Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2021/06/01 12:0 a.m.•3 views

Vulnerability fixed in Linux kernel

A vulnerability has been fixed in the Linux kernel. A local, authenticated malicious person can, by exploiting this vulnerability to gain root privileges on the vulnerable system. -= Fedora =- Fedora has made updates available for Fedora 33 and 34. You can install these updates using the command...

7.8CVSS8.4AI score0.00377EPSS
Exploits0
NCSC
NCSC
•added 2021/05/28 12:0 a.m.•3 views

Vulnerability fixed in cURL

A vulnerability has been fixed in cURL. A malicious person at remote user could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party needs to entice a victim to execute a cURL request towar...

8.1CVSS9AI score0.60122EPSS
Exploits1
NCSC
NCSC
•added 2021/05/27 12:0 a.m.•3 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. The vulnerability is located in CKEditor and can be exploited by a malicious person abused to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application visited...

6.6AI score
Exploits0
NCSC
NCSC
•added 2021/05/26 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a remote malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Accessing...

8.8CVSS7.6AI score0.16611EPSS
Exploits19
NCSC
NCSC
•added 2021/05/20 12:0 a.m.•3 views

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a local malicious agent to obtain elevated privileges or cause a denial-of-service cause. Fedora has released updates to fix the vulnerabilities. More information can be found on the page below:...

7.8CVSS7.5AI score0.00819EPSS
Exploits1
NCSC
NCSC
•added 2021/05/19 12:0 a.m.•3 views

Hiding vulnerabilities in python3

Vulnerabilities have been fixed in python3. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights -= Red Hat =- Red Hat has made updates available...

9.8CVSS6.8AI score0.35963EPSS
Exploits3
NCSC
NCSC
•added 2021/05/14 12:0 a.m.•3 views

Vulnerabilities fixed in Wordpress

Wordpress has fixed two vulnerabilities in the standard included PHPMailer module. A remote malicious party can exploit the exploit the vulnerabilities to execute arbitrary code under the application's permissions, potentially gaining access gain access to sensitive information within the scope o...

9.8CVSS7.3AI score0.03095EPSS
Exploits0
NCSC
NCSC
•added 2021/05/11 12:0 a.m.•3 views

Vulnerabilities fixed in Squid

Vulnerabilities have been fixed in Squid. The vulnerabilities allow a remote malicious person to perform attacks that lead to a denial-of-service. The developers of Squid categorize these vulnerabilities according to the CVSSv3 method with a highest score of 8.8. The developers of Squid have...

7.5CVSS6.8AI score0.95785EPSS
Exploits5
NCSC
NCSC
•added 2021/05/06 12:0 a.m.•3 views

Vulnerabilities fixed in libxml2

Several vulnerabilities have been fixed in libxml2. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service in an application that uses of this library by submitting a rogue XML file for processing. submit. -= SUSE =- SUSE has made updates available to fix the...

8.8CVSS8.7AI score0.0828EPSS
Exploits1
NCSC
NCSC
•added 2021/05/04 12:0 a.m.•3 views

Vulnerability fixed in Apple products

Vulnerabilities have been fixed in several Apple products. The vulnerabilities potentially allow a remote malicious person to able to execute arbitrary code in the context of the application if he manages to get the user to visit a rogue page visit. The vulnerabilities with CVE characteristics...

8.8CVSS7.4AI score0.04528EPSS
Exploits0
NCSC
NCSC
•added 2021/05/03 12:0 a.m.•3 views

Vulnerabilities fixed in Sophos UTM

Several vulnerabilities have been fixed in Sophos UTM. A malicious party could potentially exploit these vulnerabilities to cause a Denial-of-Service or execute arbitrary code with the application's permissions. Sophos has released updates to fix the vulnerabilities in UTM 9.706. For more...

7.5CVSS9AI score0.06968EPSS
Exploits4
NCSC
NCSC
•added 2021/04/29 12:0 a.m.•3 views

Vulnerabilities fixed in GitLab CE and EE

GitLab has fixed several vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive da...

7.5CVSS7AI score0.0115EPSS
Exploits0
NCSC
NCSC
•added 2021/04/29 12:0 a.m.•3 views

Vulnerabilities fixed in BIND

ISC has fixed vulnerabilities in BIND. The vulnerabilities can be be exploited by a remote malicious person to cause a denial-of-service or, in limited circumstances, executing arbitrary code under the privileges of named. Execution of arbitrary code is not possible with the default configuration...

9.8CVSS9.8AI score0.83406EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

8.8CVSS7.3AI score0.01601EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•3 views

Vulnerabilities fixed in the Linux kernel

Fedora has fixed vulnerabilities in the Linux kernel and associated tooling. A malicious person could exploit them to cause a denial-of-service, or gain access to information in kernel memory. -= Fedora =- Fedora has made updates available for Fedora 32 and 33. You can install these updates using...

7CVSS7.6AI score0.01071EPSS
Exploits1
NCSC
NCSC
•added 2021/04/26 12:0 a.m.•3 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. A malicious party could exploit the vulnerability to bypass authentication on an OpenVPN server configured to use "deferred authentication." Also, the malicious party can gain access gain access to information about the VPN settings. See the page below f...

7.5CVSS7.1AI score0.05107EPSS
Exploits0
NCSC
NCSC
•added 2021/04/22 12:0 a.m.•3 views

Vulnerability fixed in IBM WebSphere

IBM has fixed a vulnerability in WebSphere Application Server. A remote malicious person could exploit the vulnerability to obtain sensitive information or cause a denial-of-service DoS. To do this, the malicious party must attach a rogue XML file to the WebSphere Application Server. offer. IBM h...

8.2CVSS6.5AI score0.02909EPSS
Exploits0
NCSC
NCSC
•added 2021/04/22 12:0 a.m.•3 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. An unauthenticated remote malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. For this vulnerabilit...

6.3AI score
Exploits0
NCSC
NCSC
•added 2021/04/20 12:0 a.m.•3 views

Vulnerability fixed in IBM WebSphere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. It involves an XML External Entity Injection XXE vulnerability. An unauthenticated remote malicious person could potentially exploit the vulnerability to gain access to sensitive data. In addition, the vulnerability could be exploited...

8.2CVSS7.1AI score0.02563EPSS
Exploits0
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•3 views

Vulnerability fixed in NetApp products

Several NetApp products include Lodash. Lodash versions up to and including 4.17.15 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information, the addition or modification of data, or Denial of Service DoS. NetApp has released update...

7.4CVSS8AI score0.05213EPSS
Exploits1
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•3 views

Vulnerabilities fixed in GitLab CE and EE

GitLab has fixed two vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities could be exploited by a malicious person with rights to upload files could be exploited to execute arbitrary code with permissions from the GitLab Service. A CVE ID is not yet known for on...

7.5CVSS7.6AI score0.05061EPSS
Exploits0
NCSC
NCSC
•added 2021/04/12 12:0 a.m.•3 views

Vulnerabilities fixed in SonicWall Email Security

Vulnerabilities have been fixed in SonicWall Email Security. The vulnerabilities allow a local malicious person to obtain elevated permissions and to execute arbitrary code under the user's privileges. SonicWall has released updates to address the vulnerabilities. fixes. More information can be...

9.8CVSS7.3AI score0.83425EPSS
Exploits0
NCSC
NCSC
•added 2021/04/09 12:0 a.m.•3 views

Vulnerability fixed in WebSphere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6441433...

7.5CVSS6.8AI score0.03026EPSS
Exploits3
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•3 views

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. One vulnerability makes it impossible for a blocked user to reset the security token reset. This is problematic when the security token falls into wrong hands. The other two vulnerabilities involve a so-called Cross-Site Scripting XSS. MediaWiki has...

6.1CVSS6AI score0.0173EPSS
Exploits3
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•3 views

Vulnerabilities fixed in xen

Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in SU...

5.5CVSS7.1AI score0.00314EPSS
Exploits0
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•3 views

Vulnerability fixed in netmask

Netmask is a widely used component in various open source projects. This component contains a vulnerability. By incorrectly processing ipv4 addresses, attacks such as server-side request forgery SSRF, remote file inclusion RFI and local file inclusion LFI are made possible. The makers of Netmask...

9.1CVSS6.8AI score0.16356EPSS
Exploits1
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•3 views

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...

6.7AI score
Exploits0
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•3 views

Vulnerabilities fixed in VMware vRealize Operations

VMware has fixed two vulnerabilities in vRealize Operations, vRealize Suite Lifecycle Manager and Cloud Foundation. A unauthenticated malicious party can exploit the vulnerability with attribute CVE-2021-21975 to gain access to authentication credentials of administrators. The vulnerability with...

8.5CVSS7.2AI score0.7829EPSS
Exploits12
NCSC
NCSC
•added 2021/03/30 12:0 a.m.•3 views

Vulnerability fixed in OpenAM

A vulnerability has been fixed in OpenAM. The vulnerability allows an unauthenticated remote malicious person to use of an LDAP injection attack to obtain sensitive information. Updates have been released to fix the vulnerability. More information can be found on the page below:...

7.5CVSS7.2AI score0.76385EPSS
Exploits5
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•3 views

Vulnerability fixed in SpamAssassin

The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...

10CVSS7.7AI score0.06132EPSS
Exploits0
NCSC
NCSC
•added 2021/03/26 12:0 a.m.•3 views

Vulnerabilities fixed in XStream

Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights Access to sensitive data The...

9.9CVSS7.4AI score0.82136EPSS
Exploits10
NCSC
NCSC
•added 2021/03/24 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...

8.8CVSS7.4AI score0.01404EPSS
Exploits0
NCSC
NCSC
•added 2021/03/18 12:0 a.m.•3 views

Vulnerability fixed in GitLab

GitLab developers have fixed a serious vulnerability fixed in GitLab Community Edition and Enterprise Edition. The vulnerability allows an authenticated malicious person to execute arbitrary code on the server. A CVE ID has been requested for this vulnerability but has not yet been assigned. GitL...

7AI score
Exploits0
NCSC
NCSC
•added 2021/03/17 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat kernel

Vulnerabilities have been fixed in the kernel of Red Hat Enterprise Linux 7. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution User...

8.1CVSS7.3AI score0.06692EPSS
Exploits6
NCSC
NCSC
•added 2021/03/15 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...

8.8CVSS7.7AI score0.26525EPSS
Exploits3
NCSC
NCSC
•added 2021/03/12 12:0 a.m.•3 views

Vulnerabilities fixed in NetBSD

The developers of NetBSD have fixed a number of vulnerabilities fixed in NetBSD's IP stack. Because packet IDs are not randomly are not randomly generated by default, a malicious party can predict the IP traffic. predict, allowing the malicious party to launch a man-in-the-middle attack to obtain...

6.8AI score
Exploits0
NCSC
NCSC
•added 2021/03/11 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat OpenShift Virtualization

Red Hat has released updates to address multiple vulnerabilities fixes in OpenShift Virtualization. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities in OpenShift Virtualization. For more...

7.5CVSS6.9AI score0.21052EPSS
Exploits6
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•3 views

Vulnerability fixed in Squid

Squid's developers have fixed a vulnerability. A authenticated user can exploit the vulnerability via an HTTP-Request Smuggling attack to still gain access gain access to services and websites that should be shielded. Squid has released updates to fix the vulnerability in Squid v 4.14 and 5.0.5...

8.6CVSS7AI score0.08161EPSS
Exploits0
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•3 views

Vulnerability fixed in GNU git

GNU has fixed a vulnerability in git. A malicious person could exploit the vulnerability to create a rogue repository from which scripts are automatically executed upon check out. This allows the malicious party to execute arbitrary code with permissions of git on the vulnerable system. GNU has...

8CVSS7.7AI score0.88644EPSS
Exploits5
NCSC
NCSC
•added 2021/03/09 12:0 a.m.•3 views

Vulnerability fixed in QEMU

A vulnerability has been fixed in QEMU. The vulnerability allows potentially allow a local malicious person from a guest system to execute arbitrary code on the host system under root permissions. Exploiting the vulnerability is no easy task. -= Red Hat =- Red Hat has made updates available for R...

8.2CVSS7AI score0.00522EPSS
Exploits1
NCSC
NCSC
•added 2021/03/05 12:0 a.m.•3 views

Vulnerability fixed in Xerox products

A vulnerability has been fixed in Xerox Phaser, WorkCentre and VersaLink. The vulnerability allows a malicious person to execute arbitrary code under the user's privileges. Xerox did not release any substantive details about this vulnerability. No CVE attribute has been assigned to this...

7.2AI score
Exploits0
NCSC
NCSC
•added 2021/03/01 12:0 a.m.•3 views

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing authentication Bypassing security measur...

9.8CVSS7.2AI score0.92312EPSS
Exploits8
NCSC
NCSC
•added 2021/02/24 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox and Firefox ESR. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing Accessin...

8.8CVSS7.4AI score0.0153EPSS
Exploits1
NCSC
NCSC
•added 2021/02/23 12:0 a.m.•3 views

Vulnerabilities fixed in Ruby on Rails

Vulnerabilities have been fixed in Ruby on Rails. The vulnerabilities allow a malicious party to cause a denial-of-service cause and redirect a user to a rogue web page. The Ruby on Rails developers have released updates to fix the vulnerabilities. More information can be found on the pages below...

7.5CVSS6.6AI score0.87301EPSS
Exploits2
NCSC
NCSC
•added 2021/02/18 12:0 a.m.•3 views

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in the Jira Server for Slack plugin. An authenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code on the Jira server. No CVE number has yet been disclosed for the vulnerability. disclosed. Jira installations tha...

7.6AI score
Exploits0
NCSC
NCSC
•added 2021/02/18 12:0 a.m.•3 views

Vulnerabilities fixed in PHP

Several vulnerabilities have been fixed in PHP. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data -= Debian =- Debian has made updat...

7.5CVSS7.1AI score0.05029EPSS
Exploits3
NCSC
NCSC
•added 2021/02/17 12:0 a.m.•3 views

Vulnerabilities fixed in XEN

The developers of XEN have fixed a number of vulnerabilities. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service on the guest system and possibly even the entire virtualization environment. Also, a malicious person could possibly gain access to sensitive...

7.8CVSS8.5AI score0.00544EPSS
Exploits0
NCSC
NCSC
•added 2021/02/17 12:0 a.m.•3 views

Vulnerability fixed in Foxit Reader and Foxit PhantomPDF

Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the privileges of the logged-in user. Foxit has released updates to fix the vulnerabilities. For more...

7.8CVSS7.7AI score0.03554EPSS
Exploits0
NCSC
NCSC
•added 2021/02/17 12:0 a.m.•3 views

Multiple vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...

9.6CVSS7.7AI score0.09458EPSS
Exploits8
NCSC
NCSC
•added 2021/02/15 12:0 a.m.•3 views

Vulnerability fixed in Apache Subversion (SVN)

Apache has fixed a vulnerability in Subversion SVN. The vulnerability allows an unauthenticated remote malicious person capable of causing a denial-of-service. Apache categorizes this vulnerability according to the CVSSv3 method with a score of 7.5. Apache has released updates to fix the...

7.5CVSS6.8AI score0.40075EPSS
Exploits1
Total number of security vulnerabilities4190