Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2022/07/27 12:0 a.m.•4 views

Vulnerability fixed in Synology DiskStation Manager

Synology has fixed a vulnerability in Diskstation Manager. The vulnerability is located in the webapi component of DiskStation Manager. An authenticated malicious party can perform a path traversal attack that results in the following categories of damage: Denial-of-Service DoS. Manipulation of...

8.1CVSS6.5AI score0.01332EPSS
Exploits0
NCSC
NCSC
•added 2022/07/22 12:0 a.m.•4 views

Vulnerability fixed in SonicWall GMS and Analytics

A vulnerability has been fixed in SonicWall GMS and Analytics. The vulnerability allows an unauthenticated remote malicious person able to perform an SQL injection attack under the privileges of the application. To exploit the vulnerability, the malicious party must have access to the management...

9.8CVSS7.8AI score0.09261EPSS
Exploits0
NCSC
NCSC
•added 2022/07/21 12:0 a.m.•4 views

Vulnerabilities fixed in Apple Safari

Apple has fixed several vulnerabilities in Safari. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. However, the malicious party must trick the victim int...

8.8CVSS7.3AI score0.70461EPSS
Exploits0
NCSC
NCSC
•added 2022/07/20 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Virtualbox

Oracle has fixed vulnerabilities in Virtualbox. The vulnerabilities allow an authenticated malicious person to to execute attacks that can result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights An...

8.2CVSS7.4AI score0.00347EPSS
Exploits0
NCSC
NCSC
•added 2022/07/20 12:0 a.m.•4 views

Vulnerability fixed in Oracle Essbase

Oracle has fixed a vulnerability in Essbase Server. The vulnerability potentially allows a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Accessing sensitive data...

5.8CVSS6.7AI score0.00244EPSS
Exploits0
NCSC
NCSC
•added 2022/07/11 12:0 a.m.•4 views

Fixed vulnerabilities in IBM MQ (Operator and Queue manager)

IBM has fixed multiple vulnerabilities in supporting software provided with IBM MQ Operator and Queue manager. The vulnerabilities are in the Golang software provided. A malicious party could potentially exploit the vulnerabilities to obtain increased user privileges, sensitive data and/or...

7.5CVSS9.5AI score0.06934EPSS
Exploits4
NCSC
NCSC
•added 2022/07/01 12:0 a.m.•4 views

Vulnerabilities fixed in Elastic Kibana and Elastic Endpoint Security

Elastic has fixed vulnerabilities in Kibana and Endpoint Security for Windows. An authenticated malicious party could potentially exploit the vulnerabilities potentially exploit them to perform a cross-site scripting attack or to obtain elevated permissions. Elastic has released updates to fix th...

7.8CVSS6.6AI score0.00777EPSS
Exploits0
NCSC
NCSC
•added 2022/06/30 12:0 a.m.•4 views

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira. A authenticated malicious person could exploit the vulnerability to execute a server-side request-forgery attack. This enables the malicious party to gain access to sensitive data or information about the system. The vulnerability is located in a plug-...

6.5CVSS6.8AI score0.71169EPSS
Exploits1
NCSC
NCSC
•added 2022/06/16 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco Email Security Appliance, Secure Email and Web Manager

Vulnerabilities have been fixed in Cisco Email Security Appliance and Cisco Secure Email and Web Manager. The vulnerability with reference CVE-2022-20798 allows an unauthenticated remote malicious person able to bypass authentication bypass authentication and thereby log into the Web management...

9.8CVSS6.9AI score0.01427EPSS
Exploits0
NCSC
NCSC
•added 2022/06/14 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in several Microsoft Office products. The table below lists the vulnerabilities that have been fixed by Microsoft with the corresponding CVSSv3 scores. Misuse of the vulnerabilities in SharePoint requires prior authentication. Abuse of the vulnerabilities in Excel...

8.8CVSS6.6AI score0.07366EPSS
Exploits0
NCSC
NCSC
•added 2022/06/03 12:0 a.m.•4 views

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. Credentials of users are printed in readable text in the IBM Spectrum Protect Plus virgo log file. IBM has released updates to fix the vulnerabilities in Spectrum Protect Plus 10.1.0.0-10.1.9.32. For more information, see:...

7.5CVSS6.8AI score0.00658EPSS
Exploits0
NCSC
NCSC
•added 2022/06/01 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. These vulnerabilities allow a remote attacker to impersonate impersonate someone else or break outside the sandbox and thereby increase privileges. This requires a user to respond to a link from the attacker. Microsoft has made update version...

8.3CVSS7.2AI score0.01759EPSS
Exploits0
NCSC
NCSC
•added 2022/05/25 12:0 a.m.•4 views

Vulnerabilities fixed in Zyxel products

Zyxel has fixed several vulnerabilities in a number of products, including USG, NSG and ATP firewalls. A malicious person could potentially exploit the vulnerabilities to execute arbitrary commands, cause a denial-of-service or obtaining sensitive information. To exploit the vulnerabilities, the...

7.8CVSS7.1AI score0.0836EPSS
Exploits4
NCSC
NCSC
•added 2022/05/23 12:0 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed two vulnerabilities in Firefox and Thunderbird. A malicious party could potentially exploit them to execute arbitrary javascript code outside the context of the browser, potentially gaining access to sensitive data. Mozilla has released updates to fix the vulnerabilities in...

8.8CVSS7.6AI score0.26709EPSS
Exploits0
NCSC
NCSC
•added 2022/05/13 12:0 a.m.•4 views

Vulnerability fixed in PostgreSQL

The developers of PostgreSQL have fixed a vulnerability in PostgreSQL. It was found that certain commands such as Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER and pgamcheck do not handle permissions correctly, allowing a user to can execute these commands outside the scop...

8.8CVSS6.9AI score0.12403EPSS
Exploits0
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•4 views

Vulnerability fixed in Zimbra Collaboration

Zimbra has fixed a vulnerability in Zimbra Collaboration. The vulnerability allows a remote malicious person to inject memcached commands and thereby manipulate cached data manipulate. This makes it possible to manipulate content that is served to users of Zimbra Collaboration. Thus functionaliti...

7.5CVSS7.1AI score0.84593EPSS
Exploits2
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•4 views

Vulnerabilities fixed in Red Hat OpenShift Logging

Red Hat has fixed vulnerabilities in OpenShift Logging. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypassing a security measure or perform an HTTP request smuggling attack. Red Hat has released updates to fix the vulnerabilities. For more information, see:...

8.1CVSS6.8AI score0.0628EPSS
Exploits0
NCSC
NCSC
•added 2022/05/10 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of authentication Remote code execution Administrator/SYSTEM...

9.8CVSS7.8AI score0.83277EPSS
Exploits11
NCSC
NCSC
•added 2022/05/06 12:0 a.m.•4 views

Vulnerabilities fixed in QNAP QTS, QuTS hero and QuTScloud

QNAP has fixed vulnerabilities in QTS, QuTS hero and QuTScloud. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Access to sensitive data Access to system data...

8.8CVSS7AI score0.01588EPSS
Exploits0
NCSC
NCSC
•added 2022/05/04 12:0 a.m.•4 views

Vulnerabilities fixed in Yokogawa Centum VP, ProSafe-RS and B/M9000 VP

Yokogawa has fixed vulnerabilities in Centum VP, ProSafe-RS and B/M9000 VP. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access t...

9.1CVSS7.6AI score0.12841EPSS
Exploits0
NCSC
NCSC
•added 2022/05/04 12:0 a.m.•4 views

Vulnerabilities fixed in MariaDB

Vulnerabilities have been fixed in MariaDB. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. To do this, the malicious party needs to execute malicious execute SQL queries on the vulnerable database server. -= Oracle =- Oracle has made updates availabl...

7.1CVSS8.1AI score0.08216EPSS
Exploits5
NCSC
NCSC
•added 2022/05/04 12:0 a.m.•4 views

Vulnerabilities fixed in ClamAV

Vulnerabilities have been fixed in ClamAV. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data The developers of ClamAV have released updates to address the...

9.8CVSS7.3AI score0.43382EPSS
Exploits7
NCSC
NCSC
•added 2022/05/02 12:0 a.m.•4 views

Vulnerability fixed in Progress OpenEdge

Progress has fixed a vulnerability in OpenEdge. A malicious party could, by exploiting this vulnerability, gain gain root privileges on the vulnerable system. For successful misuse requires authentication on the underlying operating system required. Progress has released updates to fix the...

7.8CVSS7.1AI score0.00272EPSS
Exploits0
NCSC
NCSC
•added 2022/04/29 12:0 a.m.•4 views

Vulnerabilities fixed in SonicOS

Vulnerabilities have been fixed in SonicOS. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to gain access to system data. SonicWall has issued updates to fix the vulnerabilities in SonicOS. For more information, see below:...

7.5CVSS7.2AI score0.01021EPSS
Exploits0
NCSC
NCSC
•added 2022/04/29 12:0 a.m.•4 views

Vulnerabilities fixed in node.js

Vulnerabilities have been fixed in node.js. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data For the vulnerability with attribute CVE-2021-44906,...

9.8CVSS8.7AI score0.70561EPSS
Exploits4
NCSC
NCSC
•added 2022/04/29 12:0 a.m.•4 views

Vulnerability fixed in Cisco Catalyst

A vulnerability has been fixed in Cisco Catalyst. The vulnerability is located in the IOS XE software. The vulnerability allows a locally authenticated malicious person to obtain elevated permissions and execute arbitrary code with these elevated privileges. Cisco has released updates to fix the...

7.8CVSS7.3AI score0.00223EPSS
Exploits0
NCSC
NCSC
•added 2022/04/28 12:0 a.m.•4 views

Vulnerability fixed in SonicWall Global VPN Client

A vulnerability has been fixed in the Global VPN Client from SonicWall. This vulnerability allows a local malicious person with elevated privileges to execute arbitrary code on the system. SonicWall has released updates to fix the vulnerability. fix. For more information, see the link below:...

7.8CVSS7.5AI score0.00697EPSS
Exploits0
NCSC
NCSC
•added 2022/04/25 12:0 a.m.•4 views

Vulnerability fixed in dnsmasq

A vulnerability has been fixed in dnsmasq.The vulnerability allows an unauthenticated remote malicious agent potentially capable of to cause a denial-of-service. -= openSUSE =- The developers of openSUSE have made updates available to fix the vulnerability in openSUSE Leap 15.3. You can install...

7.5CVSS8.8AI score0.01487EPSS
Exploits0
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•4 views

Vulnerability fixed in Mattermost

A vulnerability has been fixed in Mattermost with versions lower than 6.5. Email invitations to a Mattermost channel or server are insufficiently invalidated when selected by an administrator. This allows a person to still participate in Mattermost channels even though access has been revoked aft...

5.8CVSS6.6AI score0.00806EPSS
Exploits1
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in Java SE JDK/JRE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...

7.5CVSS8AI score0.70561EPSS
Exploits8
NCSC
NCSC
•added 2022/04/19 12:0 a.m.•4 views

Vulnerability found in 7zip for Windows

A vulnerability has been found in 7zip for Windows. This vulnerability allows a malicious person to obtain elevated privileges obtain and execute commands with these privileges. This can be accomplished by moving a file with a .7z extension to "Contents" within the "Help" menu. Within the 7z.dll ...

7.8CVSS7.4AI score0.01523EPSS
Exploits8
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•4 views

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...

8.8CVSS7.1AI score0.02322EPSS
Exploits0
NCSC
NCSC
•added 2022/04/07 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Use...

8.8CVSS6.8AI score0.01241EPSS
Exploits0
NCSC
NCSC
•added 2022/04/06 12:0 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox and Firefox ESR

Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remot...

8.8CVSS7.5AI score0.1446EPSS
Exploits9
NCSC
NCSC
•added 2022/04/01 12:0 a.m.•4 views

Vulnerability fixed in Rapid7 Nexpose

A vulnerability has been fixed in Nexpose, the scanning tool from Rapid7. The vulnerability potentially allows a malicious party to to gain access to sensitive information via SQL injection. Rapid7 has made updates available to fix the vulnerability. fix. For more information, see:...

8.8CVSS7.3AI score0.01183EPSS
Exploits0
NCSC
NCSC
•added 2022/03/30 12:0 a.m.•4 views

Vulnerability fixed in Arista EOS switches

Arista has fixed a vulnerability in switches running on the EOS platform. The vulnerability is in the way VXLAN access rules are processed on the IP4 stack. Because this does not the access rule can be dropped in certain circumstances, allowing network traffic to pass unauthorized. Not all switch...

7.5CVSS6.6AI score0.00706EPSS
Exploits0
NCSC
NCSC
•added 2022/03/29 12:0 a.m.•4 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A malicious party could exploit the vulnerabilities to bypass security measures, execute arbitrary code on the underlying system, or gain access to sensitive information. However, the malicious party must have prior...

8.8CVSS7.2AI score0.01758EPSS
Exploits0
NCSC
NCSC
•added 2022/03/25 12:0 a.m.•4 views

Vulnerability fixed in SonicOS

SonicWall has fixed a vulnerability in SonicOS. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service, and potentially execute arbitrary code execute arbitrary code in the firewall process. SonicWall has released updates to fix the vulnerability in SonicO...

9.8CVSS7.6AI score0.57324EPSS
Exploits3
NCSC
NCSC
•added 2022/03/24 12:0 a.m.•4 views

Vulnerabilities fixed in McAfee ePolicy Orchestrator

McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to sensitive dat...

7.5CVSS9.1AI score0.64509EPSS
Exploits0
NCSC
NCSC
•added 2022/03/24 12:0 a.m.•4 views

Vulnerability fixed in IrfanView

A vulnerability has been fixed in IrfanView. The vulnerability allows a malicious party to cause a denial-of-service of the application or possibly under user privileges to cause execute arbitrary code. To do this, the malicious party needs to victim to open a rogue TIFF file. The developer has...

7.8CVSS7.2AI score0.01351EPSS
Exploits0
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•4 views

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Remote code execution User Rights The developers of MISP have released a new versi...

7.2AI score
Exploits0
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•4 views

Vulnerability fixed in libxml2

A vulnerability has been fixed in libxml2. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The developers of libxml2 have released an update to fix the vulnerability: https://gitlab.gnome.org/GNOME/libxml2/-/commit...

7.5CVSS6.8AI score0.0601EPSS
Exploits0
NCSC
NCSC
•added 2022/03/17 12:0 a.m.•4 views

Vulnerabilities fixed in Drupal

Vulnerabilities have been fixed in CKEditor as used by Drupal. The vulnerability with reference CVE-2022-24728 can be exploited to perform a cross-site scripting attack. The vulnerability with attribute CVE-2022-24729 allows a malicious additionally able to cause a denial-of-service that is limit...

7.5CVSS6.5AI score0.02448EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•4 views

Vulnerability fixed in Tibco JasperReports

A path-traversal vulnerability has been fixed in TIBCO JasperReports. TIBCO indicates that the vulnerability could theoretically could theoretically be used to obtain sensitive data obtain sensitive data from the system on which the JasperReports server is hosted. TIBCO has released updates to fi...

9.9CVSS6.6AI score0.02096EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•4 views

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. The vulnerability allows an unauthenticated malicious person to cause a denial-of-service. To do so, the malicious party must offer a specially crafted certificate to the system that of OpenSSL. The vulnerability is caused by the "BNmodsqrt" function. Th...

7.5CVSS8AI score0.70561EPSS
Exploits2
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•4 views

Vulnerabilities fixed in Yokogawa CENTUM VP

Vulnerabilities have been fixed in Yokogawa CENTUM VP. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...

9.8CVSS7.5AI score0.01017EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•4 views

Vulnerability fixed in F-Secure products

A vulnerability has been fixed in the F-Secure Support tool, which is is used in Business Suite and consumer products. A authenticated malicious person could potentially exploit it to execute arbitrary code under higher privileges. F-Secure has made available an update that fixes the described...

8.5CVSS7.7AI score0.00697EPSS
Exploits0
NCSC
NCSC
•added 2022/03/10 12:0 a.m.•4 views

Vulnerabilities fixed in Schneider Electric Ecostruxure Control Expert

Vulnerabilities have been fixed in the Schneider Electric Ecostruxure Control Expert. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service cause. To exploit these vulnerabilities, a malicious party must be able to intercept specific Modbus data and...

5.9CVSS6.7AI score0.00847EPSS
Exploits0
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•4 views

Vulnerability fixed in Mitel MiCollab and MiVoice Business Express

A vulnerability has been fixed in Mitel MiCollab and MiVoice Business Express. The vulnerability allows an unauthenticated remote malicious party to perform attacks that lead to the following categories of damage Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Th...

9.8CVSS7.4AI score0.87565EPSS
Exploits1
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Defender

Microsoft has fixed vulnerabilities in Defender. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, be able to impersonate another user and execute arbitrary code in the context of a user. In order to exploit the vulnerabilities, the malicious party nee...

8.8CVSS7.2AI score0.02737EPSS
Exploits0
Total number of security vulnerabilities4189