Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2022/02/22 12:0 a.m.•4 views

Vulnerability fixed in redis

A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...

10CVSS6.8AI score0.9967EPSS
Exploits9
NCSC
NCSC
•added 2022/02/17 12:0 a.m.•4 views

Vulnerability fixed in Brocade Fabric OS

A vulnerability has been fixed in Brocade Fabric OS. There is at least one account with hardcoded credentials where the administrator is not forced to change the password by default. adjust. With the new versions of Fabric OS, this is now mandatory. Cisco has released updates to fix the...

9.8CVSS7AI score0.01326EPSS
Exploits2
NCSC
NCSC
•added 2022/02/11 12:0 a.m.•4 views

Vulnerabilities fixed in DiskStation Manager (DSM)

Vulnerabilities have been fixed in DiskStation Manager. The vulnerabilities allow a remote malicious person to inject arbitrary web script or HTML. Synology has released updates to fix the vulnerabilities in DSM. For more information, see: https://www.synology.com/en-global/security/advisory...

7.5CVSS6.8AI score0.01143EPSS
Exploits0
NCSC
NCSC
•added 2022/02/10 12:0 a.m.•4 views

Vulnerability fixed in ABB OPC Server for AC 800M

ABB has fixed a vulnerability in OPC Server for AC 800M systems. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to execute arbitrary code. Few substantive details about the vulnerability made publicly available. ABB has released update...

8.8CVSS7.3AI score0.00831EPSS
Exploits0
NCSC
NCSC
•added 2022/02/10 12:0 a.m.•4 views

Vulnerabilities fixed in Dell PowerEdge

Intel has fixed vulnerabilities in chipset firmware as used by Dell PowerEdge servers. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges. The vulnerability with reference CVE-2021-33068 allows an authenticated remote malicious party additionally...

7.8CVSS6.8AI score0.0084EPSS
Exploits0
NCSC
NCSC
•added 2022/02/09 12:0 a.m.•4 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must entice the victim to open a rogue file to do so. Adobe has released updates to fix the vulnerabilit...

7.8CVSS7.8AI score0.04729EPSS
Exploits0
NCSC
NCSC
•added 2022/02/09 12:0 a.m.•4 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed several vulnerabilities in Illustrator. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service, execute arbitrary code with user privileges, or to gain access to sensitive data within the scope of the application. The malicious party must to d...

7.8CVSS7.5AI score0.04279EPSS
Exploits0
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in the Kestrel Web Server and Visual Studio Code. The vulnerabilities allow a malicious party to execute arbitrary code or cause a denial-of-service cause. The Denial-of-Service vulnerability with reference CVE-2022-21986 is located in the Kestrel web server. This...

8.1CVSS7.3AI score0.03739EPSS
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•4 views

Vulnerability discovered in NetApp Clustered Data ONTAP

NetApp has discovered a vulnerability in Clustered Data ONTAP. The vulnerability is located in the version of the provided tool Expat and allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a Denial-of-Service. NetApp has not released any updates a...

7.5CVSS8.5AI score0.03992EPSS
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•4 views

Vulnerability fixed in Zimbra

A vulnerability has been fixed in Zimbra. An unauthenticated malicious party could exploit the vulnerability to perform a reflected cross-site scripting attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Within Zimbra,...

6.5AI score
Exploits0
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•4 views

Vulnerability fixed in Cisco Web Security Appliance

A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an authenticated malicious person with access to the management interface is able to obtain sensitive data, such as passwords, by viewing the HTML code returned by the interface. Cisco has released updates to...

6.5CVSS6.2AI score0.00875EPSS
Exploits0
NCSC
NCSC
•added 2022/02/02 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made little technical...

9.6CVSS7.4AI score0.00953EPSS
Exploits2
NCSC
NCSC
•added 2022/02/01 12:0 a.m.•4 views

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.19 to fix the vulnerability. More information can be found on...

7.5CVSS6.7AI score0.07934EPSS
Exploits1
NCSC
NCSC
•added 2022/02/01 12:0 a.m.•4 views

Vulnerability fixed in Tenable Nessus

A vulnerability has been fixed in Tenable Nessus. Nessus makes uses Underscore.js, a JavaScript library. Developers of Underscore have fixed the vulnerability with reference CVE-2021-23358 fixed. This vulnerability allows an authenticated remote malicious person to execute arbitrary code by...

7.2CVSS7.2AI score0.04087EPSS
Exploits2
NCSC
NCSC
•added 2022/01/26 12:0 a.m.•4 views

Vulnerabilities fixed in Autodesk Inventor

Vulnerabilities have been fixed in Autodesk Inventor. The vulnerabilities potentially allow a malicious party to execute code execute code under the application's permissions. The malicious party must entice a victim to open a rogue file to do so. open. Autodesk has released updates to address th...

7.8CVSS7.4AI score0.02885EPSS
Exploits0
NCSC
NCSC
•added 2022/01/24 12:0 a.m.•4 views

Vulnerability fixed in McAfee Data Loss Prevention

A vulnerability has been fixed in McAfee Data Loss Prevention DLP. The vulnerability potentially allows a malicious party to execute code on the ePolicy Orchestrator-sever ePO. The malicious party must have access to the DLP database on the ePO server. Through a blind-SQL injection, it is possibl...

8.4CVSS7.7AI score0.02254EPSS
Exploits0
NCSC
NCSC
•added 2022/01/21 12:0 a.m.•4 views

Vulnerabilities fixed in node.js

Vulnerabilities have been fixed in node.js 12, 14 and 16. Due to a flaw in certificate handling, a remote malicious party could remotely could potentially manipulate traffic to an application running on node.js manipulate traffic to gain access to sensitive data. -= Fedora =- Fedora has made...

8.2CVSS7.4AI score0.21514EPSS
Exploits2
NCSC
NCSC
•added 2022/01/20 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco StarOS Software

Cisco has fixed vulnerabilities in StarOS, the operating system of a series of Aggregation Services Routers ASR. Because the debug mode was misconfigured, a remote malicious party may be able to access sensitive information and may be able to execute arbitrary code under the root privileges of th...

8.1CVSS7.8AI score0.11636EPSS
Exploits0
NCSC
NCSC
•added 2022/01/20 12:0 a.m.•4 views

Vulnerabilities fixed in McAfee Agent

Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially allow a malicious party to obtain elevated privileges to obtain or execute arbitrary code with the privileges of the application. McAfee has made updates available to address the vulnerabilities. fixes. For more...

9.3CVSS7.8AI score0.02969EPSS
Exploits0
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•4 views

Vulnerability fixed in Oracle JD Edwards EnterpriseOne Tools

Oracle has fixed a vulnerability in JD Edwards EnterpriseOne Tools. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------| | CVE-2021-23337 | 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |...

7.2CVSS7.4AI score0.2241EPSS
Exploits2
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•4 views

Vulnerability fixed in Oracle Java SE and GraalVM Enterprise Edition

Oracle has fixed vulnerabilities in the following products: Java SE JDK and JRE GraalVM Enterprise Edition The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of...

6.5CVSS6.8AI score0.08346EPSS
Exploits1
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise CS SA Integration Pack The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...

9.8CVSS8AI score0.50445EPSS
Exploits9
NCSC
NCSC
•added 2022/01/13 12:0 a.m.•4 views

Vulnerabilities fixed in Ghostscript

Vulnerabilities have been fixed in Ghostscript. A malicious person could potentially exploit the vulnerability to cause a denial-of-service cause. To do this, a specially prepared PostScript file to be processed by the Ghostscript instance. Because Ghostscript is commonly used on print servers in...

5.5CVSS6.6AI score0.01401EPSS
Exploits2
NCSC
NCSC
•added 2022/01/11 12:0 a.m.•4 views

Vulnerability fixed in Siemens SIPROTEC systems

Siemens has fixed a vulnerability in SIPROTEC 5 systems. The vulnerability allows an unauthenticated malicious person to read information from the system. The vulnerability is located in the Web component of systems based on CPU variants CP050, CP100 and CP300. To exploit the vulnerability, the...

7.5CVSS6.7AI score0.00968EPSS
Exploits0
NCSC
NCSC
•added 2022/01/11 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow an authenticated malicious person with access to the victim's network is able to execute arbitrary code. Overview of fixed vulnerabilities: |----------------|------|-------------------------------------| |...

9CVSS6.6AI score0.01217EPSS
Exploits0
NCSC
NCSC
•added 2022/01/05 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made few technical...

9.6CVSS7.4AI score0.015EPSS
Exploits19
NCSC
NCSC
•added 2022/01/05 12:0 a.m.•4 views

Rootkit found in HPE iLO environments

Security researchers at AmnPardaz have published an investigation published about a rootkit found in HPE iLO systems. The malware, called "iLOBleed," was used, among other things, to to wipe a system's hard drives. Because the iLO subsystem has exceptionally high privileges, compromising it means...

6.5AI score
Exploits0
NCSC
NCSC
•added 2022/01/03 12:0 a.m.•4 views

Availability issue fixed in Microsoft Exchange

Due to a bug in the on-premises Microsoft Exchange Server 2016 and 2019, email may not have been sent out anymore. At this time, there is no reason to believe that incoming email has not been accepted. The accepted emails just could not be delivered. The problem could have occurred because of the...

6.5AI score
Exploits0
NCSC
NCSC
•added 2021/12/29 12:0 a.m.•4 views

Vulnerability fixed in Moxa MGate systems

Moxa has fixed a vulnerability in the MGate 5109 and MGate 5101-PBM-MN protocol gateway systems. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. Abuse is possible by continuously sending specially prepared network traffic, causing the gatewa...

6.7AI score
Exploits0
NCSC
NCSC
•added 2021/12/22 12:0 a.m.•4 views

Vulnerabilities fixed in Emerson DeltaV

Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the exploit the vulnerabilities to execute with elevated privileg...

8.1CVSS7.1AI score0.00263EPSS
Exploits0
NCSC
NCSC
•added 2021/12/20 12:0 a.m.•4 views

Vulnerabilities fixed in Apache httpd

Apache has fixed two vulnerabilities in HTTP Server. The vulnerability with attribute CVE-2021-44224 is present when HTTP Server is configured as a forward proxy. The vulnerability allows a remote malicious person to cause a denial-of-service cause or potentially perform a cross-site request...

9.8CVSS8AI score0.97108EPSS
Exploits4
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Edge (Chromium)

Microsoft has fixed vulnerabilities in Edge Chromium-based. An unauthenticated malicious person can remotely exploit the vulnerabilities to remote exploit to execute arbitrary code in the scope of the browser. To do this, the malicious party must entice the victim to open a rogue Web page...

8.8CVSS7.5AI score0.02073EPSS
Exploits0
NCSC
NCSC
•added 2021/12/13 12:0 a.m.•4 views

Vulnerability fixed in Cisco Web Security Appliance

A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. The Cisco Web Security Appliance can crash due to a large number of HTTP requests, manual actions may be necessar...

8.6CVSS6.6AI score0.01386EPSS
Exploits0
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•4 views

Vulnerability fixed in Dell Powerpath Management Appliance

Dell has fixed a vulnerability in the Powerpath Management Appliance. A locally authenticated malicious person could exploit the vulnerability to give himself admin rights and thereby executing arbitrary code on the vulnerable system. By using a default, hardcoded, password, the malicious party c...

8.2CVSS7.2AI score0.00239EPSS
Exploits0
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in software bundled at Spectrum Control. These include previously fixed vulnerabilities in underlying products and libraries such as node.js, OpenSSL and Websphere Liberty. Previous security advisories have been published. A malicious party can exploit the...

9.8CVSS7.5AI score0.50445EPSS
Exploits2
NCSC
NCSC
•added 2021/12/08 12:0 a.m.•4 views

Vulnerability fixed in Fortinet products

A vulnerability has been fixed in FortiSandbox, FortiWeb, FortiADC and FortiMail. A malicious party in possession of the password store could potentially gain access to encrypted data. Fortinet has released updates to address the vulnerability. fix. For more information, see:...

5.3CVSS6.9AI score0.00902EPSS
Exploits0
NCSC
NCSC
•added 2021/12/07 12:0 a.m.•4 views

Vulnerability fixed in Ngnix

F5 has fixed a vulnerability in NGINX. The vulnerability makes it possible to perform a denial-of-service attack by sending corrupt json data. The vulnerability is specifically in the JSON parser of the ModSecurity WAF module of NGINX Plus. F5 has made updates available to fix the vulnerability...

7.5CVSS6.9AI score0.03206EPSS
Exploits2
NCSC
NCSC
•added 2021/12/07 12:0 a.m.•4 views

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges The...

10CVSS8.2AI score0.09729EPSS
Exploits6
NCSC
NCSC
•added 2021/11/25 12:0 a.m.•4 views

Vulnerability fixed in VxWorks

A vulnerability has been fixed in Wind River VxWorks 6.9 and 7. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by sending a specially prepared network packet to the IKE service. Wind River has released updates to fix the vulnerability fix in VxWorks. Fo...

6.5CVSS6.8AI score0.00848EPSS
Exploits0
NCSC
NCSC
•added 2021/11/25 12:0 a.m.•4 views

Vulnerabilities fixed in Zoom products

Two vulnerabilities have been fixed in various Zoom products, including the Zoom Client for Meetings. A malicious party could vulnerabilities potentially exploit them to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights...

9.8CVSS7.8AI score0.03207EPSS
Exploits2
NCSC
NCSC
•added 2021/11/22 12:0 a.m.•4 views

Vulnerabilities fixed in Red Hat Virtualization

Vulnerabilities have been fixed in Red Hat Virtualization for Red Hat Enterprise Linux 8. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges The...

9.8CVSS6.6AI score0.57853EPSS
Exploits3
NCSC
NCSC
•added 2021/11/18 12:0 a.m.•4 views

Fixed vulnerabilities in the BIOS belonging to Intel processors

Intel has fixed two vulnerabilities in the BIOS code of the Pentium, Celeron, Xeon and Core processors. A malicious person with physical access and the authentication to access the BIOS could potentially exploit the vulnerabilities to grant himself elevated privileges and thus potentially execute...

6.7CVSS8AI score0.03095EPSS
Exploits0
NCSC
NCSC
•added 2021/11/18 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Security SiteProtector System

IBM has fixed two vulnerabilities in SiteProtector. A malicious party can exploit the vulnerabilities to execute arbitrary execute arbitrary JavaScript code in the Web interface to potentially gain access to system data or sensitive data, such as credentials. To do this, the malicious party must...

5.4CVSS7.3AI score0.01075EPSS
Exploits0
NCSC
NCSC
•added 2021/11/17 12:0 a.m.•4 views

Vulnerability fixed in Ubuntu

Canonical has fixed a vulnerability in Ubuntu. The vulnerability is located in AccountsService. A local malicious party can, by exploiting this vulnerability, gain gain elevated privileges on the vulnerable system. Canonical has made updates available for Ubuntu 20.04 LTS, 21.04 and 21.10 to fix...

7.8CVSS6.6AI score0.00347EPSS
Exploits0
NCSC
NCSC
•added 2021/11/09 12:0 a.m.•4 views

Vulnerabilities fixed in Citrix ADC, Gateway and SD-WAN WANOP Edition

Citrix has fixed two vulnerabilities in Citrix Application Delivery Controller ADC, Citrix Gateway and Citrix SD-WAN WANOP Edition. The vulnerabilities allow a remote malicious party to able to cause a denial-of-service DoS. The vulnerability with reference CVE-2021-22955 is located in Citrix ADC...

7.5CVSS9.2AI score0.00894EPSS
Exploits0
NCSC
NCSC
•added 2021/11/08 12:0 a.m.•4 views

Vulnerability fixed in Cisco Small Business Series Switches

Cisco has fixed a vulnerability in several Small Business Series Switches. The vulnerability allows an unauthenticated malicious person with access to the management interface to obtain obtain administrator privileges. Successful exploitation requires a man-in-the-middle position between the...

8.1CVSS6.8AI score0.01617EPSS
Exploits0
NCSC
NCSC
•added 2021/11/08 12:0 a.m.•4 views

Vulnerabilities fixed in Redis

Vulnerabilities have been fixed in Redis. The vulnerabilities allow an unauthenticated malicious person potentially able to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access to...

9CVSS7.6AI score0.31049EPSS
Exploits0
NCSC
NCSC
•added 2021/11/04 12:0 a.m.•4 views

Vulnerability fixed in Cisco Prime Infrastructure

A vulnerability has been fixed in Cisco Prime Infrastructure. The vulnerability is known as a so-called Stored-Cross-Site Scripting and allows a malicious party to execute execute malicious code in the victim's Web browser. Cisco has released updates to fix the vulnerability. More information can...

5.4CVSS6.5AI score0.0058EPSS
Exploits0
NCSC
NCSC
•added 2021/11/04 12:0 a.m.•4 views

Vulnerability fixed in Cisco Email Security Appliance (ESA)

A vulnerability has been fixed in Cisco Email Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. In order to vulnerability, a malicious party must send a rogue e-mail to the appliance. Due to insufficient inp...

7.5CVSS6.7AI score0.01248EPSS
Exploits0
NCSC
NCSC
•added 2021/11/02 12:0 a.m.•4 views

Vulnerabilities fixed in Python

Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...

6.5CVSS7AI score0.04675EPSS
Exploits1
Total number of security vulnerabilities4190