Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2022/03/24 12:0 a.m.•4 views

Vulnerabilities fixed in McAfee ePolicy Orchestrator

McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to sensitive dat...

7.5CVSS9.1AI score0.64509EPSS
Exploits0
NCSC
NCSC
•added 2022/03/24 12:0 a.m.•4 views

Vulnerability fixed in IrfanView

A vulnerability has been fixed in IrfanView. The vulnerability allows a malicious party to cause a denial-of-service of the application or possibly under user privileges to cause execute arbitrary code. To do this, the malicious party needs to victim to open a rogue TIFF file. The developer has...

7.8CVSS7.2AI score0.01351EPSS
Exploits0
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•4 views

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Remote code execution User Rights The developers of MISP have released a new versi...

7.2AI score
Exploits0
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•4 views

Vulnerability fixed in libxml2

A vulnerability has been fixed in libxml2. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The developers of libxml2 have released an update to fix the vulnerability: https://gitlab.gnome.org/GNOME/libxml2/-/commit...

7.5CVSS6.8AI score0.0601EPSS
Exploits0
NCSC
NCSC
•added 2022/03/17 12:0 a.m.•4 views

Vulnerabilities fixed in Drupal

Vulnerabilities have been fixed in CKEditor as used by Drupal. The vulnerability with reference CVE-2022-24728 can be exploited to perform a cross-site scripting attack. The vulnerability with attribute CVE-2022-24729 allows a malicious additionally able to cause a denial-of-service that is limit...

7.5CVSS6.5AI score0.02448EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•4 views

Vulnerability fixed in Tibco JasperReports

A path-traversal vulnerability has been fixed in TIBCO JasperReports. TIBCO indicates that the vulnerability could theoretically could theoretically be used to obtain sensitive data obtain sensitive data from the system on which the JasperReports server is hosted. TIBCO has released updates to fi...

9.9CVSS6.6AI score0.02096EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•4 views

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. The vulnerability allows an unauthenticated malicious person to cause a denial-of-service. To do so, the malicious party must offer a specially crafted certificate to the system that of OpenSSL. The vulnerability is caused by the "BNmodsqrt" function. Th...

7.5CVSS8AI score0.70561EPSS
Exploits2
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•4 views

Vulnerabilities fixed in Yokogawa CENTUM VP

Vulnerabilities have been fixed in Yokogawa CENTUM VP. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...

9.8CVSS7.5AI score0.01017EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•4 views

Vulnerability fixed in F-Secure products

A vulnerability has been fixed in the F-Secure Support tool, which is is used in Business Suite and consumer products. A authenticated malicious person could potentially exploit it to execute arbitrary code under higher privileges. F-Secure has made available an update that fixes the described...

8.5CVSS7.7AI score0.00697EPSS
Exploits0
NCSC
NCSC
•added 2022/03/10 12:0 a.m.•4 views

Vulnerabilities fixed in Schneider Electric Ecostruxure Control Expert

Vulnerabilities have been fixed in the Schneider Electric Ecostruxure Control Expert. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service cause. To exploit these vulnerabilities, a malicious party must be able to intercept specific Modbus data and...

5.9CVSS6.7AI score0.00847EPSS
Exploits0
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•4 views

Vulnerability fixed in Mitel MiCollab and MiVoice Business Express

A vulnerability has been fixed in Mitel MiCollab and MiVoice Business Express. The vulnerability allows an unauthenticated remote malicious party to perform attacks that lead to the following categories of damage Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Th...

9.8CVSS7.4AI score0.87565EPSS
Exploits1
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Defender

Microsoft has fixed vulnerabilities in Defender. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, be able to impersonate another user and execute arbitrary code in the context of a user. In order to exploit the vulnerabilities, the malicious party nee...

8.8CVSS7.2AI score0.02737EPSS
Exploits0
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution User rights Access to...

7.8CVSS7AI score0.02847EPSS
Exploits0
NCSC
NCSC
•added 2022/03/07 12:0 a.m.•4 views

Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations

A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...

9.8CVSS9.1AI score0.02944EPSS
Exploits0
NCSC
NCSC
•added 2022/03/03 12:0 a.m.•4 views

Vulnerability fixed in Liferay portal

A vulnerability has been fixed in Liferay Portal. The vulnerability potentially allows a remote malicious party to perform execute a Cross-Site Request Forgery XSRF attack. Liferay has made updates available to fix the vulnerability. fix. For more information, see:...

5.3CVSS6.9AI score0.00567EPSS
Exploits0
NCSC
NCSC
•added 2022/03/02 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system data Google has ma...

9.6CVSS7.4AI score0.01677EPSS
Exploits2
NCSC
NCSC
•added 2022/02/24 12:0 a.m.•4 views

Vulnerability fixed in VMWare Workspace ONE

VMWare has fixed a vulnerability in Workspace ONE for iOS. A malicious party could potentially exploit the vulnerability for a Cross-Site Scripting Attack XSS. Because workspace ONE is an application for accessing enterprise email, calendars and contact information on BYOD, it could potentially...

5.4CVSS6.3AI score0.00453EPSS
Exploits0
NCSC
NCSC
•added 2022/02/24 12:0 a.m.•4 views

Vulnerabilities fixed in Trend Micro Server Protect

Trend Micro has fixed multiple vulnerabilities in Server Protect. The vulnerability with reference CVE-2022-25329 allows a remote malicious person to misuse a hardcoded password in order to perform administrative actions. perform. The other vulnerabilities allow an authenticated malicious person...

9.8CVSS7.2AI score0.04872EPSS
Exploits2
NCSC
NCSC
•added 2022/02/22 12:0 a.m.•4 views

Vulnerability fixed in redis

A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...

10CVSS6.8AI score0.9967EPSS
Exploits8
NCSC
NCSC
•added 2022/02/17 12:0 a.m.•4 views

Vulnerability fixed in Brocade Fabric OS

A vulnerability has been fixed in Brocade Fabric OS. There is at least one account with hardcoded credentials where the administrator is not forced to change the password by default. adjust. With the new versions of Fabric OS, this is now mandatory. Cisco has released updates to fix the...

9.8CVSS7AI score0.01326EPSS
Exploits2
NCSC
NCSC
•added 2022/02/11 12:0 a.m.•4 views

Vulnerabilities fixed in DiskStation Manager (DSM)

Vulnerabilities have been fixed in DiskStation Manager. The vulnerabilities allow a remote malicious person to inject arbitrary web script or HTML. Synology has released updates to fix the vulnerabilities in DSM. For more information, see: https://www.synology.com/en-global/security/advisory...

7.5CVSS6.8AI score0.01143EPSS
Exploits0
NCSC
NCSC
•added 2022/02/10 12:0 a.m.•4 views

Vulnerability fixed in ABB OPC Server for AC 800M

ABB has fixed a vulnerability in OPC Server for AC 800M systems. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to execute arbitrary code. Few substantive details about the vulnerability made publicly available. ABB has released update...

8.8CVSS7.3AI score0.00831EPSS
Exploits0
NCSC
NCSC
•added 2022/02/10 12:0 a.m.•4 views

Vulnerabilities fixed in Dell PowerEdge

Intel has fixed vulnerabilities in chipset firmware as used by Dell PowerEdge servers. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges. The vulnerability with reference CVE-2021-33068 allows an authenticated remote malicious party additionally...

7.8CVSS6.8AI score0.0084EPSS
Exploits0
NCSC
NCSC
•added 2022/02/09 12:0 a.m.•4 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the vulnerabilit...

7.8CVSS7.8AI score0.04729EPSS
Exploits0
NCSC
NCSC
•added 2022/02/09 12:0 a.m.•4 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed several vulnerabilities in Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service, execute arbitrary code with user privileges, or to gain access to sensitive data within the scope of the application. The malicious party must to d...

7.8CVSS7.5AI score0.04279EPSS
Exploits0
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in the Kestrel Web Server and Visual Studio Code. The vulnerabilities allow a malicious party to execute arbitrary code or cause a denial-of-service cause. The Denial-of-Service vulnerability with reference CVE-2022-21986 is located in the Kestrel web server. This...

8.1CVSS7.3AI score0.03739EPSS
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•4 views

Vulnerability discovered in NetApp Clustered Data ONTAP

NetApp has discovered a vulnerability in Clustered Data ONTAP. The vulnerability is located in the version of the provided tool Expat and allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a Denial-of-Service. NetApp has not released any updates a...

7.5CVSS8.5AI score0.03992EPSS
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•4 views

Vulnerability fixed in Zimbra

A vulnerability has been fixed in Zimbra. An unauthenticated malicious party could exploit the vulnerability to perform a reflected cross-site scripting attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Within Zimbra,...

6.5AI score
Exploits0
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•4 views

Vulnerability fixed in Cisco Web Security Appliance

A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an authenticated malicious person with access to the management interface is able to obtain sensitive data, such as passwords, by viewing the HTML code returned by the interface. Cisco has released updates to...

6.5CVSS6.2AI score0.00875EPSS
Exploits0
NCSC
NCSC
•added 2022/02/02 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made little technical...

9.6CVSS7.4AI score0.00953EPSS
Exploits2
NCSC
NCSC
•added 2022/02/01 12:0 a.m.•4 views

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.19 to fix the vulnerability. More information can be found on...

7.5CVSS6.7AI score0.07934EPSS
Exploits1
NCSC
NCSC
•added 2022/02/01 12:0 a.m.•4 views

Vulnerability fixed in Tenable Nessus

A vulnerability has been fixed in Tenable Nessus. Nessus makes uses Underscore.js, a JavaScript library. Developers of Underscore have fixed the vulnerability with reference CVE-2021-23358 fixed. This vulnerability allows an authenticated remote malicious person to execute arbitrary code by...

7.2CVSS7.2AI score0.04087EPSS
Exploits2
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•4 views

Vulnerability found in i915 kernel driver

A researcher has found a vulnerability in the Linux i915 kernel driver. The memory cache of the i915 kernel graphics driver is not properly cleaned up. An attacker exploiting this vulnerability could cause a local denial-of-service DoS cause or gain access to system data or elevated user...

7.8CVSS7.4AI score0.00379EPSS
Exploits0
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•4 views

Vulnerability fixed in Apache Tomcat

A vulnerability has been fixed in Apache Tomcat. The vulnerability potentially allows a local malicious party to obtain the same rights obtain the same rights as the user used by the Tomcat process. used. To exploit this vulnerability, Tomcat must be configured to keep sessions active through the...

7CVSS6.6AI score0.00692EPSS
Exploits15
NCSC
NCSC
•added 2022/01/26 12:0 a.m.•4 views

Vulnerabilities fixed in Autodesk Inventor

Vulnerabilities have been fixed in Autodesk Inventor. The vulnerabilities potentially allow a malicious party to execute code execute code under the application's permissions. The malicious party must entice a victim to open a rogue file to do so. open. Autodesk has released updates to address th...

7.8CVSS7.4AI score0.02885EPSS
Exploits0
NCSC
NCSC
•added 2022/01/24 12:0 a.m.•4 views

Vulnerability fixed in McAfee Data Loss Prevention

A vulnerability has been fixed in McAfee Data Loss Prevention DLP. The vulnerability potentially allows a malicious party to execute code on the ePolicy Orchestrator-sever ePO. The malicious party must have access to the DLP database on the ePO server. Through a blind-SQL injection, it is possibl...

8.4CVSS7.7AI score0.02254EPSS
Exploits0
NCSC
NCSC
•added 2022/01/24 12:0 a.m.•4 views

Vulnerabilities fixed in Zabbix

Vulnerabilities have been fixed in Zabbix. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User rights...

9.8CVSS7AI score0.95683EPSS
Exploits10
NCSC
NCSC
•added 2022/01/21 12:0 a.m.•4 views

Vulnerabilities fixed in node.js

Vulnerabilities have been fixed in node.js 12, 14 and 16. Due to a flaw in certificate handling, a remote malicious party could remotely could potentially manipulate traffic to an application running on node.js manipulate traffic to gain access to sensitive data. -= Fedora =- Fedora has made...

8.2CVSS7.4AI score0.21514EPSS
Exploits2
NCSC
NCSC
•added 2022/01/20 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco StarOS Software

Cisco has fixed vulnerabilities in StarOS, the operating system of a series of Aggregation Services Routers ASR. Because the debug mode was misconfigured, a remote malicious party may be able to access sensitive information and may be able to execute arbitrary code under the root privileges of th...

8.1CVSS7.8AI score0.11636EPSS
Exploits0
NCSC
NCSC
•added 2022/01/20 12:0 a.m.•4 views

Vulnerabilities fixed in McAfee Agent

Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially allow a malicious party to obtain elevated privileges to obtain or execute arbitrary code with the privileges of the application. McAfee has made updates available to address the vulnerabilities. fixes. For more...

9.3CVSS7.8AI score0.02969EPSS
Exploits0
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•4 views

Vulnerability fixed in Oracle JD Edwards EnterpriseOne Tools

Oracle has fixed a vulnerability in JD Edwards EnterpriseOne Tools. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------| | CVE-2021-23337 | 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |...

7.2CVSS7.4AI score0.2241EPSS
Exploits2
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise CS SA Integration Pack The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...

9.8CVSS8AI score0.50445EPSS
Exploits9
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•4 views

Vulnerability fixed in Oracle Java SE and GraalVM Enterprise Edition

Oracle has fixed vulnerabilities in the following products: Java SE JDK and JRE GraalVM Enterprise Edition The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of...

6.5CVSS6.8AI score0.08346EPSS
Exploits1
NCSC
NCSC
•added 2022/01/13 12:0 a.m.•4 views

Vulnerabilities fixed in Ghostscript

Vulnerabilities have been fixed in Ghostscript. A malicious person could potentially exploit the vulnerability to cause a denial-of-service cause. To do this, a specially prepared PostScript file to be processed by the Ghostscript instance. Because Ghostscript is commonly used on print servers in...

5.5CVSS6.6AI score0.01401EPSS
Exploits2
NCSC
NCSC
•added 2022/01/11 12:0 a.m.•4 views

Vulnerability fixed in Siemens SIPROTEC systems

Siemens has fixed a vulnerability in SIPROTEC 5 systems. The vulnerability allows an unauthenticated malicious person to read information from the system. The vulnerability is located in the Web component of systems based on CPU variants CP050, CP100 and CP300. To exploit the vulnerability, the...

7.5CVSS6.7AI score0.00968EPSS
Exploits0
NCSC
NCSC
•added 2022/01/11 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow an authenticated malicious person with access to the victim's network is able to execute arbitrary code. Overview of fixed vulnerabilities: |----------------|------|-------------------------------------| |...

9CVSS6.6AI score0.01217EPSS
Exploits0
NCSC
NCSC
•added 2022/01/07 12:0 a.m.•4 views

Vulnerability fixed in IBM AIX

IBM has fixed a vulnerability in AIX. A local malicious party can, through manipulation of the mount command execute arbitrary code, possibly with elevated privileges up to root privileges. IBM has released updates to fix the vulnerability in AIX v 7.1 and 7.2. For more information, see:...

8.4CVSS6.8AI score0.00286EPSS
Exploits0
NCSC
NCSC
•added 2022/01/05 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made few technical...

9.6CVSS7.4AI score0.015EPSS
Exploits19
NCSC
NCSC
•added 2022/01/05 12:0 a.m.•4 views

Rootkit found in HPE iLO environments

Security researchers at AmnPardaz have published an investigation published about a rootkit found in HPE iLO systems. The malware, called "iLOBleed," was used, among other things, to to wipe a system's hard drives. Because the iLO subsystem has exceptionally high privileges, compromising it means...

6.5AI score
Exploits0
NCSC
NCSC
•added 2022/01/03 12:0 a.m.•4 views

Availability issue fixed in Microsoft Exchange

Due to a bug in the on-premises Microsoft Exchange Server 2016 and 2019, email may not have been sent out anymore. At this time, there is no reason to believe that incoming email has not been accepted. The accepted emails just could not be delivered. The problem could have occurred because of the...

6.5AI score
Exploits0
Total number of security vulnerabilities4190