Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2022/07/20 12:0 a.m.•3 views

Vulnerability fixed in Oracle Siebel CRM

Oracle has fixed a vulnerability in Siebel CRM. The vulnerability allows an unauthenticated malicious person within a local network to perform a denial-of-service DoS. execute. It is good practice not to have such products publicly to be publicly accessible...

5.5CVSS6.2AI score0.03054EPSS
Exploits0
NCSC
NCSC
•added 2022/07/14 12:0 a.m.•3 views

Vulnerabilities fixed in IBM Db2

IBM has released updates to fix vulnerabilities in DB2. With the exception of CVE-2022-22389, the vulnerabilities are located in the third-party component Expat. The vulnerabilities allow a malicious party to cause a Denial-of-Service or execute arbitrary code with the privileges of the...

9.8CVSS8.2AI score0.34174EPSS
Exploits1
NCSC
NCSC
•added 2022/07/08 12:0 a.m.•3 views

Vulnerability fixed in rsyslog

The developers of rsyslog have fixed a vulnerability in rsyslog. A malicious party could exploit the vulnerability to cause a denial-of-service, or to potentially manipulate data manipulate and thus potentially inject false information into the central syslog environment. The developers do not ru...

8.1CVSS7.2AI score0.03821EPSS
Exploits0
NCSC
NCSC
•added 2022/07/01 12:0 a.m.•3 views

Vulnerability fixed in ManageEngine ADAudit Plus

ManageEngine has fixed a vulnerability in ADAudit Plus. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code on the system on which ADAudit Plus is installed. Horizon researchers have published a write-up and proof-of-concept code published. They indicate...

9.8CVSS7.7AI score0.97011EPSS
Exploits6
NCSC
NCSC
•added 2022/06/24 12:0 a.m.•3 views

Malleability remedied in Salt

Salt Project has fixed a vulnerability in Salt. A malicious person who has a locked user account can still perform actions under privileges of this account. Systems are vulnerable only when PAM authentication is used. Salt Project has released updates to fix the vulnerability fix in Salt 3002.9,...

8.8CVSS7AI score0.01878EPSS
Exploits0
NCSC
NCSC
•added 2022/06/24 12:0 a.m.•3 views

Vulnerabilities fixed in Jenkins

Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a remote malicious person to launch a Cross-site Scripting attack. Jenkins has released updates to fix the vulnerabilities. More information can be found on the page below:...

5.4CVSS6.7AI score0.01351EPSS
Exploits0
NCSC
NCSC
•added 2022/06/22 12:0 a.m.•3 views

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. The vulnerability is located in the cvrehash script and is caused by the fact that shell meta-characters being insufficiently removed from user input. removed. On some operating systems, the vulnerable script is is executed automatically. On such systems...

10CVSS6.9AI score0.95764EPSS
Exploits6
NCSC
NCSC
•added 2022/06/22 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions and bypass a security measure to bypass. As usual, Google has made few substantive details made available about the...

8.8CVSS7.1AI score0.01312EPSS
Exploits1
NCSC
NCSC
•added 2022/06/14 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Edge

A vulnerability has been fixed in Microsoft Edge. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code. Because it is possible to get out of Edge's sandbox environment, execution of code at the SYSTEM level cannot be ruled out. Abuse requires that the...

8.3CVSS7.3AI score0.02839EPSS
Exploits0
NCSC
NCSC
•added 2022/06/07 12:0 a.m.•3 views

Vulnerabilities fixed in IBM QRadar SIEM

Vulnerabilities have been fixed in IBM QRadar SIEM. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To do this, the malicious party must trick a trick a user into using a specially preloaded archive file 7z, tar or zip to process from QRadar. I...

7.5CVSS6.9AI score0.13292EPSS
Exploits0
NCSC
NCSC
•added 2022/06/03 12:0 a.m.•3 views

Vulnerability in CakePHP fixed

In CakePHP version 3.10.4, an encryption issue of CsrfProtectionMiddleware has been fixed. In 3.10.3, verified tokens were generated using random bytes and would often not match when they were rendered in HTML. No CVE number was issued for this vulnerability. CakePHP's developers have issued...

6.6AI score
Exploits0
NCSC
NCSC
•added 2022/06/02 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in Red Hat OpenShift Serverless Operator and Operator. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure The vulnerabilities are locate...

9.1CVSS6.9AI score0.51733EPSS
Exploits2
NCSC
NCSC
•added 2022/05/27 12:0 a.m.•3 views

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed multiple vulnerabilities in supporting software provided with IBM Spectrum Control, The vulnerabilities are in XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categori...

8.8CVSS9.9AI score0.98124EPSS
Exploits17
NCSC
NCSC
•added 2022/05/23 12:0 a.m.•3 views

Vulnerability fixed in Grafana Enterprise

Grafana Labs has fixed a vulnerability in Grafana Enterprise. A malicious person with the rights to create their own data source could exploit the vulnerability for a Same Site Request Forgery attack SSRF and thus gain access to sensitive data. Grafana Labs has released updates to fix the...

8.5CVSS9.4AI score0.01116EPSS
Exploits0
NCSC
NCSC
•added 2022/05/17 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome and Chromium

Google has fixed several vulnerabilities in Chrome and Chromium. A malicious party could potentially exploit them to cause a denial-of-service, or execute arbitrary execute arbitrary code in the scope of the browser. Possibly, the malicious party could also gain access to sensitive data within th...

8.8CVSS7.6AI score0.00776EPSS
Exploits1
NCSC
NCSC
•added 2022/05/17 12:0 a.m.•3 views

Vulnerabilities fixed in Apple Safari

Apple has fixed several vulnerabilities in Safari. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. However, the malicious party must trick the victim int...

8.8CVSS7.5AI score0.01424EPSS
Exploits0
NCSC
NCSC
•added 2022/05/16 12:0 a.m.•3 views

Vulnerability fixed in OpenBSD

A vulnerability has been fixed in OpenBSD. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service by running rogue PPPoE packets through the system. Only when an OpenBSD system is configured to use PPP through the pppoe4 interface is potentially...

6.7AI score
Exploits0
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•3 views

Vulnerabilities fixed in Intel processors and -chipsets

Intel has fixed vulnerabilities in several processors and chipsets. A local malicious party could potentially exploit them to cause a denial-of-service, gain gain access to system data or obtain elevated privileges. For the vulnerability with reference CVE-2021-33149 no security updates have been...

7.2CVSS6.9AI score0.00347EPSS
Exploits0
NCSC
NCSC
•added 2022/05/06 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat Satellite

Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a remote malicious party to obtain obtain sensitive data or to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities. More information can be found on the page below:...

9.8CVSS6.7AI score0.01328EPSS
Exploits0
NCSC
NCSC
•added 2022/05/06 12:0 a.m.•3 views

Vulnerability fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere

A vulnerability has been fixed in Aveva InTouch Access Anywhere and AVEVA Plant SCADA. The vulnerability allows an authenticated remote malicious party to execute system commands. No CVE attribute is currently available for this vulnerability. available. Aveva has released updates to fix the...

6.8AI score
Exploits0
NCSC
NCSC
•added 2022/05/04 12:0 a.m.•3 views

Vulnerability fixed in FortiClient

A vulnerability has been fixed in FortiClient. The vulnerability allows a malicious person with access to the system to execute or delete files with admin rights. The vulnerability is located in the FortiClient MSI installer. Fortinet has released updates to fix the vulnerability. More informatio...

8.4CVSS6.6AI score0.00215EPSS
Exploits0
NCSC
NCSC
•added 2022/05/04 12:0 a.m.•3 views

Vulnerabilities fixed in OpenSSL

Vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerabilities to circumvent security measures bypass security measures, cause a denial-of-service, or execute code execute code under privileges of another process. The vulnerability with reference...

10CVSS7.3AI score0.83223EPSS
Exploits5
NCSC
NCSC
•added 2022/05/04 12:0 a.m.•3 views

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= Debian =- Debian has made updates to...

7.8CVSS6.4AI score0.05524EPSS
Exploits20
NCSC
NCSC
•added 2022/04/29 12:0 a.m.•3 views

Vulnerabilities fixed in IBM QRadar

Vulnerabilities have been fixed in IBM QRadar. The vulnerabilities have mostly been described previously in Linux kernel security advisories. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS...

8.8CVSS8.4AI score0.0066EPSS
Exploits3
NCSC
NCSC
•added 2022/04/26 12:0 a.m.•3 views

Vulnerabilities fixed in FreeRADIUS

Two vulnerabilities have been fixed in FreeRADIUS. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive data obtain. To cause the denial-of-service, the malicious party must possess a system in the FreeRADIUS "circle of trust." The developers of FreeRADI...

7AI score
Exploits0
NCSC
NCSC
•added 2022/04/21 12:0 a.m.•3 views

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights For these vulnerabilities, at the time of...

7.1AI score
Exploits0
NCSC
NCSC
•added 2022/04/19 12:0 a.m.•3 views

Vulnerabilities fixed in the Linux kernel

Several vulnerabilities have been fixed in the Linux kernel. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to system data Increased user privileges -=...

8.6CVSS7AI score0.05524EPSS
Exploits19
NCSC
NCSC
•added 2022/04/15 12:0 a.m.•3 views

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. A remote malicious person could potentially exploit the vulnerability to execute arbitrary code under the browser's permissions. As usual, Google has not made additional information made available about the fixed vulnerability. Google indicates tha...

8.8CVSS7.3AI score0.1372EPSS
Exploits2
NCSC
NCSC
•added 2022/04/14 12:0 a.m.•3 views

Vulnerabilities fixed in IBM Db, Db2 on OpenShift and Cloud Pak for Data

Several vulnerabilities have been fixed in IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data. These vulnerabilities allow an attacker to execute arbitrary code execute arbitrary code or cause a denial-of-service DoS. For the vulnerabilities with attributes CVE-2021-33196 an...

7.5CVSS9.7AI score0.061EPSS
Exploits4
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•3 views

Vulnerabilities fixed in Ruby

Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Ruby developers have released updates to address the vulnerabilities. More information can be foun...

9.8CVSS6.8AI score0.04127EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•3 views

Vulnerability fixed in libarchive

The developers of libarchive have fixed a vulnerability. The vulnerability allows a remote malicious party to view sensitive data or cause a denial-of-service DoS cause. To do so, the malicious party must induce a victim to install open a malicious and compressed file with an application that use...

6.5CVSS6.7AI score0.01877EPSS
Exploits1
NCSC
NCSC
•added 2022/03/29 12:0 a.m.•3 views

Vulnerability fixed in OpenBSD slaacd

A vulnerability has been fixed in OpenBSD slaacd. This is a service for IPv6 stateless address autoconfiguration SLAAC. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party needs to send a specially prepared router advertisement...

7.5CVSS7AI score0.01877EPSS
Exploits1
NCSC
NCSC
•added 2022/03/21 12:0 a.m.•3 views

Vulnerabilities fixed in Adobe Acrobat

Adobe has fixed vulnerabilities in Acrobat. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...

9.3CVSS7.6AI score0.57304EPSS
Exploits1
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•3 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. A malicious person who has a user's partial credentials can exploit the exploit the vulnerability to bypass authentication. Only systems that use multiple external authentication plug-ins are vulnerable. OpenVPN has released updates to fix the...

9.8CVSS7.1AI score0.03519EPSS
Exploits0
NCSC
NCSC
•added 2022/03/17 12:0 a.m.•3 views

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data Increased user privileges Python...

9.8CVSS7.4AI score0.70561EPSS
Exploits5
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google has made little to no information made available about the fixed vulnerabilities. Google has released...

9.6CVSS7AI score0.01089EPSS
Exploits10
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•3 views

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service or potentially execute arbitrary code. The vulnerability with attribute CVE-2022-22720 additionally enables an HTTP request...

9.8CVSS7.4AI score0.69803EPSS
Exploits0
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•3 views

Vulnerabilities fixed in APC UPS systems

Vulnerabilities have been fixed in Uninterruptible Power Supply UPS systems from APC. APC is part of Schneider Electric. These UPS systems are widely used in situations where up-time is very important. The vulnerabilities with reference CVE-2022-22805 and CVE-2022-22806 allow a remote malicious...

9.8CVSS7.9AI score0.1226EPSS
Exploits0
NCSC
NCSC
•added 2022/03/07 12:0 a.m.•3 views

Vulnerabilities fixed in Firefox

Vulnerabilities have been fixed in Firefox. The vulnerabilities allow a remote malicious person to execute arbitrary code execute arbitrary code under the user's privileges; also, the vulnerability with reference CVE-2022-26486 the ability to break out of the sandbox of the browser. According to...

9.6CVSS7.7AI score0.14261EPSS
Exploits2
NCSC
NCSC
•added 2022/03/07 12:0 a.m.•3 views

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in the Asterisk framework. The vulnerabilities potentially allow a malicious party to cause a denial-of-service or execute arbitrary code. Asterisk indicates that proof-of-concept code is in circulation from these vulnerabilities. Asterisk has made updates availabl...

9.8CVSS7.6AI score0.0462EPSS
Exploits0
NCSC
NCSC
•added 2022/02/24 12:0 a.m.•3 views

Vulnerabilities fixed in IBM AIX kernel and Java SDK

Vulnerabilities have been fixed in IBM AIX versions 7.1-7.3. The vulnerabilities in the kernel with attributes CVE-2021-38994 and CVE-2021-38995 allow a malicious person to perform perform denial-of-service DoS attacks from a user with low privileges. This is caused by user input that is...

9.8CVSS9.2AI score0.14839EPSS
Exploits0
NCSC
NCSC
•added 2022/02/18 12:0 a.m.•3 views

Vulnerabilities fixed in Ubuntu Linux kernel

Vulnerabilities have been fixed in the Ubuntu Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data...

7.8CVSS6.9AI score0.05918EPSS
Exploits9
NCSC
NCSC
•added 2022/02/10 12:0 a.m.•3 views

Vulnerabilities fixed in Schneider Electric Modicon M241/M251

Schneider Electric has fixed vulnerabilities in the CODESYS web server and gateway components of Modicon M241 and M251 controllers. An unauthenticated remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the...

9.8CVSS8AI score0.01418EPSS
Exploits1
NCSC
NCSC
•added 2022/02/10 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat OpenShift

Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A flaw in the input sanitization allowed a malicious person to potentially execute arbitrary commands at the OS level by uploading uploading a rogue image. To do this, the malicious party must have prior authorization to modif...

8.8CVSS7.5AI score0.02277EPSS
Exploits0
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows an authenticated malicious person to to execute arbitrary code. To exploit the vulnerability exploit the vulnerability, high privileges are required. Microsoft Dynamics:...

7.2CVSS6.9AI score0.02718EPSS
Exploits0
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•3 views

Vulnerability fixed in PostgreSQL JDBC Driver

A vulnerability has been fixed in the PostgreSQL JDBC Driver. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code. The developers of the PostgreSQL JDBC Driver have released updates released updates to fix the vulnerability. More information can be...

9.8CVSS7AI score0.0301EPSS
Exploits1
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•3 views

Vulnerabilities fixed in Apple iOS and iPad OS

Vulnerabilities have been fixed in the operating systems iOS and iPadOS. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

10CVSS7AI score0.11638EPSS
Exploits0
NCSC
NCSC
•added 2022/01/25 12:0 a.m.•3 views

Vulnerability found in Xerox printers

A researcher has found a vulnerability in VersaLink printers from Xerox. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. In order to exploit the vulnerability, the attacker must obtain a TIFF document with incomplete image directory...

6.7AI score
Exploits0
NCSC
NCSC
•added 2022/01/21 12:0 a.m.•3 views

Vulnerabilities fixed in Drupal core

Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...

6.5CVSS6.9AI score0.39361EPSS
Exploits4
NCSC
NCSC
•added 2022/01/20 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a remote malicious person to execute arbitrary code to execute under the application's permissions. Google typically does not release details about the vulnerabilities but marks the vulnerability with attribut...

9.6CVSS7.2AI score0.85352EPSS
Exploits0
Total number of security vulnerabilities4190