Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in Docker

Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...

6.8CVSS8.9AI score0.03287EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in Oracle Linux

Vulnerabilities have been fixed in the Oracle Linux kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Oracle has released updates t...

8.8CVSS8.1AI score0.02209EPSS
Exploits1
NCSC
NCSC
•added 2021/02/08 12:0 a.m.•3 views

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox and Firefox ESR. A remote malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the application's permissions. For now, there are few substantive details about the vulnerability...

7.5AI score
Exploits0
NCSC
NCSC
•added 2021/02/05 12:0 a.m.•3 views

Vulnerability fixed in PHP

A vulnerability has been fixed in PHP. The vulnerability allows an authenticated remote malicious party capable of causing a denial-of-service attack. PHP developers have released updates to fix the vulnerability. More information can be found at the page below:...

7.5CVSS6.7AI score0.03179EPSS
Exploits0
NCSC
NCSC
•added 2021/02/04 12:0 a.m.•3 views

Serious vulnerability fixed in SonicWall SMA100 Series

A vulnerability has been fixed in the SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to obtain login credentials to the system by executing an SQL injection. SonicWall has released updates to fix the vulnerability. fix. More information can be...

7.4AI score
Exploits0
NCSC
NCSC
•added 2021/02/01 12:0 a.m.•3 views

Vulnerability fixed in Libgcrypt

A vulnerability has been fixed in Libgcrypt. The vulnerability allows a remote malicious person to execute arbitrary code execute under the user's privileges. The developers of GnuPG have released updates to fix the vulnerability. More information can be found at the page below:...

7AI score
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•3 views

Vulnerability fixed in Linux kernel

A vulnerability has been fixed in the Linux kernel. A malicious party can exploit the vulnerability to obtain sensitive information via a "path traversal" attack that allows security measures can be bypassed. The vulnerability can only be exploited when the target system provides a file system to...

6.5CVSS7.7AI score0.02417EPSS
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox ESR

Mozilla has fixed several vulnerabilities in Firefox ESR. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system...

8.8CVSS7.5AI score0.01556EPSS
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed several vulnerabilities in Firefox. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitive...

8.8CVSS6.9AI score0.01323EPSS
Exploits2
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Thunderbird

Mozilla has fixed several vulnerabilities in Thunderbird. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system...

8.8CVSS7.6AI score0.01556EPSS
Exploits1
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•3 views

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows a malicious party to obtain sensitive information and to potentially cause a denial-of-service cause. The attack on this vulnerability is known as an External Entity Injection XXE attack in which rogue co...

8.2CVSS7.2AI score0.04754EPSS
Exploits0
NCSC
NCSC
•added 2021/01/22 12:0 a.m.•3 views

Vulnerabilities fixed in OpenShift Container Platform

Red Hat has fixed multiple vulnerabilities in OpenShift Container Platform. A remote malicious party can exploit the exploit the vulnerabilities to gain access to sensitive information. Red Hat has released updates to fix the vulnerabilities in OpenShift Container Platform 3.11.374. For more...

6.5CVSS9AI score0.09274EPSS
Exploits3
NCSC
NCSC
•added 2021/01/21 12:0 a.m.•3 views

Vulnerability fixed in IBM Integration Bus

A vulnerability has been fixed in IBM Integration Bus. The vulnerability allows a remote malicious party to cause a Denial-of-Service or execute arbitrary code under the user's privileges. IBM has released updates to fix the vulnerability. More information can be found on the page below:...

8.1CVSS7.8AI score0.09503EPSS
Exploits0
NCSC
NCSC
•added 2021/01/20 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

9.6CVSS7.3AI score0.23406EPSS
Exploits4
NCSC
NCSC
•added 2021/01/20 12:0 a.m.•3 views

Vulnerability fixed in Red Hat kernel

A vulnerability has been fixed in the Red Hat kernel. The vulnerability allows a local malicious agent to cause a denial-of-service and to modify data. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...

6CVSS7.8AI score0.00566EPSS
Exploits1
NCSC
NCSC
•added 2021/01/20 12:0 a.m.•3 views

Vulnerability fixed in NetApp products

A vulnerability has been fixed in NetApp products. The vulnerability allows a malicious party to obtain sensitive data obtain sensitive data. NetApp has released updates to fix the vulnerability. More information can be found on the page below:...

4.3CVSS8.2AI score0.04803EPSS
Exploits0
NCSC
NCSC
•added 2021/01/19 12:0 a.m.•3 views

DNSpooq vulnerabilities fixed in dnsmasq

The developers of dnsmasq have fixed vulnerabilities in the dnsmasq application. Dnsmasq is widely used open source software for caching and forwarding DNS traffic. Although the DNS functionality is widely supported, dnsmasq is designed specifically for modest networks. Dnsmasq is commonly found,...

8.3CVSS7.2AI score0.86692EPSS
Exploits2
NCSC
NCSC
•added 2021/01/18 12:0 a.m.•3 views

Vulnerability fixed in Atlassian Crucible

A vulnerability has been fixed in Atlassian Crucible. The vulnerability allows a malicious party to obtain system data obtain. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse/CRUC-8496...

5.3CVSS6.5AI score0.01144EPSS
Exploits0
NCSC
NCSC
•added 2021/01/15 12:0 a.m.•3 views

Vulnerability fixed in Ubuntu kernel

Canonical has fixed a vulnerability in the Ubuntu kernel. The vulnerability allows an authenticated remote malicious party to opportunity to obtain sensitive information and to manipulate data manipulate. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS...

8.1CVSS7.9AI score0.06563EPSS
Exploits0
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•3 views

Vulnerability fixed in Cacti

A vulnerability has been fixed in Cacti. The vulnerability allows a remote malicious person the ability to launch an SQL-Injection attack execute. Cacti has released updates to fix the vulnerability. More information can be found on the page below: https://github.com/Cacti/cacti/issues/4022...

8.8CVSS6.7AI score0.04599EPSS
Exploits1
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Edge

There is a vulnerability in Microsoft Edge. The vulnerability allows a malicious party to execute arbitrary execute arbitrary code with user privileges. The vulnerability arises by improper handling of objects in memory. Microsoft has made updates available that fix the described vulnerabilities...

7.6CVSS7.3AI score0.01916EPSS
Exploits0
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Malware Protection Engine

Microsoft has fixed a vulnerability in Microsoft System Center Operations Manager. A remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code with user privileges or to access gain access to, and manipulate, sensitive information. Microso...

7.8CVSS6.5AI score0.39653EPSS
Exploits0
NCSC
NCSC
•added 2021/01/11 12:0 a.m.•3 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious party to access sensitive data gain access to sensitive data and to cause a denial-of-service. One of the vulnerabilities allows a remote attacker to obtain API access tokens. GitLab rates this vulnerability as "high...

7.8CVSS6.3AI score0.01529EPSS
Exploits0
NCSC
NCSC
•added 2021/01/07 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure As usual, Google reveals little information regarding the details of the...

9.6CVSS6.5AI score0.03095EPSS
Exploits0
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•3 views

Vulnerability fixed in ImageMagick

A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges, when using the "convert" program to convert a specially prepared file to convert it to a PDF file. ImageMagick has released updates to fix the vulnerability. fix. For more informatio...

7.8CVSS7.3AI score0.07508EPSS
Exploits1
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•3 views

Serious vulnerability fixed in Mozilla Firefox

A serious vulnerability has been fixed in Mozilla Firefox. A malicious party, by modifying a COOKIE-ECHO chunk in an SCTP package potentially cause a use-after-free. Mozilla indicates that it is likely, with enough effort, that this vulnerability could lead to the execution of arbitrary code...

8.8CVSS6.8AI score0.01304EPSS
Exploits0
NCSC
NCSC
•added 2020/12/23 12:0 a.m.•3 views

Vulnerabilities fixed in Asterisk

New versions of Asterisk have been released, in which two vulnerabilities have been fixed. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Asterisk has released updates to address the vulnerabilities. fixes. For more information, see:...

6.9AI score
Exploits0
NCSC
NCSC
•added 2020/12/22 12:0 a.m.•3 views

Vulnerability found in Kubernetes

A vulnerability has been found in Kubernetes that allows a malicious person capable of performing a man-in-the-middle attack on the traffic within a cluster. By advertising an external IP address or by claiming a load balancer IP, traffic can be redirected to the attacker. However, the malicious...

6.3CVSS8.3AI score0.09274EPSS
Exploits3
NCSC
NCSC
•added 2020/12/16 12:0 a.m.•3 views

Vulnerability fixed in IBM Tivoli Netcool Impact

A vulnerability has been fixed in IBM Tivoli Netcool Impact. A malicious party can exploit the vulnerability to circumvent bypass security measures and obtain sensitive data via phishing. sensitive data. IBM has released updates to fix the vulnerability in Tivoli Netcool Impact 7.1.0.20. For more...

6.1CVSS6.6AI score0.00805EPSS
Exploits0
NCSC
NCSC
•added 2020/12/15 12:0 a.m.•3 views

Vulnerability fixed in Apple MacOS Server

A vulnerability has been fixed in Apple MacOS Server. The vulnerability potentially allows a remote malicious party to perform execute a cross-site scripting attack or the ability to exploit an open-redirect vulnerability to be exploited. Apple has released updates to fix the vulnerability. More...

6.1CVSS5.9AI score0.0059EPSS
Exploits0
NCSC
NCSC
•added 2020/12/15 12:0 a.m.•3 views

Vulnerability fixed in Apple Safari

A vulnerability has been fixed in Apple Safari. The vulnerability potentially allows a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to get the user to visit a rogue page. Apple has released updates to fix the vulnerability. More...

8.8CVSS7AI score0.01705EPSS
Exploits0
NCSC
NCSC
•added 2020/12/14 12:0 a.m.•3 views

Actively exploited vulnerabilities fixed in SolarWinds Orion

SolarWinds reports active misuse of SolarWinds Orion. Through a still unknown method, a version of Orion was distributed between March and June 2020 distributed, which appears to contain a Trojan. It concerns the versions 2019.4 HF 5 through 2020.2.1. The manipulated versions are abused by...

8.1AI score
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•3 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed several vulnerabilities in Microsoft Exchange Server. An authenticated remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code execute arbitrary code or to obtain sensitive information. For each of the vulnerabilities included in this...

9.1CVSS7.2AI score0.8979EPSS
Exploits9
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•3 views

Vulnerabilities fixed in HP-UX PHP

Vulnerabilities have been fixed in HP-UX PHP. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data HP categorizes these vulnerabilities according to the...

9.1CVSS7.1AI score0.08888EPSS
Exploits13
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•3 views

Vulnerability fixed in Nessus

Nessus uses third-party software to provide underlying functionality. One of the third-party components jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Tenable has made updates available for Nessus to fix the vulnerability. More...

6.9CVSS6.9AI score0.99019EPSS
Exploits7
NCSC
NCSC
•added 2020/12/07 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

9.3CVSS7.2AI score0.99595EPSS
Exploits14
NCSC
NCSC
•added 2020/12/03 12:0 a.m.•3 views

Vulnerability fixed in Thunderbird

When reading status codes from the SMTP server, Thunderbird an integer to a position on the stack that is is intended to contain only one byte. Depending on the processor architecture and the stack layout, this leads to corruption of the stack that could potentially be abused. Mozilla has release...

9.3CVSS6.7AI score0.01222EPSS
Exploits0
NCSC
NCSC
•added 2020/12/02 12:0 a.m.•3 views

Vulnerabilities fixed in NetApp products

Several NetApp products contain FasterXML jackson-databind. FasterXML jackson-databind versions 2.x prior to 2.9.10.4 are susceptible to vulnerabilities that, when successfully exploited, can lead to disclosure of sensitive information, addition or modification of data, or denial of service DoS...

8.1CVSS6.6AI score0.05594EPSS
Exploits0
NCSC
NCSC
•added 2020/12/02 12:0 a.m.•3 views

Issues fixed in FortiOS

Fortinet has fixed multiple vulnerabilities in Fortinet products. The vulnerabilities allow a malicious person to execute attacks that potentially lead to: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data FortiNet has released updates to address the...

7.5CVSS6.2AI score0.07709EPSS
Exploits7
NCSC
NCSC
•added 2020/12/01 12:0 a.m.•3 views

Vulnerabilities fixed in MariaDB

Vulnerabilities have been fixed in MariaDB. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data The vulnerabilities marked CVE-2020-13249 and CVE-2020-15180 have CVSSv3...

9CVSS9.2AI score0.05539EPSS
Exploits0
NCSC
NCSC
•added 2020/11/27 12:0 a.m.•3 views

Vulnerability fixed in Netapp products

A vulnerability has been fixed in Jackson databind, used by several Netapp products. The vulnerability allows a malicious party to execute arbitrary code under the user's privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to...

9.8CVSS7.4AI score0.0864EPSS
Exploits0
NCSC
NCSC
•added 2020/11/26 12:0 a.m.•3 views

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in JQuery as used by Zimbra. A malicious party could exploit the vulnerabilities to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Few substantive details...

6.9CVSS6.8AI score0.99019EPSS
Exploits11
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•3 views

Vulnerability fixed in Citrix Hypervisor

A vulnerability has been fixed in Citrix Hypervisor. The vulnerability allows a malicious party capable of running code with elevated privileges on a guest VM able to execute execute arbitrary code with elevated privileges on the host. This vulnerability can only be exploited if a host...

7.3AI score
Exploits0
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•3 views

Vulnerabilities fixed in libexif

Several vulnerabilities have been fixed in libexif. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party must use the vulnerable application to have rogue image da...

9.8CVSS8AI score0.04262EPSS
Exploits0
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•3 views

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Security measure circumvention SQL Injection Accessing sensitive data Accessing system data Joomla! provides...

7.3AI score
Exploits0
NCSC
NCSC
•added 2020/11/24 12:0 a.m.•3 views

Vulnerabilities in VMware products

There is a vulnerability in a number of VMware products. The vulnerability allows a malicious person with access to the administrative configurator on port 8443 and valid admin credentials for this remote configurator to execute arbitrary commands with elevated privileges to execute arbitrary...

9.1CVSS7.2AI score0.23771EPSS
Exploits0
NCSC
NCSC
•added 2020/11/19 12:0 a.m.•3 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal core. Drupal core does not handle some file names correctly. As a result, it is possible for files to be misinterpreted and executed under the wrong MIME type or executed as PHP. This applies to a number of configurations; which ones these are is not...

8.8CVSS6.7AI score0.04269EPSS
Exploits0
NCSC
NCSC
•added 2020/11/19 12:0 a.m.•3 views

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2 and Db2 Connect Server. A local, authenticated malicious agent could potentially exploit the vulnerability to execute arbitrary code under root or SYSTEM privileges. IBM has released updates to fix the vulnerability. For more information, see:...

8.4CVSS7.6AI score0.00455EPSS
Exploits0
NCSC
NCSC
•added 2020/11/18 12:0 a.m.•3 views

Vulnerabilities fixed in OpenLDAP

Several vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated malicious person with network access to the OpenLDAP server is able to cause a denial-of-service on the OpenLDAP service. Exploit code is publicly available for both vulnerabilities. The operation of...

7.5CVSS9.4AI score0.02858EPSS
Exploits0
NCSC
NCSC
•added 2020/11/18 12:0 a.m.•3 views

Legal vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure. Remote code execution Us...

9.6CVSS7.2AI score0.03011EPSS
Exploits3
Total number of security vulnerabilities4190