Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2021/01/11 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Linux

Vulnerabilities have been fixed in Oracle Linux. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges Oracle has released updates to fix the vulnerabilities. More...

9.8CVSS7.6AI score0.0776EPSS
Exploits8
NCSC
NCSC
•added 2021/01/08 12:0 a.m.•4 views

Vulnerabilities fixed in Ghostscript

Vulnerabilities have been fixed in Ghostscript. The vulnerabilities allow a malicious party to cause a denial-of-service cause and to execute arbitrary code under the privileges of the user. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS and 18.04 LTS to fix the...

8.8CVSS7.7AI score0.04932EPSS
Exploits4
NCSC
NCSC
•added 2021/01/05 12:0 a.m.•4 views

Fixed an issue in Citrix ADC and Citrix Gateway

Citrix has fixed an issue in ADC and Gateway which can lead to denial-of-service attacks. A malicious party could potentially potentially misuse DTLS to cause a Denial-of-Service. Abuse can only occur when DTLS is enabled. Citrix reports that limited scale attacks are currently being reported whi...

6.2AI score
Exploits0
NCSC
NCSC
•added 2020/12/29 12:0 a.m.•4 views

Vulnerability fixed in QNAP QTS

QNAP has fixed a vulnerability in QTS. A malicious party could potentially exploit the vulnerability to inject arbitrary commands into applications. QNAP has released updates to fix the vulnerability in QTS 4.5.1.1495 build 20201123. For more information, see:...

8.8CVSS7AI score0.0255EPSS
Exploits0
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•4 views

Vulnerability fixed in HPE Systems Insight Manager

A vulnerability has been fixed in HPE Systems Insight Manager. A malicious party could potentially exploit the vulnerability to execute arbitrary code under elevated privileges. The vulnerability is located in optional features called "Federated Search" and "Federated CMS Configuration." The...

9.8CVSS7.3AI score0.8189EPSS
Exploits4
NCSC
NCSC
•added 2020/12/15 12:0 a.m.•4 views

Vulnerabilities fixed in Apple iOS and iPadOS

Vulnerabilities have been fixed in Apple iOS and iPadOS. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data App...

8.8CVSS7AI score0.01705EPSS
Exploits0
NCSC
NCSC
•added 2020/12/10 12:0 a.m.•4 views

Vulnerability fixed in Adobe Acrobat and Reader

Adobe has fixed a vulnerability in Adobe Acrobat and Reader. The vulnerability allows a malicious party to obtain sensitive obtain information from the victim's context. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...

7.1CVSS6.4AI score0.07818EPSS
Exploits0
NCSC
NCSC
•added 2020/12/10 12:0 a.m.•4 views

Vulnerabilities fixed in Foxit Reader and Foxit PhantomPDF

Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Foxit has released...

8.8CVSS7.5AI score0.71145EPSS
Exploits5
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Browsers

There are several vulnerabilities in Microsoft Edge. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code with user privileges. Also, the malicious impersonate another user. Microsoft Edge: |----------------|------|-------------------------------------| | CVE I...

7.5CVSS7.2AI score0.02059EPSS
Exploits0
NCSC
NCSC
•added 2020/12/07 12:0 a.m.•4 views

Vulnerability fixed in MISP

CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS and thereby potentially execute arbitrary code in the context of the browser. CIRCL has released updates to fix th...

6.1CVSS7.6AI score0.00765EPSS
Exploits0
NCSC
NCSC
•added 2020/11/26 12:0 a.m.•4 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. A malicious party could potentially exploit the vulnerability to execute arbitrary PHP code execute under the application's permissions. To do so, the malicious party needs to upload a rogue .tar, .tar.gz, .bz2, or .tlz file uploaded to the Drupal server...

7.8CVSS7.5AI score0.84554EPSS
Exploits5
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•4 views

Vulnerabilities fixed in PHPMyAdmin

Ubuntu has fixed several vulnerabilities in the phpmyadmin package. The vulnerabilities allow an unauthenticated malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS SQL Injection Access to...

9.8CVSS6.7AI score0.67081EPSS
Exploits10
NCSC
NCSC
•added 2020/11/23 12:0 a.m.•4 views

Vulnerability fixed in Red Hat JBoss Enterprise Application Platform

A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. The vulnerability allows a malicious party to able to execute an SQL injection and thereby obtain sensitive data to obtain sensitive data. Red Hat has released updates to fix the vulnerability. More information can b...

7.4CVSS8.8AI score0.02907EPSS
Exploits0
NCSC
NCSC
•added 2020/11/20 12:0 a.m.•4 views

Vulnerabilities fixed in VMware ESXi, Workstation and Fusion

VMWare has fixed two vulnerabilities in VMWare Workstation, ESXi and Fusion. A malicious person with authorization in a virtual environment could exploit the vulnerabilities to break out of the virtual environment and execute arbitrary code with the permissions of the virtualization process on th...

8.2CVSS7.8AI score0.00392EPSS
Exploits0
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•4 views

Vulnerability fixed in Bitdefender update server

A vulnerability in Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools allows an unauthorized malicious party to bypass internal measures and communicate with hosts on the network. Bitdefender has released an update. For more information, see:...

9.1CVSS6.9AI score0.00849EPSS
Exploits0
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. A malicious party could exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such attack can lead to the execution of arbitrary script code in the browser used to visit the application. Microsoft...

5.4CVSS5.9AI score0.01326EPSS
Exploits0
NCSC
NCSC
•added 2020/11/06 12:0 a.m.•4 views

Vulnerabilities fixed in Apple macOS

Apple has fixed three 0-day vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the execution of arbitrary code. Apple reports that on a very limited scale abuse is being observed of these vulnerabilities. No PoC or exploit code publicly...

9.3CVSS7.1AI score0.22178EPSS
Exploits2
NCSC
NCSC
•added 2020/11/03 12:0 a.m.•4 views

Multiple vulnerabilities fixed in F5 BIG-IP products

F5 has fixed several vulnerabilities in BIG-IP. Malicious remotely can exploit the vulnerabilities to cause a Denial-of-Service or perform Cross-Site-Scripting attacks. Authenticated malicious actors can exploit some of the vulnerabilities exploit them to bypass security measures and gain access...

8.5CVSS7AI score0.01311EPSS
Exploits0
NCSC
NCSC
•added 2020/10/30 12:0 a.m.•4 views

Vulnerability fixed in Grafana

The vulnerability is known as a so-called Cross-Site Scripting. The vulnerability allows a remote malicious person to able to execute arbitrary code in the browser of the victim. Grafana Labs has released updates to fix the vulnerability. fix. More information can be found on the pages below:...

6.1CVSS7.5AI score0.01965EPSS
Exploits0
NCSC
NCSC
•added 2020/10/30 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Security Directory Server

Vulnerabilities have been fixed in IBM Security Directory Server. The vulnerabilities allow a malicious party to access system data. IBM has released updates to fix the vulnerabilities. More information can be found on the page below: https://www.ibm.com/support/pages/node/6356607...

5.3CVSS6.7AI score0.01054EPSS
Exploits0
NCSC
NCSC
•added 2020/10/29 12:0 a.m.•4 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed vulnerabilities in BIG-IP. The vulnerabilities allow a remote malicious party to cause a denial-of-service and to cause a security measure to be circumvention. F5 has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-5933:...

7.8CVSS7.2AI score0.0105EPSS
Exploits0
NCSC
NCSC
•added 2020/10/29 12:0 a.m.•4 views

Vulnerabilities fixed in Samba

Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious person to gain access to system data and to cause a denial-of-service. Samba has released updates to fix the vulnerabilities. More information can be found on the page below:...

6.5CVSS7AI score0.0218EPSS
Exploits0
NCSC
NCSC
•added 2020/10/27 12:0 a.m.•4 views

Vulnerabilities fixed in Trend Micro Antivirus for Mac

Trend Micro has fixed vulnerabilities in Antivirus for Mac. The vulnerabilities allow a locally authenticated malicious agent to able to cause a denial-of-service or to obtain system data obtain. Trend Micro categorizes these vulnerabilities according to the CVSSv3 method with a highest score of...

6.9CVSS6.6AI score0.00885EPSS
Exploits0
NCSC
NCSC
•added 2020/10/27 12:0 a.m.•4 views

Vulnerability fixed in management console for 3PAR systems

HP has fixed a vulnerability in the StoreServ Management Console SSMC. SSMC is the Web-based management application for 3PAR StoreServ systems but can also be used to manage other storage systems. The vulnerability allows a malicious remotely able to bypass authentication. HP rates this...

9.8CVSS6.6AI score0.02154EPSS
Exploits0
NCSC
NCSC
•added 2020/10/23 12:0 a.m.•4 views

Vulnerabilities fixed in VMware Horizon Server and Client

Vulnerabilities have been fixed in VMware Horizon Server and Client. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. VMware has released updates to fix the vulnerabilities. More information can be found on the page below...

6.5CVSS7.3AI score0.01268EPSS
Exploits0
NCSC
NCSC
•added 2020/10/23 12:0 a.m.•4 views

Vulnerability fixed in ElasticSearch

A vulnerability has been fixed in ElasticSearch. The vulnerability allows a malicious person to obtain system data. This is only possible if Document or Field Level security is used. Elastic classifies this vulnerability with a CvSS score of 3.1. Elastic has released updates to fix the...

3.5CVSS6.5AI score0.00999EPSS
Exploits0
NCSC
NCSC
•added 2020/10/21 12:0 a.m.•4 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Adobe Photoshop. The vulnerability allows a malicious party to execute arbitrary code execute arbitrary code under user privileges. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...

7.8CVSS7.5AI score0.00762EPSS
Exploits0
NCSC
NCSC
•added 2020/10/21 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Siebel CRM

Oracle has fixed vulnerabilities in the following Oracle Siebel CRM products: Siebel Apps - Marketing Siebel UI Framework The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable application may be able to execute attacks that result in the following...

9.8CVSS7.5AI score0.99019EPSS
Exploits7
NCSC
NCSC
•added 2020/10/21 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in the following Oracle PeopleSoft products: PeopleSoft Enterprise HCM Global Payroll Core PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise SCM eSupplier Connection The vulnerabilities allow an unauthenticated malicious person with network access to the...

9.8CVSS7.9AI score0.99019EPSS
Exploits7
NCSC
NCSC
•added 2020/10/19 12:0 a.m.•4 views

Vulnerability fixed in Windows

Microsoft has fixed a vulnerability in the Windows Codecs Library. Users who had installed the HEVC codec from the Microsoft Store had installed it were vulnerable to the execution of arbitrary code by a remote malicious person. The malicious party to do this must induce the victim to play a rogu...

7.8CVSS7.1AI score0.03593EPSS
Exploits0
NCSC
NCSC
•added 2020/10/19 12:0 a.m.•4 views

Vulnerability fixed in Visual Studio

Microsoft has fixed a vulnerability in Visual Studio. The vulnerability allows a remote malicious person to execute arbitrary code under user privileges. The malicious party must do this by inducing the victim to clone a rogue repository and then open a package.json here. Microsoft has released...

9.3CVSS7.2AI score0.04243EPSS
Exploits0
NCSC
NCSC
•added 2020/10/16 12:0 a.m.•4 views

Vulnerability fixed in containerd

A vulnerability has been fixed in containerd, which is used by Docker and Kubernetes, among others. A malicious party could vulnerability potentially exploit it to gain access to login credentials to an internal or external image registry. To do so the malicious party must induce the user to pull...

6.1CVSS6.8AI score0.02209EPSS
Exploits1
NCSC
NCSC
•added 2020/10/12 12:0 a.m.•4 views

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2 and Db2 Connect. A unauthenticated remote malicious party can exploit the vulnerability potentially exploit it to cause a denial-of-service. IBM has released updates to fix the vulnerability. For more information, see:...

7.5CVSS6.8AI score0.0241EPSS
Exploits0
NCSC
NCSC
•added 2020/10/12 12:0 a.m.•4 views

Vulnerability fixed in JIRA

Atlassian has fixed a vulnerability in JIRA. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Atlassian has released updates to fi...

5.4CVSS6.3AI score0.00944EPSS
Exploits0
NCSC
NCSC
•added 2020/10/09 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Security Access Manager

IBM has fixed multiple vulnerabilities in IBM Security Access Manager. A malicious party could potentially exploit the vulnerabilities to obtain information about the system. Little substantive information about the vulnerabilities has been made publicly available. IBM has released updates to fix...

5.3CVSS6.7AI score0.00456EPSS
Exploits0
NCSC
NCSC
•added 2020/10/08 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco StarOS for ASR 5000 Series routers

Cisco has fixed multiple vulnerabilities in StarOS for ASR 5000 Series routers. A local malicious person with limited administrator privileges could potentially exploit the vulnerabilities to execute arbitrary code under root privileges. Cisco has released updates to fix the vulnerabilities in...

7.2CVSS7.5AI score0.00387EPSS
Exploits0
NCSC
NCSC
•added 2020/09/30 12:0 a.m.•4 views

Vulnerabilities fixed in Red Hat ipa

Vulnerabilities have been fixed in Red Hat ipa. The vulnerabilities allow an unauthenticated malicious person to execute arbitrary code on the victim's browser. To do this, the malicious party must trick the victim into following a rogue hyper-link to follow. In addition, the vulnerabilities enab...

6.9CVSS7.5AI score0.99019EPSS
Exploits13
NCSC
NCSC
•added 2020/09/29 12:0 a.m.•4 views

Vulnerability fixed in Trend Micro OfficeScan

A vulnerability has been fixed in Trend Micro OfficeScan. The vulnerability allows a malicious party to obtain elevated permissions and execute arbitrary code under the user's privileges. Trend Micro has released updates to fix the vulnerability. fix. More information can be found on the page...

7.8CVSS7.5AI score0.00776EPSS
Exploits0
NCSC
NCSC
•added 2020/09/23 12:0 a.m.•4 views

Vulnerabilities fixed in Firefox and Firefox ESR

Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Spoofing Mozilla has...

8.8CVSS6.8AI score0.01961EPSS
Exploits0
NCSC
NCSC
•added 2020/09/21 12:0 a.m.•4 views

Vulnerabilities fixed in VirtualBox

Vulnerabilities have been fixed in Oracle VirtualBox. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Code execution Administrator/Root privileges Access to sensitive data...

8.2CVSS6.8AI score0.00565EPSS
Exploits0
NCSC
NCSC
•added 2020/09/09 12:0 a.m.•4 views

Vulnerabilities fixed in IP stack of various SIEMENS products

Siemens has fixed two vulnerabilities in the Linux IP stack of various industrial products. An unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service cause. The malicious party must have access to the production network. It is good practice not to have suc...

7.8CVSS6.8AI score0.7354EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•4 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. An authentication check was missing in SAP Solution Manager. The vulnerabilities in SAP BusinessObjects Business Intelligence Platform were not explained further. SAP has released updates to fix the vulnerabilities. More information can be found on...

10CVSS7AI score0.98376EPSS
Exploits7
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•4 views

Vulnerability discovered in several Siemens products

Researchers have revealed that several Industrial products from Siemens are vulnerable to the so-called "CrossTalk" vulnerability in Intel Processors. A local malicious person with the rights to install software can exploit the vulnerability to gain access gain access to sensitive data. To do so,...

5.5CVSS6.7AI score0.0054EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•4 views

Vulnerability fixed in Microsoft SQL Server Reporting Services

There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to incorrect validation of attachments to reports. If successfully exploited, the vulnerability enables an authenticated malicious person able to add unauthoriz...

6.5CVSS7AI score0.01907EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•4 views

Vulnerability fixed in OpenSUSE

SUSE has made available an update to fix a vulnerability in the Linux kernel. The vulnerability allows a locally authenticated malicious person able to obtain elevated user privileges to obtain. See "Possible fixes" for more information. The developers of OpenSUSE have made updates available to f...

7.8CVSS8AI score0.01308EPSS
Exploits1
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•4 views

Vulnerabilities fixed in SAP Netweaver

SAP has fixed several vulnerabilities in SAP NetWeaver. These vulnerabilities allow malicious actors to remotely launch a Cross Site Scripting attack, or Server Side Request Forgery to execute execute. SAP has released updates to fix these vulnerabilities. For more information see:...

9.8CVSS6.8AI score0.99019EPSS
Exploits13
NCSC
NCSC
•added 2020/09/07 12:0 a.m.•4 views

Vulnerability fixed in GnuTLS

A vulnerability has been fixed in GnuTLS. The vulnerability allows a remote malicious person who has access to a TLS server that the victim is connected to is able to cause a denial-of-service attack. To exploit the vulnerability the TLS connection must meet specific conditions. The developers of...

7.5CVSS6.6AI score0.0373EPSS
Exploits1
NCSC
NCSC
•added 2020/09/03 12:0 a.m.•4 views

Vulnerabilities fixed in FreeBSD

The developers of FreeBSD have fixed several vulnerabilities fixed in several network modules used by FreeBSD. used. A malicious party on the local network could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the...

7.5CVSS7.4AI score0.04472EPSS
Exploits1
NCSC
NCSC
•added 2020/09/02 12:0 a.m.•4 views

Vulnerability fixed in Atlassian Jira

Vulnerable versions of Atlassian Jira Server and Data Center allow a remote malicious person to enumerate project keys via a vulnerability in the /browse.PROJECTKEY endpoint. Atlassian has made version 8.12.0 of Jira available. More information can be found on the following page:...

7.5CVSS6.8AI score0.03051EPSS
Exploits0
NCSC
NCSC
•added 2020/09/01 12:0 a.m.•4 views

Vulnerability fixed in Trend Micro OfficeScan

Trend Micro has fixed a vulnerability in OfficeScan. The vulnerability allows a malicious party to obtain elevated privileges obtain and to execute arbitrary code. Trend Micro categorizes this vulnerability according to the CVSSv3 method with a score of 7.8. Trend Micro has released updates to fi...

7.8CVSS7.1AI score0.00776EPSS
Exploits0
Total number of security vulnerabilities4190