Exploits0
Total number of security vulnerabilities4190