Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2023/06/15 12:0 a.m.•3 views

Vulnerability fixed in Adobe Animate

Adobe has fixed a vulnerability in Animate. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. The malicious person needs to trick the victim into opening a rogue file to do so. open. Adobe has released updates to fix the vulnerability in Animate...

7.8CVSS7.1AI score0.00418EPSS
Exploits0
NCSC
NCSC
•added 2023/06/08 12:0 a.m.•3 views

Vulnerability fixed in Cisco Anyconnect Secure Mobility Client and Secure Client

Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client and Secure Client for windows. A local, authenticated malicious party could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code execute code with privileges from SYSTEM. Cisco has release...

7.8CVSS7.5AI score0.05374EPSS
Exploits1
NCSC
NCSC
•added 2023/06/01 12:0 a.m.•3 views

Actively exploited vulnerability fixed in Progress MOVEit

Progress has fixed a vulnerability in MOVEit Transfer. The vulnerability allows an unauthenticated remote malicious person able to obtain sensitive data processed through the application being processed. In addition, the vulnerability could potentially be exploited to obtain administrator...

6.8AI score
Exploits0
NCSC
NCSC
•added 2023/05/19 12:0 a.m.•3 views

Vulnerability fixed in CUPS

OpenPrinting has fixed a vulnerability in CUPS. A malicious person with access to the print server, and the ability to create printers, could exploit the vulnerability to execute arbitrary code with print server privileges. OpenPrinting has released updates to fix the vulnerability fix in CUPS. F...

8.8CVSS7.3AI score0.03697EPSS
Exploits1
NCSC
NCSC
•added 2023/04/28 12:0 a.m.•3 views

Vulnerabilities fixed in IBM App Connect Enterprise and Integration Bus

IBM fixed vulnerabilities in Integration Bus and App Connect Enterprise. The vulnerabilities are in the underlying Eclipse Mosquito and allow a malicious party to perform a denial-of-service attack. IBM has released updates to fix the vulnerabilities in Integration Bus and App Connect Enterprise...

7.5CVSS6.8AI score0.0126EPSS
Exploits2
NCSC
NCSC
•added 2023/04/20 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Supply Chain

Vulnerabilities have been fixed in Oracle Supply Chain Products Suite, specifically in the Agile PLM. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data...

7.5CVSS6.6AI score0.02824EPSS
Exploits2
NCSC
NCSC
•added 2023/04/20 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in Oracle Hyperion products. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under the application's permissions. ------------------.------.------------------------------------- | CVE...

9.8CVSS9.3AI score0.02636EPSS
Exploits1
NCSC
NCSC
•added 2023/04/19 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Construction and Engineering

Oracle has fixed vulnerabilities in Primavera P6 Enterprise Project Portfolio Management and Primavera Unifier. The vulnerability with reference CVE-2022-27404 allows an unauthenticated malicious party to execute arbitrary code under the rights of the application...

9.8CVSS7.7AI score0.03307EPSS
Exploits3
NCSC
NCSC
•added 2023/04/08 12:0 a.m.•3 views

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS, iPadOS and Safari. The vulnerabilities allow an unauthenticated remote malicious party to execute arbitrary code. execute. Apple says it has received signals of active misuse of the vulnerabilities. Organizations are advised to implement the made...

8.8CVSS7.4AI score0.27076EPSS
Exploits0
NCSC
NCSC
•added 2023/03/30 12:0 a.m.•3 views

Vulnerabilities fixed in Samba

Samba developers have fixed vulnerabilities in Samba. A malicious party could exploit the vulnerabilities to gain access gain access to sensitive data, or to manipulate data in the underlying Active Directory without being authorized to do so. The vulnerability with attribute CVE-2023-0614 is a f...

7.7CVSS7.2AI score0.02195EPSS
Exploits0
NCSC
NCSC
•added 2023/03/24 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. A remote malicious person could exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...

9.8CVSS9.7AI score0.02925EPSS
Exploits0
NCSC
NCSC
•added 2023/03/16 12:0 a.m.•3 views

Vulnerability fixed in HP Integrated Lights Out (ILO)

Hewlett Packard has fixed a vulnerability in Integrated Lights Out ILO 4, 5 and 6. A malicious person with access to the ILO infrastructure could exploit the vulnerability to perform of a cross-site scripting XSS attack. Such an attack can lead to execution of code in the context of the browser o...

8.3CVSS6.1AI score0.00445EPSS
Exploits0
NCSC
NCSC
•added 2023/03/16 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data Access to system data The malicious party...

8.8CVSS6.8AI score0.00798EPSS
Exploits0
NCSC
NCSC
•added 2023/03/13 12:0 a.m.•3 views

Vulnerabilities fixed in Redis

Redis has fixed two vulnerabilities. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. Because Redis is widely used as a message broker to support of information exchange processes, the consequence of a Denial-of-Service on the Redis service cannot be...

6.5CVSS7AI score0.59706EPSS
Exploits0
NCSC
NCSC
•added 2023/02/23 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome and Chromium

Google has fixed several vulnerabilities in Chrome. A remote malicious person can exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...

8.8CVSS9.7AI score0.00668EPSS
Exploits0
NCSC
NCSC
•added 2023/02/23 12:0 a.m.•3 views

Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor

Foxit has fixed several vulnerabilities in PDF reader and PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must trick the deceive the victim...

7.8AI score
Exploits0
NCSC
NCSC
•added 2023/02/20 12:0 a.m.•3 views

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in node.js. A malicious party can exploit the vulnerabilities to bypass security measures and thus gain access to modules and code for which which it is not authorized. Also, the malicious party can cause a Denial-of-Service, or through host header injection...

7.5CVSS7.8AI score0.02209EPSS
Exploits2
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system...

8.8CVSS7.6AI score0.00883EPSS
Exploits0
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2 10.5, 11.1 and 11.5. For more information and the related FixPacks, see:...

7.5CVSS6.8AI score0.00739EPSS
Exploits0
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in OpenSSL

The developers of OpenSSL have fixed several vulnerabilities fixed. A malicious party could exploit the vulnerabilities to cause a denial-of-service by offering manipulated certificates causing the OpenSSL system to crash. Under specially prepared circumstances, where the malicious party has...

7.5CVSS6.7AI score0.59501EPSS
Exploits0
NCSC
NCSC
•added 2023/02/02 12:0 a.m.•3 views

Vulnerability fixed in Cisco Prime Infrastructure

Cisco has fixed a vulnerability in the Web-based management interface of Prime Infrastructure. An unauthenticated malicious person with access to the management environment can exploit the exploit the vulnerability to perform a cross-site scripting XSS attack. Such an attack can lead to execution...

6.1CVSS6.7AI score0.0047EPSS
Exploits0
NCSC
NCSC
•added 2023/01/27 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Windows

Microsoft has released an out-of-band security update to fix a vulnerability in the Point-to-point Tunneling Protocol, as used in the Microsoft Remote Access Service. A unauthenticated malicious party could exploit the vulnerability to execute arbitrary code on the RAS environment, after causing ...

8.1CVSS7.3AI score0.00993EPSS
Exploits0
NCSC
NCSC
•added 2023/01/19 12:0 a.m.•3 views

Vulnerability found in Cisco Email Security Appliance

A vulnerability has been found in Cisco Email Security Appliance ESA. The vulnerability allows an unauthenticated malicious person able to bypass URL filters and thereby bypass security functionality of ESA. Cisco has published a security advisory with more information about the vulnerability:...

5.3CVSS6.7AI score0.00678EPSS
Exploits0
NCSC
NCSC
•added 2023/01/18 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle MySQL

Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Accessing sensitive data Oracle has made updates available to address the vulnerabilities...

9.8CVSS6.7AI score0.1593EPSS
Exploits6
NCSC
NCSC
•added 2023/01/18 12:0 a.m.•3 views

Vulnerabilities fixed in GitLab CE and EE

Vulnerabilities have been fixed in GitLab Enterprise Edition EE and Community Edition CE. The vulnerabilities potentially enable a malicious person to execute Remote code execution. GitLab has released updates to fix the vulnerabilities in GitLab EE and CE 15.7.5, 15.6.6, and 15.5.9. For more...

9.8CVSS7.7AI score0.56334EPSS
Exploits0
NCSC
NCSC
•added 2023/01/18 12:0 a.m.•3 views

Vulnerabilities fixed in Git

Vulnerabilities have been fixed in Git. The vulnerabilities allow a malicious person potentially capable of performing of Remote code execution. Git has released updates to fix the vulnerability. More information can be found on the pages below:...

9.8CVSS7.7AI score0.56334EPSS
Exploits0
NCSC
NCSC
•added 2023/01/17 12:0 a.m.•3 views

Possible exploit vulnerability in Zoho ManageEngine

A vulnerability has been fixed in several Zoho ManageEngine products. The vulnerability is located in an underlying third-party product: Apache Santuario. The vulnerability allows a malicious party to execute arbitrary code on the vulnerable system with system privileges. Researchers at Horizon3 ...

9.8CVSS7.9AI score0.99753EPSS
Exploits15
NCSC
NCSC
•added 2022/12/22 12:0 a.m.•3 views

Vulnerabilities fixed in Mattermost

Unspecified vulnerabilities have been fixed in MatterMost. Mattermost has not released any substantive information released, but estimates the severity of the vulnerabilities as MEDIUM. The grading of this security advisory is accordingly accordingly. MatterMost indicates in accordance with their...

6.8AI score
Exploits0
NCSC
NCSC
•added 2022/12/21 12:0 a.m.•3 views

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL. The vulnerabilities allow a malicious party the ability to bypass a security measure or cause a denial-of-service. The developers of cURL have released updates to fix the vulnerabilities. For more information, see: https://curl.se/docs/CVE-2022-43551.html...

7.5CVSS6.8AI score0.1654EPSS
Exploits2
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•3 views

Vulnerabilities fixed in X.Org X Server

Vulnerabilities have been fixed in X.Org X Server. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Increased user privileges Misuse of the...

8.8CVSS8AI score0.02685EPSS
Exploits0
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•3 views

Vulnerabilities fixed in Apple Safari

Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Access to sensitive data Access to system data Apple states that it is aware of...

8.8CVSS7.6AI score0.34574EPSS
Exploits2
NCSC
NCSC
•added 2022/12/09 12:0 a.m.•3 views

Vulnerabilities fixed in NetApp Clustered Data ONTAP

NetApp has fixed several vulnerabilities in Clustered Data ONTAP. The vulnerabilities are in underlying libraries such as libcurl, libexpat and libxml2. The vulnerabilities allow a malicious party to cause a denial-of-service, gain access to sensitive data and/or manipulate it. NetApp has release...

9.8CVSS8.8AI score0.3197EPSS
Exploits9
NCSC
NCSC
•added 2022/12/02 12:0 a.m.•3 views

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in the Asterisk VoIP server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The vulnerability with...

7.5CVSS8.2AI score0.01236EPSS
Exploits0
NCSC
NCSC
•added 2022/11/28 12:0 a.m.•3 views

Vulnerability fixed in Erlang OTP

Erlang developers have fixed a vulnerability in Erlang OTP. A malicious party could exploit the vulnerability to gain access to sensitive data, when using Erlang SSL in combination with client authentication. Erlang has released updates to fix the vulnerability in OTP 25.1; for more information,...

9.8CVSS8.7AI score0.01167EPSS
Exploits0
NCSC
NCSC
•added 2022/11/25 12:0 a.m.•3 views

Vulnerability fixed in Exim

A vulnerability has been fixed in Exim. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service DoS attack. The way regular expressions are processed in configuration files processed can lead to a crash under certain circumstances. To do so, the...

7.5CVSS6.5AI score0.03661EPSS
Exploits0
NCSC
NCSC
•added 2022/11/24 12:0 a.m.•3 views

Vulnerabilities fixed in ImageMagick

Several vulnerabilities have been fixed in ImageMagick. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to have a specially prepared file to be processed by the victim. Given the use of ImageMagick, it is possible...

7.8CVSS6.8AI score0.0238EPSS
Exploits2
NCSC
NCSC
•added 2022/11/23 12:0 a.m.•3 views

Vulnerability fixed in Red Hat OpenShift

A vulnerability has been fixed in the go-restful component of Red Hat OpenShift. A remote malicious agent could potentially exploit it to bypass authentication on a specific endpoint bypass. To do this, the malicious party must use the AllowedDomains Cross-Origin Resource Sharing CORS filter. Red...

9.3CVSS9.4AI score0.02737EPSS
Exploits1
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•3 views

Vulnerability fixed in Sophos UTM

A vulnerability has been fixed in Sophos UTM. The vulnerability allows an authenticated remote malicious person to perform an SQL injection to execute, potentially obtaining sensitive data. obtain. The vulnerability is located in the quarantine manager of the email component of Sophos UTM. Sophos...

6.8AI score
Exploits0
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•3 views

Vulnerability fixed in Node.js

A vulnerability has been fixed in nodejs. The vulnerability allows a remote malicious person to execute arbitrary code. execute. This is caused by the inspect parameter and the allowing incorrect octal IP addresses, leading to DNS rebinding. Node.js has released updates to fix the vulnerability i...

8.1CVSS7.3AI score0.14024EPSS
Exploits0
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•3 views

Vulnerabilities fixed in Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...

9.8CVSS8.6AI score0.01659EPSS
Exploits0
NCSC
NCSC
•added 2022/11/15 12:0 a.m.•3 views

Vulnerabilities fixed in IBM WebSphere Application Server

Vulnerabilities have been fixed in IBM HTTP Server, part of IBM WebSphere Application Server. The vulnerabilities are specifically in the libexpat component of the product. For more information about the vulnerability in libexpat, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0684 The...

7.5CVSS7.8AI score0.19433EPSS
Exploits3
NCSC
NCSC
•added 2022/11/14 12:0 a.m.•3 views

Vulnerabilities fixed in PHP

Vulnerabilities have been fixed in PHP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data PHP developers have released updates to...

9.8CVSS7.4AI score0.49336EPSS
Exploits6
NCSC
NCSC
•added 2022/11/07 12:0 a.m.•3 views

Vulnerabilities fixed in libxml2

Vulnerabilities have been fixed in libxml2. The vulnerabilities allow a remote malicious person to cause a denial-of-service cause. -= Debian =- Debian has made updates to libxml2 available for Debian 11.0 Bullseye to address the vulnerabilities. You can install the custom packages installed by...

7.8CVSS5.7AI score0.22791EPSS
Exploits2
NCSC
NCSC
•added 2022/11/02 12:0 a.m.•3 views

Vulnerabilities fixed in Xen

Xen's developers have fixed vulnerabilities in Xen. The vulnerabilities are located in the xenstored and allow a malicious with rights to deploy and configure guest images through rogue guests to cause a Denial-of-Service, or potentially gain access to memory of other guest systems and thus...

8.8CVSS7.1AI score0.00277EPSS
Exploits0
NCSC
NCSC
•added 2022/10/27 12:0 a.m.•3 views

Vulnerability fixed in Zoom

A vulnerability has been fixed in Zoom. The vulnerability allows a malicious person to bypass a security measure and gain access to sensitive data. To exploit the vulnerability, a malicious person needs to victim to open a rogue link. This enables the malicious party to perform further attacks su...

9.6CVSS6.7AI score0.01134EPSS
Exploits0
NCSC
NCSC
•added 2022/10/24 12:0 a.m.•3 views

Vulnerability found in Microsoft Windows

A vulnerability has been found in Microsoft Windows. A malicious party can exploit the vulnerability to execute arbitrary code under privileges of the logged-in user. To do this the malicious party must induce the victim to open a rogue file. The vulnerability is located in Mark-of-the-Web...

6.7AI score
Exploits0
NCSC
NCSC
•added 2022/10/06 12:0 a.m.•3 views

Vulnerability fixed in Cisco Secure Web Appliance

Cisco has fixed a vulnerability in its Secure Web Appliance. It affects both the hardware and virtual versions. An unauthenticated malicious person located in the internal network is in the internal network can exploit the vulnerability to bypass filters and thus route traffic from a rogue server...

5.3CVSS6.9AI score0.00678EPSS
Exploits0
NCSC
NCSC
•added 2022/10/04 12:0 a.m.•3 views

Vulnerabilities fixed in Debian

Vulnerabilities have been fixed in the Linux kernel as used by Debian. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to...

7.8CVSS7.2AI score0.12746EPSS
Exploits18
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•3 views

Vulnerabilities fixed in IBM MQ

Vulnerabilities have been fixed in IBM MQ. The vulnerabilities allow a malicious party to bypass a command measure bypass and perform a denial-of-service DoS. IBM has released updates to fix the vulnerabilities in MQ. For more information, see: https://www.ibm.com/support/pages/node/6823767...

7.5CVSS7.5AI score0.51733EPSS
Exploits1
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•3 views

Vulnerability fixed in Expat

A vulnerability has been fixed in Expat. A malicious person can cause a use-after-free in libexpat via the doContent function in xmlparse.c. Misuse of the vulnerability potentially results in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Use...

8.1CVSS8.9AI score0.01659EPSS
Exploits0
Total number of security vulnerabilities4189