Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2021/04/01 12:0 a.m.•3 views

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...

6.7AI score
Exploits0
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•3 views

Vulnerabilities fixed in Zabbix

SUSE has fixed vulnerabilities in its Zabbix packages. The vulnerabilities relate to an incorrectly implemented mechanism that protects against cross-site request forgery CSRF attacks and on insecure password hashing. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE...

8.8CVSS7.2AI score0.01472EPSS
Exploits0
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•3 views

Vulnerabilities fixed in VMware vRealize Operations

VMware has fixed two vulnerabilities in vRealize Operations, vRealize Suite Lifecycle Manager and Cloud Foundation. A unauthenticated malicious party can exploit the vulnerability with attribute CVE-2021-21975 to gain access to authentication credentials of administrators. The vulnerability with...

8.5CVSS7.2AI score0.7829EPSS
Exploits12
NCSC
NCSC
•added 2021/03/30 12:0 a.m.•3 views

Vulnerability fixed in OpenAM

A vulnerability has been fixed in OpenAM. The vulnerability allows an unauthenticated remote malicious person to use of an LDAP injection attack to obtain sensitive information. Updates have been released to fix the vulnerability. More information can be found on the page below:...

7.5CVSS7.2AI score0.76385EPSS
Exploits5
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•3 views

Vulnerability fixed in SpamAssassin

The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...

10CVSS7.7AI score0.06132EPSS
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•3 views

Vulnerability fixed in Apple iOS and iPadOS

A vulnerability has been fixed in Apple iOS and Apple iPadOS. The vulnerability is located in the WebKit component and is referred to as Universal Cross-site Scripting UXSS. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under browser privileges. The...

6.1CVSS6.5AI score0.07082EPSS
Exploits0
NCSC
NCSC
•added 2021/03/26 12:0 a.m.•3 views

Vulnerabilities fixed in XStream

Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights Access to sensitive data The...

9.9CVSS7.4AI score0.82136EPSS
Exploits10
NCSC
NCSC
•added 2021/03/24 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...

8.8CVSS7.4AI score0.01404EPSS
Exploits0
NCSC
NCSC
•added 2021/03/22 12:0 a.m.•3 views

Vulnerability found in ProFTPd

A vulnerability has been found in ProFTPd. An unauthenticated malicious party can remotely exploit the vulnerability to cause a denial-of-service attack. No CVE ID issued. ProFTP has not yet released updates to address the vulnerability. fix in ProFTPd...

6.8AI score
Exploits0
NCSC
NCSC
•added 2021/03/18 12:0 a.m.•3 views

Vulnerability fixed in GitLab

GitLab developers have fixed a serious vulnerability fixed in GitLab Community Edition and Enterprise Edition. The vulnerability allows an authenticated malicious person to execute arbitrary code on the server. A CVE ID has been requested for this vulnerability but has not yet been assigned. GitL...

7AI score
Exploits0
NCSC
NCSC
•added 2021/03/17 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat kernel

Vulnerabilities have been fixed in the kernel of Red Hat Enterprise Linux 7. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution User...

8.1CVSS7.3AI score0.06692EPSS
Exploits6
NCSC
NCSC
•added 2021/03/15 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...

8.8CVSS7.7AI score0.26525EPSS
Exploits3
NCSC
NCSC
•added 2021/03/12 12:0 a.m.•3 views

Vulnerabilities fixed in NetBSD

The developers of NetBSD have fixed a number of vulnerabilities fixed in NetBSD's IP stack. Because packet IDs are not randomly are not randomly generated by default, a malicious party can predict the IP traffic. predict, allowing the malicious party to launch a man-in-the-middle attack to obtain...

6.8AI score
Exploits0
NCSC
NCSC
•added 2021/03/11 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat OpenShift Virtualization

Red Hat has released updates to address multiple vulnerabilities fixes in OpenShift Virtualization. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities in OpenShift Virtualization. For more...

7.5CVSS6.9AI score0.21052EPSS
Exploits6
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•3 views

Vulnerability fixed in GNU git

GNU has fixed a vulnerability in git. A malicious person could exploit the vulnerability to create a rogue repository from which scripts are automatically executed upon check out. This allows the malicious party to execute arbitrary code with permissions of git on the vulnerable system. GNU has...

8CVSS7.7AI score0.88644EPSS
Exploits5
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•3 views

Vulnerability fixed in Squid

Squid's developers have fixed a vulnerability. A authenticated user can exploit the vulnerability via an HTTP-Request Smuggling attack to still gain access gain access to services and websites that should be shielded. Squid has released updates to fix the vulnerability in Squid v 4.14 and 5.0.5...

8.6CVSS7AI score0.08161EPSS
Exploits0
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Enterprise Linux

Oracle has fixed vulnerabilities in Oracle Enterprise Linux. The vulnerabilities allow a local, authenticated malicious agent to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Code execution at the kernel level Increased user privileges -= Oracle ...

7.8CVSS8.3AI score0.01377EPSS
Exploits1
NCSC
NCSC
•added 2021/03/09 12:0 a.m.•3 views

Vulnerability fixed in QEMU

A vulnerability has been fixed in QEMU. The vulnerability allows potentially allow a local malicious person from a guest system to execute arbitrary code on the host system under root permissions. Exploiting the vulnerability is no easy task. -= Red Hat =- Red Hat has made updates available for R...

8.2CVSS7AI score0.00522EPSS
Exploits1
NCSC
NCSC
•added 2021/03/05 12:0 a.m.•3 views

Vulnerability fixed in Xerox products

A vulnerability has been fixed in Xerox Phaser, WorkCentre and VersaLink. The vulnerability allows a malicious person to execute arbitrary code under the user's privileges. Xerox did not release any substantive details about this vulnerability. No CVE attribute has been assigned to this...

7.2AI score
Exploits0
NCSC
NCSC
•added 2021/03/04 12:0 a.m.•3 views

Vulnerability fixed in OpenSSH

A vulnerability has been fixed in OpenSSH. The vulnerability allows a malicious party with access to the SSH agent socket to cause a Denial-of-Service and potentially execute arbitrary code. execute. No CVE attribute has been reserved for this vulnerability yet. The developers of OpenSSH have...

7.1AI score
Exploits0
NCSC
NCSC
•added 2021/03/02 12:0 a.m.•3 views

Vulnerabilities fixed in Veritas Backup Exec

Veritas has fixed three vulnerabilities in Veritas Backup Exec. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to execute commands under SYSTEM privileges on systems on which a Veritas Backup Exec Agent is installed. In addition, the vulnerabilities can be...

7.5AI score
Exploits0
NCSC
NCSC
•added 2021/03/01 12:0 a.m.•3 views

Vulnerability fixed in Redis

A vulnerability has been fixed in Redis. A malicious party could vulnerability potentially exploit it to cause a denial-of-service cause or execute arbitrary code under privileges of the Redis application. Only Redis installations with a bulk input size significantly higher than 512MB are...

8.8CVSS7.8AI score0.047EPSS
Exploits0
NCSC
NCSC
•added 2021/03/01 12:0 a.m.•3 views

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing authentication Bypassing security measur...

9.8CVSS7.2AI score0.92312EPSS
Exploits8
NCSC
NCSC
•added 2021/02/25 12:0 a.m.•3 views

Vulnerability fixed in NetApp products

A vulnerability has been fixed in NetApp products. The vulnerability allows an unauthenticated remote malicious person able to use a so-called man-in-the-middle attack to obtain to obtain sensitive data. Exploiting this vulnerability requires expertise. NetApp has released updates to fix the...

5.9CVSS7.9AI score0.02057EPSS
Exploits2
NCSC
NCSC
•added 2021/02/24 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing Accessin...

8.8CVSS7.4AI score0.0153EPSS
Exploits1
NCSC
NCSC
•added 2021/02/23 12:0 a.m.•3 views

Vulnerabilities fixed in Ruby on Rails

Vulnerabilities have been fixed in Ruby on Rails. The vulnerabilities allow a malicious party to cause a denial-of-service cause and redirect a user to a rogue web page. The Ruby on Rails developers have released updates to fix the vulnerabilities. More information can be found on the pages below...

7.5CVSS6.6AI score0.87301EPSS
Exploits2
NCSC
NCSC
•added 2021/02/23 12:0 a.m.•3 views

Vulnerability fixed in Atlassian Jira

A vulnerability has been fixed in Jira. The vulnerability allows unauthenticated a malicious person to gain access to system data Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/JRASERVER-72014...

5.3CVSS6.7AI score0.23086EPSS
Exploits0
NCSC
NCSC
•added 2021/02/22 12:0 a.m.•3 views

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Python developers have indicated that the vulnerability with...

9.8CVSS6.3AI score0.35963EPSS
Exploits2
NCSC
NCSC
•added 2021/02/18 12:0 a.m.•3 views

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in the Jira Server for Slack plugin. An authenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code on the Jira server. No CVE number has yet been disclosed for the vulnerability. disclosed. Jira installations tha...

7.6AI score
Exploits0
NCSC
NCSC
•added 2021/02/18 12:0 a.m.•3 views

Vulnerabilities fixed in PHP

Several vulnerabilities have been fixed in PHP. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data -= Debian =- Debian has made updat...

7.5CVSS7.1AI score0.05029EPSS
Exploits3
NCSC
NCSC
•added 2021/02/17 12:0 a.m.•3 views

Vulnerabilities fixed in XEN

The developers of XEN have fixed a number of vulnerabilities. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service on the guest system and possibly even the entire virtualization environment. Also, a malicious person could possibly gain access to sensitive...

7.8CVSS8.5AI score0.00544EPSS
Exploits0
NCSC
NCSC
•added 2021/02/17 12:0 a.m.•3 views

Vulnerability fixed in Foxit Reader and Foxit PhantomPDF

Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the privileges of the logged-in user. Foxit has released updates to fix the vulnerabilities. For more...

7.8CVSS7.7AI score0.03554EPSS
Exploits0
NCSC
NCSC
•added 2021/02/17 12:0 a.m.•3 views

Multiple vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...

9.6CVSS7.7AI score0.09458EPSS
Exploits8
NCSC
NCSC
•added 2021/02/15 12:0 a.m.•3 views

Vulnerability fixed in Apache Subversion (SVN)

Apache has fixed a vulnerability in Subversion SVN. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. Apache categorizes this vulnerability according to the CVSSv3 method with a score of 7.5. Apache has released updates to fix the...

7.5CVSS6.8AI score0.37516EPSS
Exploits1
NCSC
NCSC
•added 2021/02/12 12:0 a.m.•3 views

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data No CVE numbers have yet been...

7AI score
Exploits0
NCSC
NCSC
•added 2021/02/11 12:0 a.m.•3 views

Vulnerability fixed in IBM WebSphere Application Server

IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. An external attacker can exploit this security vulnerability to obtain obtain sensitive information. IBM has released updates to fix the vulnerability. For more information, see...

8.2CVSS7AI score0.05162EPSS
Exploits0
NCSC
NCSC
•added 2021/02/10 12:0 a.m.•3 views

Vulnerabilities fixed in Xerox WorkCentre

Xerox has fixed several vulnerabilities in WorkCentre. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is...

6.8AI score
Exploits0
NCSC
NCSC
•added 2021/02/10 12:0 a.m.•3 views

Vulnerability fixed in the Ubuntu kernel

A vulnerability has been fixed in Ubuntu's kernel. The vulnerability allows a local malicious person to run programs run as administrator, execute arbitrary code as root or cause a denial-of-service. Canonical has released updates to fix the vulnerability. fix. More information can be found on th...

7CVSS7.9AI score0.01602EPSS
Exploits1
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed two vulnerabilities in Exchange Server. A malicious party can exploit the vulnerabilities to impersonate impersonate another user. Microsoft Exchange Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

6.5CVSS6.4AI score0.04627EPSS
Exploits7
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerability fixed in Apache ActiveMQ

A vulnerability has been found in Apache ActiveMQ. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Apache has released updates to f...

6.1CVSS6.1AI score0.78972EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerability fixed in PEAR

A vulnerability has been fixed in PEAR ArchiveTar. A malicious party could potentially exploit the vulnerability to run execute arbitrary PHP code under the privileges of the application. To do this, the malicious party must create a rogue .tar-, .tar.gz, .bz2, or .tlz file to be processed by the...

7.5CVSS7.1AI score0.70595EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in Docker

Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...

6.8CVSS8.9AI score0.03287EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Linux

Vulnerabilities have been fixed in the Oracle Linux kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Oracle has released updates t...

8.8CVSS8.1AI score0.02209EPSS
Exploits1
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in NetApp Active IQ

NetApp has fixed several vulnerabilities in Active IQ. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data NetApp has...

9.8CVSS8.6AI score0.18671EPSS
Exploits1
NCSC
NCSC
•added 2021/02/08 12:0 a.m.•3 views

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox and Firefox ESR. A remote malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the application's permissions. For now, there are few substantive details about the vulnerability...

7.5AI score
Exploits0
NCSC
NCSC
•added 2021/02/05 12:0 a.m.•3 views

Vulnerability fixed in PHP

A vulnerability has been fixed in PHP. The vulnerability allows an authenticated remote malicious party capable of causing a denial-of-service attack. PHP developers have released updates to fix the vulnerability. More information can be found at the page below:...

7.5CVSS6.7AI score0.03179EPSS
Exploits0
NCSC
NCSC
•added 2021/02/04 12:0 a.m.•3 views

Serious vulnerability fixed in SonicWall SMA100 Series

A vulnerability has been fixed in the SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to obtain login credentials to the system by executing an SQL injection. SonicWall has released updates to fix the vulnerability. fix. More information can be...

7.4AI score
Exploits0
NCSC
NCSC
•added 2021/02/04 12:0 a.m.•3 views

Vulnerability found in Adobe ColdFusion

A vulnerability has been found in Adobe ColdFusion. Due to an error in the permissions structure, a local malicious agent can place a specially prepared DLL file to execute arbitrary code under SYSTEM privileges. For more information, see the page below: https://www.kb.cert.org/vuls/id/125331 At...

7.8CVSS7AI score0.00501EPSS
Exploits0
NCSC
NCSC
•added 2021/02/03 12:0 a.m.•3 views

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to execute arbitrary code. execute. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6408626...

10CVSS7.2AI score0.0769EPSS
Exploits0
NCSC
NCSC
•added 2021/02/01 12:0 a.m.•3 views

Vulnerability fixed in Libgcrypt

A vulnerability has been fixed in Libgcrypt. The vulnerability allows a remote malicious person to execute arbitrary code execute under the user's privileges. The developers of GnuPG have released updates to fix the vulnerability. More information can be found at the page below:...

7AI score
Exploits0
Total number of security vulnerabilities4189