Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2022/05/06 12:0 a.m.•3 views

Vulnerability fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere

A vulnerability has been fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA. The vulnerability allows an authenticated remote malicious party to execute system commands. No CVE attribute is currently available for this vulnerability. available. Aveva has released updates to fix the...

6.8AI score
Exploits0
NCSC
NCSC
•added 2022/05/04 12:0 a.m.•3 views

Vulnerability fixed in FortiClient

A vulnerability has been fixed in FortiClient. The vulnerability allows a malicious person with access to the system to execute or delete files with admin rights. The vulnerability is located in the FortiClient MSI installer. Fortinet has released updates to fix the vulnerability. More informatio...

8.4CVSS6.6AI score0.00215EPSS
Exploits0
NCSC
NCSC
•added 2022/05/04 12:0 a.m.•3 views

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= Debian =- Debian has made updates to...

7.8CVSS6.4AI score0.05524EPSS
Exploits20
NCSC
NCSC
•added 2022/04/29 12:0 a.m.•3 views

Vulnerability fixed in Cisco Catalyst

A vulnerability has been fixed in Cisco Catalyst. The vulnerability is located in the IOS XE software. The vulnerability allows a locally authenticated malicious person to obtain elevated permissions and execute arbitrary code with these elevated privileges. Cisco has released updates to fix the...

7.8CVSS7.3AI score0.00223EPSS
Exploits0
NCSC
NCSC
•added 2022/04/29 12:0 a.m.•3 views

Vulnerabilities fixed in IBM QRadar

Vulnerabilities have been fixed in IBM QRadar. The vulnerabilities have mostly been described previously in Linux kernel security advisories. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS...

8.8CVSS8.4AI score0.0066EPSS
Exploits3
NCSC
NCSC
•added 2022/04/26 12:0 a.m.•3 views

Vulnerabilities fixed in FreeRADIUS

Two vulnerabilities have been fixed in FreeRADIUS. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive data obtain. To cause the denial-of-service, the malicious party must possess a system in the FreeRADIUS "circle of trust." The developers of FreeRADI...

7AI score
Exploits0
NCSC
NCSC
•added 2022/04/21 12:0 a.m.•3 views

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights For these vulnerabilities, at the time of...

7.1AI score
Exploits0
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in Java SE JDK/JRE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...

7.5CVSS8AI score0.70561EPSS
Exploits8
NCSC
NCSC
•added 2022/04/19 12:0 a.m.•3 views

Vulnerabilities fixed in the Linux kernel

Several vulnerabilities have been fixed in the Linux kernel. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to system data Increased user privileges -=...

8.6CVSS7AI score0.05524EPSS
Exploits19
NCSC
NCSC
•added 2022/04/15 12:0 a.m.•3 views

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code under the browser's permissions. As usual, Google has not made additional information made available about the fixed vulnerability. Google indicates tha...

8.8CVSS7.3AI score0.1372EPSS
Exploits2
NCSC
NCSC
•added 2022/04/14 12:0 a.m.•3 views

Vulnerabilities fixed in IBM Db, Db2 on OpenShift and Cloud Pak for Data

Several vulnerabilities have been fixed in IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data. These vulnerabilities allow an attacker to execute arbitrary code execute arbitrary code or cause a denial-of-service DoS. For the vulnerabilities with attributes CVE-2021-33196 an...

7.5CVSS9.7AI score0.061EPSS
Exploits4
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•3 views

Vulnerability fixed in HAProxy

A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...

7.5CVSS6.8AI score0.16563EPSS
Exploits0
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•3 views

Vulnerabilities fixed in Ruby

Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Ruby developers have released updates to address the vulnerabilities. More information can be foun...

9.8CVSS6.8AI score0.04127EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•3 views

Vulnerability fixed in libarchive

The developers of libarchive have fixed a vulnerability. The vulnerability allows a remote malicious party to view sensitive data or cause a denial-of-service DoS cause. To do so, the malicious party must induce a victim to install open a malicious and compressed file with an application that use...

6.5CVSS6.7AI score0.01877EPSS
Exploits1
NCSC
NCSC
•added 2022/03/30 12:0 a.m.•3 views

Vulnerability fixed in Arista EOS switches

Arista has fixed a vulnerability in switches running on the EOS platform. The vulnerability is in the way VXLAN access rules are processed on the IP4 stack. Because this does not the access rule can be dropped in certain circumstances, allowing network traffic to pass unauthorized. Not all switch...

7.5CVSS6.6AI score0.00706EPSS
Exploits0
NCSC
NCSC
•added 2022/03/29 12:0 a.m.•3 views

Vulnerability fixed in OpenBSD slaacd

A vulnerability has been fixed in OpenBSD slaacd. This is a service for IPv6 stateless address autoconfiguration SLAAC. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party needs to send a specially prepared router advertisement...

7.5CVSS7AI score0.01877EPSS
Exploits1
NCSC
NCSC
•added 2022/03/29 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A malicious party could exploit the vulnerabilities to bypass security measures, execute arbitrary code on the underlying system, or gain access to sensitive information. However, the malicious party must have prior...

8.8CVSS7.2AI score0.01758EPSS
Exploits0
NCSC
NCSC
•added 2022/03/21 12:0 a.m.•3 views

Vulnerabilities fixed in Adobe Acrobat

Adobe has fixed vulnerabilities in Acrobat. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...

9.3CVSS7.6AI score0.57304EPSS
Exploits1
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•3 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. A malicious person who has a user's partial credentials can exploit the exploit the vulnerability to bypass authentication. Only systems that use multiple external authentication plug-ins are vulnerable. OpenVPN has released updates to fix the...

9.8CVSS7.1AI score0.03519EPSS
Exploits0
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•3 views

Vulnerability fixed in libxml2

A vulnerability has been fixed in libxml2. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The developers of libxml2 have released an update to fix the vulnerability: https://gitlab.gnome.org/GNOME/libxml2/-/commit...

7.5CVSS6.8AI score0.0601EPSS
Exploits0
NCSC
NCSC
•added 2022/03/17 12:0 a.m.•3 views

Vulnerabilities fixed in Drupal

Vulnerabilities have been fixed in CKEditor as used by Drupal. The vulnerability with reference CVE-2022-24728 can be exploited to perform a cross-site scripting attack. The vulnerability with attribute CVE-2022-24729 allows a malicious additionally able to cause a denial-of-service that is limit...

7.5CVSS6.5AI score0.02448EPSS
Exploits0
NCSC
NCSC
•added 2022/03/17 12:0 a.m.•3 views

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data Increased user privileges Python...

9.8CVSS7.4AI score0.70561EPSS
Exploits5
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google has made little to no information made available about the fixed vulnerabilities. Google has released...

9.6CVSS7AI score0.01089EPSS
Exploits10
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•3 views

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service or potentially execute arbitrary code. The vulnerability with attribute CVE-2022-22720 additionally enables an HTTP request...

9.8CVSS7.4AI score0.69803EPSS
Exploits0
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•3 views

Vulnerabilities fixed in APC UPS systems

Vulnerabilities have been fixed in Uninterruptible Power Supply UPS systems from APC. APC is part of Schneider Electric. These UPS systems are widely used in situations where up-time is very important. The vulnerabilities with reference CVE-2022-22805 and CVE-2022-22806 allow a remote malicious...

9.8CVSS7.9AI score0.1226EPSS
Exploits0
NCSC
NCSC
•added 2022/03/07 12:0 a.m.•3 views

Vulnerabilities fixed in Firefox

Vulnerabilities have been fixed in Firefox. The vulnerabilities allow a remote malicious person to execute arbitrary code execute arbitrary code under the user's privileges; also, the vulnerability with reference CVE-2022-26486 the ability to break out of the sandbox of the browser. According to...

9.6CVSS7.7AI score0.14261EPSS
Exploits2
NCSC
NCSC
•added 2022/03/07 12:0 a.m.•3 views

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in the Asterisk framework. The vulnerabilities potentially allow a malicious party to cause a denial-of-service or execute arbitrary code. Asterisk indicates that proof-of-concept code is in circulation from these vulnerabilities. Asterisk has made updates availabl...

9.8CVSS7.6AI score0.0462EPSS
Exploits0
NCSC
NCSC
•added 2022/02/24 12:0 a.m.•3 views

Vulnerabilities fixed in IBM AIX kernel and Java SDK

Vulnerabilities have been fixed in IBM AIX versions 7.1-7.3. The vulnerabilities in the kernel with attributes CVE-2021-38994 and CVE-2021-38995 allow a malicious person to perform perform denial-of-service DoS attacks from a user with low privileges. This is caused by user input that is...

9.8CVSS9.2AI score0.14839EPSS
Exploits0
NCSC
NCSC
•added 2022/02/18 12:0 a.m.•3 views

Vulnerabilities fixed in Ubuntu Linux kernel

Vulnerabilities have been fixed in the Ubuntu Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data...

7.8CVSS6.9AI score0.05918EPSS
Exploits9
NCSC
NCSC
•added 2022/02/10 12:0 a.m.•3 views

Vulnerabilities fixed in Schneider Electric Modicon M241/M251

Schneider Electric has fixed vulnerabilities in the CODESYS web server and gateway components of Modicon M241 and M251 controllers. An unauthenticated remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the...

9.8CVSS8AI score0.01418EPSS
Exploits1
NCSC
NCSC
•added 2022/02/10 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat OpenShift

Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A flaw in the input sanitization allowed a malicious person to potentially execute arbitrary commands at the OS level by uploading uploading a rogue image. To do this, the malicious party must have prior authorization to modif...

8.8CVSS7.5AI score0.02277EPSS
Exploits0
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows an authenticated malicious person to to execute arbitrary code. To exploit the vulnerability exploit the vulnerability, high privileges are required. Microsoft Dynamics:...

7.2CVSS6.9AI score0.02718EPSS
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•3 views

Vulnerability fixed in Zimbra

A vulnerability has been fixed in Zimbra. An unauthenticated malicious party could exploit the vulnerability to perform a reflected cross-site scripting attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Within Zimbra,...

6.5AI score
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•3 views

Vulnerability discovered in NetApp Clustered Data ONTAP

NetApp has discovered a vulnerability in Clustered Data ONTAP. The vulnerability is located in the version of the provided tool Expat and allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a Denial-of-Service. NetApp has not released any updates a...

7.5CVSS8.5AI score0.03992EPSS
Exploits0
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•3 views

Vulnerability fixed in PostgreSQL JDBC Driver

A vulnerability has been fixed in the PostgreSQL JDBC Driver. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code. The developers of the PostgreSQL JDBC Driver have released updates released updates to fix the vulnerability. More information can be...

9.8CVSS7AI score0.0301EPSS
Exploits1
NCSC
NCSC
•added 2022/02/02 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made little technical...

9.6CVSS7.4AI score0.00953EPSS
Exploits2
NCSC
NCSC
•added 2022/01/25 12:0 a.m.•3 views

Vulnerability found in Xerox printers

A researcher has found a vulnerability in VersaLink printers from Xerox. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. In order to exploit the vulnerability, the attacker must obtain a TIFF document with incomplete image directory...

6.7AI score
Exploits0
NCSC
NCSC
•added 2022/01/21 12:0 a.m.•3 views

Vulnerabilities fixed in Drupal core

Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...

6.5CVSS6.9AI score0.39361EPSS
Exploits4
NCSC
NCSC
•added 2022/01/20 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a remote malicious person to execute arbitrary code to execute under the application's permissions. Google typically does not release details about the vulnerabilities but marks the vulnerability with attribut...

9.6CVSS7.2AI score0.85352EPSS
Exploits0
NCSC
NCSC
•added 2022/01/19 12:0 a.m.•3 views

Vulnerability fixed in ClamAV

A vulnerability has been fixed in ClamAV. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause by having a rogue file opened by the parser in the application. The clamscan --gen-json function must be enabled. -= ClamAV =- Cisco has released updates to f...

7.5CVSS6.6AI score0.03061EPSS
Exploits1
NCSC
NCSC
•added 2022/01/13 12:0 a.m.•3 views

Vulnerabilities fixed in Ghostscript

Vulnerabilities have been fixed in Ghostscript. A malicious person could potentially exploit the vulnerability to cause a denial-of-service cause. To do this, a specially prepared PostScript file to be processed by the Ghostscript instance. Because Ghostscript is commonly used on print servers in...

5.5CVSS6.6AI score0.01401EPSS
Exploits2
NCSC
NCSC
•added 2022/01/07 12:0 a.m.•3 views

Vulnerability fixed in IBM AIX

IBM has fixed a vulnerability in AIX. A local malicious party can, through manipulation of the mount command execute arbitrary code, possibly with elevated privileges up to root privileges. IBM has released updates to fix the vulnerability in AIX v 7.1 and 7.2. For more information, see:...

8.4CVSS6.8AI score0.00286EPSS
Exploits0
NCSC
NCSC
•added 2022/01/05 12:0 a.m.•3 views

Vulnerability fixed in Atlassian Jira

A vulnerability has been fixed in Atlassian Jira Server and Jira Data Center. A malicious party could exploit the vulnerability to performing a Cross-Site Scripting XSS attack. A such attack can result in the execution of arbitrary script code in the browser used to visit the application. To do...

6.1CVSS6.2AI score0.55364EPSS
Exploits0
NCSC
NCSC
•added 2022/01/05 12:0 a.m.•3 views

Rootkit found in HPE iLO environments

Security researchers at AmnPardaz have published an investigation published about a rootkit found in HPE iLO systems. The malware, called "iLOBleed," was used, among other things, to to wipe a system's hard drives. Because the iLO subsystem has exceptionally high privileges, compromising it means...

6.5AI score
Exploits0
NCSC
NCSC
•added 2022/01/05 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made few technical...

9.6CVSS7.4AI score0.015EPSS
Exploits19
NCSC
NCSC
•added 2021/12/29 12:0 a.m.•3 views

Vulnerability fixed in Moxa MGate systems

Moxa has fixed a vulnerability in the MGate 5109 and MGate 5101-PBM-MN protocol gateway systems. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. Abuse is possible by continuously sending specially prepared network traffic, causing the gatewa...

6.7AI score
Exploits0
NCSC
NCSC
•added 2021/12/15 12:0 a.m.•3 views

Vulnerabilities fixed in X.Org X Server

Vulnerabilities have been fixed in X.Org X Server. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code or obtain elevated privileges. When using X Forwarding over SSH, the vulnerabilities may also be remotely exploitable. -=...

7.8CVSS7.8AI score0.00571EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the user's privileges. Google has made few substantive details available about these vulnerabilities. Google has indicated that for the vulnerability...

8.8CVSS7.3AI score0.07836EPSS
Exploits0
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•3 views

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in software bundled at Spectrum Control. These include previously fixed vulnerabilities in underlying products and libraries such as node.js, OpenSSL and Websphere Liberty. Previous security advisories have been published. A malicious party can exploit the...

9.8CVSS7.5AI score0.50445EPSS
Exploits2
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•3 views

Vulnerability fixed in Dell Powerpath Management Appliance

Dell has fixed a vulnerability in the Powerpath Management Appliance. A locally authenticated malicious person could exploit the vulnerability to give himself admin rights and thereby executing arbitrary code on the vulnerable system. By using a default, hardcoded, password, the malicious party c...

8.2CVSS7.2AI score0.00239EPSS
Exploits0
Total number of security vulnerabilities4189