Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2020/11/03 12:0 a.m.•27 views

Multiple vulnerabilities fixed in NetApp products

NetApp developers have fixed several vulnerabilities that could lead to a denial-of-service DoS attack and the obtaining sensitive information. NetApp developers have released updates to fix the vulnerabilities. More information can be found on the pages below:...

9CVSS7.8AI score0.1786EPSS
Exploits2
NCSC
NCSC
•added 2024/10/15 3:18 p.m.•27 views

Vulnerabilities fixed in Splunk Enterprise

Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or execute arbitrary code in the context of the application. For successful abuse, the malicious party must be authenticated prior. Splunk has released...

8.8CVSS7.8AI score0.01092EPSS
Exploits0References3
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•26 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as. SIMATIC, WinCC, Parasolid, RUGGEDCOM, Simcenter, SCALANCE, SIDIS, Teknomatix, Unicam and Location Intelligence. The vulnerabilities potentially enable a malicious party to conduct attacks that could result in the following categories ...

10CVSS7.3AI score0.8377EPSS
Exploits133
NCSC
NCSC
•added 2023/02/03 12:0 a.m.•26 views

Vulnerability fixed in VMWare Workstation

VMWare has fixed a vulnerability in VMWare Workstation. A local malicious party could exploit the vulnerability to remove arbitrary delete files from the system on which Workstation is installed. VMWare has released updates to fix the vulnerability in Workstation 17.0.1. For more information, see...

8.4CVSS6.8AI score0.00294EPSS
Exploits0
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•26 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of authentication Remote code...

9.8CVSS6.1AI score0.44678EPSS
Exploits15
NCSC
NCSC
•added 2022/07/21 12:0 a.m.•26 views

Vulnerabilities fixed in Cisco Nexus Dashboard

Vulnerabilities have been fixed in Cisco Nexus Dashboard. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root permissions. Cross-Site Scripting XSS. Access to sensitive data...

9.8CVSS7.6AI score0.01437EPSS
Exploits0
NCSC
NCSC
•added 2022/07/20 12:0 a.m.•26 views

Vulnerabilities fixed in Oracle Systems

Oracle has fixed vulnerabilities in Solaris and ZFS Storage Appliance. A malicious party can exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Access to sensitive data Remote code execution Administrator/Root privileges An overview of all fixed...

8.2CVSS7.3AI score0.028EPSS
Exploits0
NCSC
NCSC
•added 2022/04/29 12:0 a.m.•26 views

Vulnerabilities fixed in Cisco Adaptive Security Appliance

Vulnerabilities have been fixed in Cisco ASA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Spoofing Access to sensitive data Increased user privileges Cisco has released updates to fix th...

8.8CVSS6.6AI score0.28369EPSS
Exploits1
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•26 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Spoofing Accessing sensitive data Microsoft Offic...

8.8CVSS7.1AI score0.53178EPSS
Exploits0
NCSC
NCSC
•added 2021/06/11 12:0 a.m.•26 views

Vulnerabilities fixed in McAfee Agent for Windows

Vulnerabilities have been fixed in McAfee Agent for Windows. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-31840 potentially exploit it to execute arbitrary code with elevated privileges via a "DLL preloading" attack. The vulnerability with CVE attribut...

7.3CVSS7.9AI score0.00348EPSS
Exploits0
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•26 views

Vulnerability fixed in FortiWeb

A vulnerability has been fixed in FortiWeb. An authenticated malicious party could exploit the vulnerability to obtain plaintext passwords for systems configured via a Web Vulnerability Scan profile. FortiNet has released updates to fix the vulnerability in FortiWeb. For more information, see:...

6.5CVSS6.8AI score0.00963EPSS
Exploits0
NCSC
NCSC
•added 2021/02/08 12:0 a.m.•26 views

Vulnerability fixed in VxWorks

In Wind River VxWorks, the memory allocator has a possible overflow when calculating the size of the memory block that should be allocated by calloc. The result is that the actual allocated memory is smaller than the buffer size specified by the arguments, leading to memory corruption. The...

7.5CVSS8.5AI score0.01475EPSS
Exploits0
NCSC
NCSC
•added 2026/05/11 6:38 a.m.•25 views

vulnerabilities handled in LiteLLM by BerriAI

BerriAI has addressed vulnerabilities in LiteLLM, specifically in versions 1.74.2 to 1.83.6. LiteLLM is a widely used proxy for managing APIs to a large number of LLM systems in a centralized manner. The first vulnerability involves an SQL injection in the proxy API key verification mechanism,...

9.8CVSS6.4AI score0.86607EPSS
Exploits8References2
NCSC
NCSC
•added 2026/04/10 12:53 p.m.•25 views

Vulnerabilities fixed in Microsoft Windows

Microsoft fixed vulnerabilities in Windows A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges - Executio...

9.8CVSS6.7AI score0.1911EPSS
Exploits8
NCSC
NCSC
•added 2025/09/04 8:15 a.m.•25 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities in the Android kernel include a race condition between functions that manage CPU timers, which can lead to system instability. In addition,...

9.8CVSS7.8AI score0.01345EPSS
Exploits14References2
NCSC
NCSC
•added 2025/08/13 7:23 a.m.•25 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Microsoft Office including SharePoint, Visio, Word, Excel and PowerPoint. The vulnerabilities in Microsoft Office include several "use after free" errors, heap-based buffer overflows and other vulnerabilities that allow unauthorized attackers to execute...

9.8CVSS7.8AI score0.17154EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/17 1:54 p.m.•25 views

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution Us...

9.8CVSS7.6AI score0.9378EPSS
Exploits22References32
NCSC
NCSC
•added 2024/04/04 12:0 a.m.•25 views

Vulnerabilities fixed in Cisco Nexus Dashboard

Cisco has fixed vulnerabilities in the Nexus Dashboard and underlying modules, such as Fabric Controller and Orchestrator. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Da...

8.8CVSS7.7AI score0.00803EPSS
Exploits0
NCSC
NCSC
•added 2023/12/14 12:0 a.m.•25 views

Vulnerabilities fixed in Zoom

Zoom has fixed vulnerabilities in Zoom clients for Android, iOS, macOS, Linux and Windows. An authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data, grant themselves elevated privileges or cause a denial-of-service attack. Zoom has released updates to fix...

8.8CVSS7.2AI score0.00991EPSS
Exploits0
NCSC
NCSC
•added 2023/11/16 12:0 a.m.•25 views

Vulnerabilities fixed in Elastic Kibana and Logstash

Elastic has fixed vulnerabilities in Kibana and Logstash. The vulnerability with reference CVE-2023-46671 is located in Kibana and allows an authenticated malicious party to obtain sensitive data from the log, such as api keys, user credentials and system credentials. The vulnerability with...

8.4CVSS6.8AI score0.00656EPSS
Exploits0
NCSC
NCSC
•added 2023/05/19 12:0 a.m.•26 views

Vulnerabilities fixed in Cisco Identity Services Engine (ISE).

Cisco has fixed vulnerabilities in Identity Services Engine ISE. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution Administrator/Root rights...

7.2CVSS7.9AI score0.01188EPSS
Exploits0
NCSC
NCSC
•added 2023/04/20 12:0 a.m.•25 views

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

7.5CVSS8.3AI score0.50445EPSS
Exploits3
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•25 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several components of Azure. For an overview of the vulnerabilities, see the following list. Azure App Service: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

8.7CVSS6.4AI score0.03115EPSS
Exploits0
NCSC
NCSC
•added 2022/09/07 12:0 a.m.•25 views

Vulnerabilities fixed in Fortinet products

Forinet has fixed vulnerabilities in FortiOS, FortiAP, and FortiMail. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...

7.8CVSS6.4AI score0.01219EPSS
Exploits0
NCSC
NCSC
•added 2022/06/15 12:0 a.m.•25 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to execute arbitrary code in the context of the application. To do this, the malicious party must entice the victim to open a rogue file. Adobe has released updates to fix the vulnerabilities in...

9.3CVSS7.4AI score0.05941EPSS
Exploits0
NCSC
NCSC
•added 2022/03/02 12:0 a.m.•25 views

Vulnerabilities fixed in Fortinet products

Fortinet has fixed multiple vulnerabilities in several Fortinet products. The vulnerabilities allow a malicious party to able to carry out attacks that potentially lead to: Bypassing authentication Bypassing security measures Accessing sensitive data Increased user privileges The vulnerability wi...

9.8CVSS6.9AI score0.01449EPSS
Exploits0
NCSC
NCSC
•added 2021/11/01 12:0 a.m.•25 views

Vulnerability fixed in HPE iLO

HPE has fixed a vulnerability in iLO Amplifier Pack. HPE iLO Amplifier Pack is an applicance that allows HPE iLO systems to be be managed. The vulnerability allows a malicious party to opportunity to execute arbitrary code on the HPE iLO Amplifier Pack. HPE recommends that after updating the HPE...

10CVSS7.7AI score0.13478EPSS
Exploits0
NCSC
NCSC
•added 2021/03/05 12:0 a.m.•25 views

Vulnerability fixed in Cisco Webex Meetings

A vulnerability has been fixed in Cisco Webex Meetings. The vulnerability allows a malicious party to make changes to make changes to the distribution list of Cisco Webex Meetings belonging to another other user within the same organization. Cisco has released updates to fix the vulnerability. Mo...

4.3CVSS6.6AI score0.00808EPSS
Exploits0
NCSC
NCSC
•added 2026/01/13 2:42 p.m.•24 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in SAP S/4HANA Private Cloud and On-Premise, SAP Wily Introscope Enterprise Manager, SAP Landscape Transformation, SAP HANA, SAP Application Server for ABAP, SAP NetWeaver, SAP ECC, SAP Fiori App for Intercompany Balance Reconciliation, SAP NetWeaver Application Serv...

9.9CVSS8.2AI score0.00878EPSS
Exploits0References1
NCSC
NCSC
•added 2025/04/16 3:11 p.m.•24 views

Vulnerabilities fixed in Oracle MySQL

Oracle fixed multiple vulnerabilities in MySQL The vulnerabilities in Oracle MySQL allow malicious parties to launch a denial-of-service attack, gain access to sensitive data or, with sufficient authorizations, affect the operation of the MySQL server. Oracle has released updates to fix the...

9.1CVSS6.3AI score0.02772EPSS
Exploits1References1
NCSC
NCSC
•added 2025/03/03 2:10 p.m.•24 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions for 17.7.6, 17.8.4 and 17.9.1. The vulnerability is in the ability for HTML injection in searches of child items. This vulnerability can be exploited by malicious parties to perform cross-site scripting XSS attacks. The potential for...

8.7CVSS6.3AI score0.00464EPSS
Exploits1References1
NCSC
NCSC
•added 2024/02/07 12:0 a.m.•24 views

Vulnerabilities fixed in SolarWinds Platform

SolarWinds has fixed vulnerabilities in SolarWinds Platform. An authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data via SQL injection, or execute code that the malicious party is not initially authorized. SolarWinds has released updates to address the...

8CVSS7.9AI score0.01578EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•24 views

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Oracle has fixe...

9.8CVSS7.5AI score0.03216EPSS
Exploits3
NCSC
NCSC
•added 2023/03/23 12:0 a.m.•24 views

Vulnerabilities fixed in IBM Aspera Faspex

IBM has fixed vulnerabilities in Aspera Faspex. A malicious party could exploit the vulnerabilities to obtain sensitive data obtain, or potentially execute arbitrary code under the victim's privileges through an XML External Entity injection attack XXE. IBM has released updates to fix the...

9.9CVSS7.6AI score0.01343EPSS
Exploits0
NCSC
NCSC
•added 2023/01/25 12:0 a.m.•24 views

Vulnerabilities fixed in VMWare vRealize Log Insight

VMWare has fixed vulnerabilities in vRealize Log Insight. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, to access gain access to system data, or to potentially execute arbitrary code execute system privileges via injecting files at the operatin...

9.8CVSS7.5AI score0.87077EPSS
Exploits3
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•24 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has remedied vulnerabilities in the following Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager for Peoplesoft Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for Storage Management The vulnerabilities allow a malicious person to...

9.8CVSS9.7AI score0.99999EPSS
Exploits21
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•24 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Backup & Replication. A malicious party could exploit the vulnerabilities to execute of arbitrary code. To do so, the malicious party must access an internal API of the Veeam Distribution Service. For this no authentication is required. Veeam has released update...

10CVSS7.3AI score0.05942EPSS
Exploits0
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•24 views

Vulnerabilities fixed in Atlassian Jira Server

Atlassian has fixed two vulnerabilities in Jira Server. A authenticated malicious person could exploit the vulnerabilities to give themselves elevated privileges, gain access to sensitive data and manipulate that data. The vulnerability is in access control, which allows accounts that have been...

7.5CVSS7.1AI score0.00836EPSS
Exploits0
NCSC
NCSC
•added 2021/06/03 12:0 a.m.•24 views

Vulnerabilities fixed in Cisco Webex Meetings and Webex Server

Cisco has fixed vulnerabilities in Webex Meetings, Webex Meetings Server, Webex Teams and Webex client software. The vulnerabilities allow a malicious person, possibly remotely, to able to launch attacks that result in the following categories of damage: Circumvention of security measure. Remote...

7.8CVSS7.7AI score0.00825EPSS
Exploits0
NCSC
NCSC
•added 2021/05/06 12:0 a.m.•24 views

Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client

Vulnerabilities have been fixed in Cisco AnyConnect Secure Mobility Client. The vulnerability with CVE attribute CVE-2021-1519 allows a local malicious person able to overwrite VPN profiles. The remaining vulnerabilities apply only to the Windows client, whereby a local malicious agent, by...

7.8CVSS6.8AI score0.00527EPSS
Exploits0
NCSC
NCSC
•added 2021/04/19 12:0 a.m.•24 views

Vulnerabilities fixed in Juniper Junos Space

Juniper Networks has fixed vulnerabilities in Junos Space. The include vulnerabilities in Junos Space itself as well as vulnerabilities in third-party software. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Si...

10CVSS7.2AI score0.99295EPSS
Exploits400
NCSC
NCSC
•added 2020/11/16 12:0 a.m.•24 views

Vulnerabilities fixed in Intel PROSet/Wireless products

Vulnerabilities have been fixed in products from the Intel PROSet/Wireless family. The vulnerabilities allow a malicious able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Spoofing Increased user privileges Intel has released updates to fix the...

8.8CVSS7.9AI score0.02285EPSS
Exploits0
NCSC
NCSC
•added 2026/05/28 6:49 a.m.•23 views

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, specifically in versions 12.7 through 18.10.7, 18.11 through 18.11.4, and 19.0 through 19.0.1. These vulnerabilities relate to various aspects of authentication, authorization, and validation...

8.2CVSS5.7AI score0.00471EPSS
Exploits0References1
NCSC
NCSC
•added 2026/03/03 9:7 a.m.•23 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies, Unisoc and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit...

9.8CVSS6.1AI score0.08942EPSS
Exploits17References2
NCSC
NCSC
•added 2025/02/11 6:53 a.m.•23 views

Vulnerabilities fixed in Cisco IOS, IOS XE and IOS XR Software

Cisco has fixed several vulnerabilities in IOS, IOS XE and IOS XR Software. The vulnerabilities are in how the SNMP subsystem on the vulnerable devices handles traffic. Authenticated malicious actors can send specially crafted SNMP requests, which can lead to denial-of-service DoS conditions on t...

7.7CVSS7.1AI score0.00755EPSS
Exploits0References2
NCSC
NCSC
•added 2025/01/22 1:30 p.m.•23 views

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several database products and subsystems, including the Core Database, Grail, Application Express, GoldenGate and REST data. The vulnerabilities are in several components of the Oracle Database, including the Data Mining component and the Java VM. These...

10CVSS7AI score0.9378EPSS
Exploits53References1
NCSC
NCSC
•added 2024/06/26 8:58 a.m.•23 views

Vulnerabilities fixed in Progress MOVEit

Progress has fixed vulnerabilities in MOVEit Transfer and MOVEit Gateway. During the vulnerability investigation, a vulnerability was also discovered in an unnamed Third-Party component in use by MOVEit Transfer. The vulnerabilities are located in the SFTP module of the affected applications and...

9.8CVSS7.5AI score0.75812EPSS
Exploits3References2
NCSC
NCSC
•added 2023/06/30 12:0 a.m.•23 views

Vulnerability fixed in Schneider Electric EcoStruxture Operator Terminal Expert

Schneider Electric has fixed a vulnerability in the EcoStruxture Operator Terminal Expert. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system and gain access to sensitive data. To do this, the malicious party must have local access to the vulnerab...

7.8CVSS7.3AI score0.00597EPSS
Exploits0
NCSC
NCSC
•added 2023/03/10 12:0 a.m.•23 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in IOS XR, as used in ASR series 9000 routers. An unauthenticated remote malicious person could remote can exploit the vulnerability with attribute CVE-2023-20049 to cause a denial-of-service DoS by sending rogue BFD packets. BFD is Bidirectional Forwarding...

8.6CVSS7.2AI score0.01046EPSS
Exploits0
NCSC
NCSC
•added 2022/07/07 12:0 a.m.•23 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution Use...

9CVSS7.1AI score0.01795EPSS
Exploits0
Total number of security vulnerabilities4189