Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2023/08/23 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the browser, or gain access to sensitive data in the context of the browser. Successful exploitation requires the malicious party to trick the victim into...

8.8CVSS7.5AI score0.3398EPSS
Exploits0
NCSC
NCSC
•added 2023/08/03 12:0 a.m.•3 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed vulnerabilities in BIG-IP. An authenticated malicious person with access to the management interface, or access to the shell of the system, could exploit the vulnerabilities to cause a Denial-of-Service, obtain sensitive information or, through a Cross-Site-Scripting attack, execute...

7.5CVSS7.5AI score0.00453EPSS
Exploits0
NCSC
NCSC
•added 2023/07/31 12:0 a.m.•3 views

Vulnerability fixed in libarchive

A vulnerability has been fixed in libarchive, a widely used library used by backup tools and tools such as tar, cpio etc. A local malicious person could exploit the vulnerability to cause a buffer overflow and thus potentially execute arbitrary code execute arbitrary code. In reporting the...

6.8AI score
Exploits0
NCSC
NCSC
•added 2023/07/31 12:0 a.m.•3 views

Vulnerability fixed in QNAP firmware

QNAP has fixed a vulnerability in the firmware of several NAS and virtualization systems running QTS, QuTS Hero, QuTScloud and QVR. A malicious party could exploit the vulnerability to cause a denial-of-service. QNAP has released updates to fix the vulnerability in the firmware for QTS, QuTS Hero...

6.8CVSS6.8AI score0.00584EPSS
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•3 views

Vulnerability fixed in Veritas NetBackup Snapshot Manager

Veritas has fixed a vulnerability in NetBackup Snapshot Manager. Due to a flaw in the way client certificates are processed, it is possible for a malicious party to access backups and restores for which the malicious party is not authorized. This allows the malicious party to gain access to...

6.4AI score
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•3 views

Vulnerabilities fixed in Sophos Unified Threat Management (UTM)

Sophos has fixed vulnerabilities in Unified Threat Management UTM. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with application privileges. Sophos has released updates to fix the vulnerabilities in UTM 9.716. For more...

7.5CVSS7AI score0.59501EPSS
Exploits1
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•3 views

Vulnerability fixed in Ghostscript

Artifex has fixed a vulnerability in Ghostscript. A malicious party could exploit the vulnerability to be able to execute arbitrary be able to execute arbitrary commands with permissions from the Ghostscript process. To do this, the malicious party must trick the victim into opening a rogue file...

7.8CVSS7.2AI score0.03236EPSS
Exploits3
NCSC
NCSC
•added 2023/07/10 12:0 a.m.•3 views

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious party can exploit the exploit the vulnerabilities to execute arbitrary code with privileges of the application, or to grant itself locally elevated privileges granted. IBM has released updates to fix the vulnerabilities in DB2. For more informatio...

8.8CVSS7.8AI score0.01378EPSS
Exploits0
NCSC
NCSC
•added 2023/07/03 12:0 a.m.•3 views

Vulnerability fixed in Elasticsearch

Elastic has fixed a vulnerability in Elasticsearch. A malicious party could exploit the vulnerability to cause a denial-of-service attack. Elastic has released updates to fix the vulnerability in Elasticsearch 8.8.2 and 7.17.11. For more information, see: https://discuss.elastic.co/t...

7.5CVSS7.3AI score0.01119EPSS
Exploits1
NCSC
NCSC
•added 2023/06/20 12:0 a.m.•3 views

Vulnerabilities fixed in IBM Spectrum Protect

IBM fixed vulnerabilities in Spectrum Protect Plus Microsoft Filesystem Backup and Restore. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, or gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Spectru...

7.5CVSS6.9AI score0.0142EPSS
Exploits1
NCSC
NCSC
•added 2023/06/15 12:0 a.m.•3 views

Vulnerability fixed in Adobe Animate

Adobe has fixed a vulnerability in Animate. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. The malicious person needs to trick the victim into opening a rogue file to do so. open. Adobe has released updates to fix the vulnerability in Animate...

7.8CVSS7.1AI score0.00418EPSS
Exploits0
NCSC
NCSC
•added 2023/06/01 12:0 a.m.•3 views

Actively exploited vulnerability fixed in Progress MOVEit

Progress has fixed a vulnerability in MOVEit Transfer. The vulnerability allows an unauthenticated remote malicious person able to obtain sensitive data processed through the application being processed. In addition, the vulnerability could potentially be exploited to obtain administrator...

6.8AI score
Exploits0
NCSC
NCSC
•added 2023/05/19 12:0 a.m.•3 views

Vulnerability fixed in CUPS

OpenPrinting has fixed a vulnerability in CUPS. A malicious person with access to the print server, and the ability to create printers, could exploit the vulnerability to execute arbitrary code with print server privileges. OpenPrinting has released updates to fix the vulnerability fix in CUPS. F...

8.8CVSS7.3AI score0.03697EPSS
Exploits1
NCSC
NCSC
•added 2023/04/28 12:0 a.m.•3 views

Vulnerabilities fixed in IBM App Connect Enterprise and Integration Bus

IBM fixed vulnerabilities in Integration Bus and App Connect Enterprise. The vulnerabilities are in the underlying Eclipse Mosquito and allow a malicious party to perform a denial-of-service attack. IBM has released updates to fix the vulnerabilities in Integration Bus and App Connect Enterprise...

7.5CVSS6.8AI score0.0126EPSS
Exploits2
NCSC
NCSC
•added 2023/04/20 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Supply Chain

Vulnerabilities have been fixed in Oracle Supply Chain Products Suite, specifically in the Agile PLM. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data...

7.5CVSS6.6AI score0.02824EPSS
Exploits2
NCSC
NCSC
•added 2023/04/20 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in Oracle Hyperion products. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under the application's permissions. ------------------.------.------------------------------------- | CVE...

9.8CVSS9.3AI score0.02636EPSS
Exploits1
NCSC
NCSC
•added 2023/04/19 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Construction and Engineering

Oracle has fixed vulnerabilities in Primavera P6 Enterprise Project Portfolio Management and Primavera Unifier. The vulnerability with reference CVE-2022-27404 allows an unauthenticated malicious party to execute arbitrary code under the rights of the application...

9.8CVSS7.7AI score0.03307EPSS
Exploits3
NCSC
NCSC
•added 2023/04/08 12:0 a.m.•3 views

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS, iPadOS and Safari. The vulnerabilities allow an unauthenticated remote malicious party to execute arbitrary code. execute. Apple says it has received signals of active misuse of the vulnerabilities. Organizations are advised to implement the made...

8.8CVSS7.4AI score0.27076EPSS
Exploits0
NCSC
NCSC
•added 2023/03/30 12:0 a.m.•3 views

Vulnerabilities fixed in Samba

Samba developers have fixed vulnerabilities in Samba. A malicious party could exploit the vulnerabilities to gain access gain access to sensitive data, or to manipulate data in the underlying Active Directory without being authorized to do so. The vulnerability with attribute CVE-2023-0614 is a f...

7.7CVSS7.2AI score0.02195EPSS
Exploits0
NCSC
NCSC
•added 2023/03/24 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. A remote malicious person could exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...

9.8CVSS9.7AI score0.02925EPSS
Exploits0
NCSC
NCSC
•added 2023/03/16 12:0 a.m.•3 views

Vulnerability fixed in HP Integrated Lights Out (ILO)

Hewlett Packard has fixed a vulnerability in Integrated Lights Out ILO 4, 5 and 6. A malicious person with access to the ILO infrastructure could exploit the vulnerability to perform of a cross-site scripting XSS attack. Such an attack can lead to execution of code in the context of the browser o...

8.3CVSS6.1AI score0.00445EPSS
Exploits0
NCSC
NCSC
•added 2023/03/16 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data Access to system data The malicious party...

8.8CVSS6.8AI score0.00798EPSS
Exploits0
NCSC
NCSC
•added 2023/02/23 12:0 a.m.•3 views

Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor

Foxit has fixed several vulnerabilities in PDF reader and PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code with the victim's privileges. The malicious party must trick the deceive the victim...

7.8AI score
Exploits0
NCSC
NCSC
•added 2023/02/23 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome and Chromium

Google has fixed several vulnerabilities in Chrome. A remote malicious person can exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data To exploit the...

8.8CVSS9.7AI score0.00668EPSS
Exploits0
NCSC
NCSC
•added 2023/02/20 12:0 a.m.•3 views

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in node.js. A malicious party can exploit the vulnerabilities to bypass security measures and thus gain access to modules and code for which which it is not authorized. Also, the malicious party can cause a Denial-of-Service, or through host header injection...

7.5CVSS7.8AI score0.02209EPSS
Exploits2
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system...

8.8CVSS7.6AI score0.00883EPSS
Exploits0
NCSC
NCSC
•added 2023/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in OpenSSL

The developers of OpenSSL have fixed several vulnerabilities fixed. A malicious party could exploit the vulnerabilities to cause a denial-of-service by offering manipulated certificates causing the OpenSSL system to crash. Under specially prepared circumstances, where the malicious party has...

7.5CVSS6.7AI score0.59501EPSS
Exploits0
NCSC
NCSC
•added 2023/02/02 12:0 a.m.•3 views

Vulnerability fixed in Cisco Prime Infrastructure

Cisco has fixed a vulnerability in the Web-based management interface of Prime Infrastructure. An unauthenticated malicious person with access to the management environment can exploit the exploit the vulnerability to perform a cross-site scripting XSS attack. Such an attack can lead to execution...

6.1CVSS6.7AI score0.0047EPSS
Exploits0
NCSC
NCSC
•added 2023/01/27 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Windows

Microsoft has released an out-of-band security update to fix a vulnerability in the Point-to-point Tunneling Protocol, as used in the Microsoft Remote Access Service. A unauthenticated malicious party could exploit the vulnerability to execute arbitrary code on the RAS environment, after causing ...

8.1CVSS7.3AI score0.00993EPSS
Exploits0
NCSC
NCSC
•added 2023/01/18 12:0 a.m.•3 views

Vulnerabilities fixed in Git

Vulnerabilities have been fixed in Git. The vulnerabilities allow a malicious person potentially capable of performing of Remote code execution. Git has released updates to fix the vulnerability. More information can be found on the pages below:...

9.8CVSS7.7AI score0.56334EPSS
Exploits0
NCSC
NCSC
•added 2023/01/18 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle MySQL

Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Accessing sensitive data Oracle has made updates available to address the vulnerabilities...

9.8CVSS6.7AI score0.1593EPSS
Exploits6
NCSC
NCSC
•added 2022/12/21 12:0 a.m.•3 views

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL. The vulnerabilities allow a malicious party the ability to bypass a security measure or cause a denial-of-service. The developers of cURL have released updates to fix the vulnerabilities. For more information, see: https://curl.se/docs/CVE-2022-43551.html...

7.5CVSS6.8AI score0.1654EPSS
Exploits2
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•3 views

Vulnerabilities fixed in X.Org X Server

Vulnerabilities have been fixed in X.Org X Server. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Increased user privileges Misuse of the...

8.8CVSS8AI score0.02685EPSS
Exploits0
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•3 views

Vulnerabilities fixed in Apple Safari

Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Access to sensitive data Access to system data Apple states that it is aware of...

8.8CVSS7.6AI score0.34574EPSS
Exploits2
NCSC
NCSC
•added 2022/12/09 12:0 a.m.•3 views

Vulnerabilities fixed in NetApp Clustered Data ONTAP

NetApp has fixed several vulnerabilities in Clustered Data ONTAP. The vulnerabilities are in underlying libraries such as libcurl, libexpat and libxml2. The vulnerabilities allow a malicious party to cause a denial-of-service, gain access to sensitive data and/or manipulate it. NetApp has release...

9.8CVSS8.8AI score0.3197EPSS
Exploits9
NCSC
NCSC
•added 2022/12/02 12:0 a.m.•3 views

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in the Asterisk VoIP server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The vulnerability with...

7.5CVSS8.2AI score0.01236EPSS
Exploits0
NCSC
NCSC
•added 2022/11/25 12:0 a.m.•3 views

Vulnerability fixed in Exim

A vulnerability has been fixed in Exim. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service DoS attack. The way regular expressions are processed in configuration files processed can lead to a crash under certain circumstances. To do so, the...

7.5CVSS6.5AI score0.03661EPSS
Exploits0
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•3 views

Vulnerability fixed in Sophos UTM

A vulnerability has been fixed in Sophos UTM. The vulnerability allows an authenticated remote malicious person to perform an SQL injection to execute, potentially obtaining sensitive data. obtain. The vulnerability is located in the quarantine manager of the email component of Sophos UTM. Sophos...

6.8AI score
Exploits0
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•3 views

Vulnerabilities fixed in Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...

9.8CVSS8.6AI score0.01659EPSS
Exploits0
NCSC
NCSC
•added 2022/11/15 12:0 a.m.•3 views

Vulnerabilities fixed in IBM WebSphere Application Server

Vulnerabilities have been fixed in IBM HTTP Server, part of IBM WebSphere Application Server. The vulnerabilities are specifically in the libexpat component of the product. For more information about the vulnerability in libexpat, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0684 The...

7.5CVSS7.8AI score0.19433EPSS
Exploits3
NCSC
NCSC
•added 2022/11/07 12:0 a.m.•3 views

Vulnerabilities fixed in libxml2

Vulnerabilities have been fixed in libxml2. The vulnerabilities allow a remote malicious person to cause a denial-of-service cause. -= Debian =- Debian has made updates to libxml2 available for Debian 11.0 Bullseye to address the vulnerabilities. You can install the custom packages installed by...

7.8CVSS5.7AI score0.22791EPSS
Exploits2
NCSC
NCSC
•added 2022/10/27 12:0 a.m.•3 views

Vulnerability fixed in Zoom

A vulnerability has been fixed in Zoom. The vulnerability allows a malicious person to bypass a security measure and gain access to sensitive data. To exploit the vulnerability, a malicious person needs to victim to open a rogue link. This enables the malicious party to perform further attacks su...

9.6CVSS6.7AI score0.01134EPSS
Exploits0
NCSC
NCSC
•added 2022/10/24 12:0 a.m.•3 views

Vulnerability found in Microsoft Windows

A vulnerability has been found in Microsoft Windows. A malicious party can exploit the vulnerability to execute arbitrary code under privileges of the logged-in user. To do this the malicious party must induce the victim to open a rogue file. The vulnerability is located in Mark-of-the-Web...

6.7AI score
Exploits0
NCSC
NCSC
•added 2022/10/06 12:0 a.m.•3 views

Vulnerability fixed in Cisco Secure Web Appliance

Cisco has fixed a vulnerability in its Secure Web Appliance. It affects both the hardware and virtual versions. An unauthenticated malicious person located in the internal network is in the internal network can exploit the vulnerability to bypass filters and thus route traffic from a rogue server...

5.3CVSS6.9AI score0.00678EPSS
Exploits0
NCSC
NCSC
•added 2022/10/04 12:0 a.m.•3 views

Vulnerabilities fixed in Debian

Vulnerabilities have been fixed in the Linux kernel as used by Debian. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to...

7.8CVSS7.2AI score0.12746EPSS
Exploits18
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•3 views

Vulnerability fixed in Expat

A vulnerability has been fixed in Expat. A malicious person can cause a use-after-free in libexpat via the doContent function in xmlparse.c. Misuse of the vulnerability potentially results in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Use...

8.1CVSS8.9AI score0.01659EPSS
Exploits0
NCSC
NCSC
•added 2022/09/29 12:0 a.m.•3 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

8.6CVSS7.5AI score0.01083EPSS
Exploits0
NCSC
NCSC
•added 2022/09/27 12:0 a.m.•3 views

Vulnerabilities fixed in Veritas NetBackup

Vulnerabilities have been fixed in Veritas NetBackup Server and Client. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data The vulnerabilities with CVSS3 scores 9.0 and 8.0...

8AI score
Exploits0
NCSC
NCSC
•added 2022/09/16 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to execute arbitrary code or cause a denial-of-service. As usual, few technical details about the vulnerabilities publicly available made available...

8.8CVSS7.9AI score0.01855EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Defender

Microsoft has fixed a vulnerability in Defender Endpoint for macOS. A local, authenticated malicious party can exploit the exploit the vulnerability to grant itself elevated privileges and thus execute code with SYSTEM/root privileges. Microsoft has made updates available that fix the described...

7.8CVSS6.9AI score0.00464EPSS
Exploits0
Total number of security vulnerabilities4189