Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2023/04/20 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service, to gain access to system data, or to execute arbitrary code in the context of the browser of the victim. To do this, the malicious party must trick the victim into openin...

9.6CVSS9.4AI score0.05786EPSS
Exploits0
NCSC
NCSC
•added 2023/04/17 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed two vulnerabilities in Chrome. No CVE ID has been disclosed of one of the vulnerabilities. The vulnerability with attribute CVE-2023-2033 allows a malicious person remotely able to cause a denial-of-service, or to execute arbitrary code in the context of the browser of the victim...

8.8CVSS7AI score0.40798EPSS
Exploits1
NCSC
NCSC
•added 2023/04/06 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome and Chromium

Google has fixed several vulnerabilities in Chrome. A remote malicious can exploit the vulnerabilities to perform execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data...

8.8CVSS9.7AI score0.01077EPSS
Exploits0
NCSC
NCSC
•added 2023/03/09 12:0 a.m.•2 views

Vulnerability fixed in Veeam Backup & Replication

A vulnerability has been fixed in Veaam Backup & Replication. A unauthenticated malicious person with access to the network port of the Backup Server, could exploit the vulnerability to retrieve encrypted credentials from the configuration. Using these credentials, the malicious party can then ga...

7.5CVSS6.9AI score0.7761EPSS
Exploits4
NCSC
NCSC
•added 2023/03/02 12:0 a.m.•2 views

Vulnerabilities fixed in Mattermost

Mattermost has fixed several vulnerabilities in Mattermost. The vulnerabilities were made through Responsible Disclosure and Mattermost is not making any substantive information available until March 30. No CVE IDs have been published. The most serious vulnerability has been rated HIGH by...

7AI score
Exploits0
NCSC
NCSC
•added 2023/03/02 12:0 a.m.•2 views

Vulnerability fixed in IBM Websphere

IBM has fixed a vulnerability in the HTTP server which is used in Websphere Application Server. An unauthenticated remote attacker could exploit the vulnerability to cause a Denial-of-Service by offering a prepared, malformed URL. IBM has released updates to fix the vulnerability in HTTP Server f...

7.5CVSS6.7AI score0.01116EPSS
Exploits0
NCSC
NCSC
•added 2023/02/16 12:0 a.m.•2 views

Fixed vulnerabilities in several Atlassian products

Atlassian has fixed vulnerabilities in several products that use git. The vulnerability is located in the included git implementation and allows a malicious person to to execute arbitrary code. For these vulnerabilities in git, security advisory NCSC-2023-0024 released. Atlassian has released...

9.8CVSS7.8AI score0.56334EPSS
Exploits0
NCSC
NCSC
•added 2023/02/10 12:0 a.m.•2 views

Vulnerability fixed in Red Hat OpenShift

Red Hat has fixed a vulnerability in the OpenShift Container Platform. The vulnerability is located in the Maven subsystem and allows an unauthenticated malicious person to apply command injections and execute shell commands with permissions from the underlying application. Red Hat has released...

9.8CVSS7.3AI score0.04031EPSS
Exploits0
NCSC
NCSC
•added 2023/02/02 12:0 a.m.•2 views

Vulnerability fixed in IBM Websphere Application Server

IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to execute arbitrary code on the system. Abuse is not simple and requires specially prepared data. IBM has released updates to fix the vulnerability in Websphere Application Server. Fo...

9.8CVSS7.3AI score0.01949EPSS
Exploits0
NCSC
NCSC
•added 2023/01/11 12:0 a.m.•2 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Exchange Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Accessing sensitive data. Impersonating another user spoofing Obtaining elevated privileges The vulnerability...

8CVSS6.2AI score0.01595EPSS
Exploits0
NCSC
NCSC
•added 2023/01/02 12:0 a.m.•2 views

Vulnerability found in SugarCRM

A new vulnerability may have been found in SugarCRM. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Web server. The described vulnerability is said to be located in the AttachFiles action o...

8AI score
Exploits0
NCSC
NCSC
•added 2022/12/28 12:0 a.m.•2 views

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.20 to fix the vulnerability. For more information, see:...

8.2CVSS6.8AI score0.08689EPSS
Exploits1
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...

9.8CVSS7.3AI score0.00921EPSS
Exploits0
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•2 views

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. The vulnerabilities allow a malicious person to impersonate as another user or obtain elevated privileges. Microsoft Edge Chromium-based: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

8.3CVSS6.2AI score0.01887EPSS
Exploits0
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•2 views

Vulnerability fixed in Microsoft Dynamics

A vulnerability has been fixed in Microsoft Dynamics Business Central. The vulnerability allows an authenticated malicious person remotely able to execute arbitrary code on the host OS of the system on which Microsoft Dynamics Business Central is is installed on. To properly exploit this...

8.5CVSS7.2AI score0.0157EPSS
Exploits0
NCSC
NCSC
•added 2022/12/05 12:0 a.m.•2 views

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...

8.8CVSS7.3AI score0.16109EPSS
Exploits2
NCSC
NCSC
•added 2022/12/02 12:0 a.m.•2 views

Vulnerabilities fixed in WordPress

Vulnerabilities have been fixed in WordPress. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Access to sensitive data No CVE features have been made available at...

6.9AI score
Exploits0
NCSC
NCSC
•added 2022/12/02 12:0 a.m.•2 views

Vulnerability fixed in Grafana

Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code in the browser on a victim's victim's system. To do this, the malicious party must trick the entice the victim to click on a rogue link. Grafana...

8.7CVSS9.5AI score0.68603EPSS
Exploits0
NCSC
NCSC
•added 2022/11/17 12:0 a.m.•2 views

Vulnerabilities fixed in F5 products

Vulnerabilities have been fixed in F5 products. The vulnerability with reference CVE-2022-41622 allows a remote malicious person to remote user to perform a cross-site request forgery attack. execute. A malicious party could use this vulnerability to cause a user with elevated privileges to perfo...

8.8CVSS7AI score0.87987EPSS
Exploits9
NCSC
NCSC
•added 2022/11/17 12:0 a.m.•2 views

Vulnerability fixed in Bitbucket Server and Data Center

A vulnerability has been fixed in Bitbucket Server and Data Center. The vulnerability allows a malicious person to execute arbitrary code by manipulating environment variables manipulating environment variables within the application. This requires the malicious person to be able to modify his...

9.8CVSS7.3AI score0.98076EPSS
Exploits3
NCSC
NCSC
•added 2022/11/10 12:0 a.m.•2 views

Vulnerabilities fixed in Grafana

Grafana Labs has fixed vulnerabilities in Grafana. A malicious party could potentially exploit the vulnerabilities to retrieve discover user accounts, use password resets to appropriate an account, or in specific cases where an environment is heavily loaded, to cause a race condition and thus gai...

9.8CVSS9.6AI score0.00922EPSS
Exploits0
NCSC
NCSC
•added 2022/11/09 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious party to cause a denial-of-service DoS cause or execute arbitrary code under the privileges of the user. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual,...

9.6CVSS9.6AI score0.00706EPSS
Exploits0
NCSC
NCSC
•added 2022/11/08 12:0 a.m.•2 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics. An authenticated malicious party could exploit the vulnerability to gain access to sensitive data. The table below lists the vulnerability fixed by Microsoft with the corresponding CVSSv3 score. Microsoft Dynamics:...

4.4CVSS6AI score0.01066EPSS
Exploits0
NCSC
NCSC
•added 2022/10/28 12:0 a.m.•2 views

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. A remote malicious party could potentially exploit the vulnerabilities to execute arbitrary code and/or cause a denial-of-service DoS Microsoft has made updates for Edge available to address the vulnerabilities. For more information, see:...

8.8CVSS7.7AI score0.23798EPSS
Exploits2
NCSC
NCSC
•added 2022/10/19 12:0 a.m.•2 views

Vulnerabilities fixed in Wordpress

Several vulnerabilities have been fixed in Wordpress. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Accessing sensitive data Wordpress...

7AI score
Exploits0
NCSC
NCSC
•added 2022/10/13 12:0 a.m.•2 views

Vulnerability fixed in LibreOffice

A vulnerability has been fixed in LibreOffice. The vulnerability allows a malicious party to execute arbitrary code on the victim's system. To do this, the malicious party must trick the victim into to open a specially prepared file. Along this path execute macro code without warning. The Documen...

6.3CVSS7.4AI score0.04354EPSS
Exploits0
NCSC
NCSC
•added 2022/10/03 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service or possibly to execute arbitrary code. As usual, no substantive details about the vulnerabilities publicly available made available. Google has released...

8.8CVSS7.3AI score0.00713EPSS
Exploits0
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•2 views

Vulnerability found in Zimbra Collaboration

A vulnerability has been fixed in Zimbra Collaboration Suite ZCS. The vulnerability allows a malicious party to launch attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Remote code execution Administrator/Root privileges The...

9.8CVSS7.5AI score0.95478EPSS
Exploits7
NCSC
NCSC
•added 2022/09/30 12:0 a.m.•2 views

Vulnerabilities found in GE Cimplicity

The Zero Day Initiative has published information about vulnerabilities in GE's Cimplicity have been published. The vulnerabilities occur during the processing of CIM files. Due to lack of proper initialization of the pointer, a malicious party can execute arbitrary code execute arbitrary code...

7.5AI score
Exploits0
NCSC
NCSC
•added 2022/09/28 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google vulnerabilities fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google has published few details about...

8.8CVSS7.5AI score0.00616EPSS
Exploits6
NCSC
NCSC
•added 2022/09/26 12:0 a.m.•2 views

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Manipulation of data Spoofing Access to sensitive data Node.js developers have released updates to address the vulnerabilities. More...

9.1CVSS6.5AI score0.68796EPSS
Exploits5
NCSC
NCSC
•added 2022/09/21 12:0 a.m.•2 views

Vulnerabilities fixed in BIND

ISC has fixed several vulnerabilities in BIND. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND. For more information, see: https://kb.isc.org/docs/cve-2022-2795...

8.2CVSS8.1AI score0.02299EPSS
Exploits0
NCSC
NCSC
•added 2022/09/21 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to execute arbitrary execute code under the user's privileges or to access gain access to sensitive data within the scope of the application. Mozilla has released updates to fix the...

8.8CVSS7.3AI score0.01342EPSS
Exploits0
NCSC
NCSC
•added 2022/09/15 12:0 a.m.•2 views

Vulnerability found in Microsoft Teams

Researchers from security firm Vectra have found a vulnerability found in the Microsoft Teams user application. The vulnerability allows a malicious party to obtain obtain authentication tokens from users and thereby perform actions with the victim's privileges. The vulnerability has not been...

6.8AI score
Exploits0
NCSC
NCSC
•added 2022/09/15 12:0 a.m.•2 views

Vulnerabilities fixed in Linux Kernel

Vulnerabilities have been fixed in the Linux Kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Increased user...

7.8CVSS7.4AI score0.06214EPSS
Exploits19
NCSC
NCSC
•added 2022/09/14 12:0 a.m.•2 views

Vulnerabilities fixed IBM Integration Bus and App Connect Enterprise

IBM has fixed vulnerabilities in the Node.js and OpenSSL components of the Integration Bus and App Connect Enterprise. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of...

8.1CVSS6.5AI score0.77766EPSS
Exploits4
NCSC
NCSC
•added 2022/09/09 12:0 a.m.•2 views

Vulnerability fixed in IBM Webpshere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a malicious party to perform an HTTP header injection. This allows a malicious perform various attacks such as cache poisoning and cross-site scripting. IBM has released updates to fix the vulnerability. More...

5.4CVSS6.8AI score0.00441EPSS
Exploits0
NCSC
NCSC
•added 2022/08/31 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to perform attacks execute attacks in the context of the browser that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User righ...

8.8CVSS7.5AI score0.24738EPSS
Exploits1
NCSC
NCSC
•added 2022/07/29 12:0 a.m.•2 views

Vulnerabilities fixed in Zimbra Collaboration

Vulnerabilities have been fixed in Zimbra Collaboration ZCS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Bypassing authentication Remote code execution User...

10CVSS7.5AI score0.95764EPSS
Exploits1
NCSC
NCSC
•added 2022/07/27 12:0 a.m.•2 views

Vulnerabilities fixed in Samba

The developers of Samba have fixed several vulnerabilities in Samba. A malicious party could potentially exploit them to reset passwords outside of established processes, access system data or possibly execute commands within the scope of the Samba server. To be abused, the malicious party must...

8.8CVSS7.8AI score0.01064EPSS
Exploits0
NCSC
NCSC
•added 2022/07/26 12:0 a.m.•2 views

Vulnerabilities fixed in IBM Rational ClearCase

IBM has fixed several vulnerabilities. The vulnerabilities are in the Java components of IBM Rational ClearCase. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or obtain obtain sensitive information. IBM has made...

7.1CVSS9.3AI score0.06868EPSS
Exploits0
NCSC
NCSC
•added 2022/07/05 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, or execute code in the scope of the application. Google indicates that the vulnerability with attribute CVE-2022-2294 has been has had limited active...

8.8CVSS7.3AI score0.70461EPSS
Exploits0
NCSC
NCSC
•added 2022/07/01 12:0 a.m.•2 views

Vulnerability found in OpenSSL

A vulnerability has been found in OpenSSL 3.0.4. A malicious party can exploit the vulnerability to cause of a denial-of-service DoS. The extent of this DoS can vary from one application. Although it is reported that the vulnerability also provides the ability to execute arbitrary code execute...

10CVSS6.1AI score0.44881EPSS
Exploits3
NCSC
NCSC
•added 2022/06/29 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox Extended Support Release ESR and Thunderbird. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code...

9.8CVSS7.5AI score0.23941EPSS
Exploits2
NCSC
NCSC
•added 2022/06/28 12:0 a.m.•2 views

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL. A malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data by performing a man-in-the-middle attack. Project CURL has released updates to address the vulnerabilities fixes in cURL 7.84.0...

9.8CVSS9.3AI score0.3197EPSS
Exploits4
NCSC
NCSC
•added 2022/06/24 12:0 a.m.•2 views

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2. The vulnerability allows a malicious person to gain access to sensitive data. IBM has released updates to fix the vulnerability in Db2. For more information, see: https://www.ibm.com/support/pages/node/6597993...

7.5CVSS6.9AI score0.00899EPSS
Exploits0
NCSC
NCSC
•added 2022/06/23 12:0 a.m.•2 views

Vulnerability fixed in TheHive and Cortex

A vulnerability has been fixed in TheHive and Cortex. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication by providing an existing username but not including a password. send. This vulnerability is only exploitable if TheHive and Cortex use an AD to...

6.9AI score
Exploits0
NCSC
NCSC
•added 2022/06/14 12:0 a.m.•2 views

Vulnerability fixed in Microsoft SQL Server

A vulnerability has been fixed in Microsoft SQL Server. The vulnerability allows an authenticated malicious person to execute arbitrary code, possibly as a Database Administrator, by executing a specially prepared query via the $ partition on a table where a Column Store index is present. Abuse o...

7.5CVSS7.2AI score0.01974EPSS
Exploits0
NCSC
NCSC
•added 2022/06/10 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person can exploit the vulnerabilities potentially exploit them to execute arbitrary code, cause a denial-of-service or gain access to system data. Google has released updates to fix the vulnerabilities in Chrome...

9.3CVSS7.5AI score0.01081EPSS
Exploits0
NCSC
NCSC
•added 2022/06/10 12:0 a.m.•2 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in the Xen hypervisor. The vulnerabilities allow a malicious person with access to a guest system to obtain elevated privileges on the host and can thereby compromise the system. Xen has released updates to fix the vulnerabilities. More information can be found on...

7.2CVSS7.6AI score0.00494EPSS
Exploits3
Total number of security vulnerabilities4190