Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2021/06/11 12:0 a.m.•2 views

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. A remote malicious party could, by exploiting this vulnerability to gain elevated privileges within the application server. This vulnerability is only exploitable when using SAML Web Inbound Trust Association Interceptor TAI. IBM...

8.8CVSS7AI score0.00744EPSS
Exploits0
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights To do this, the malicious party must induce the victim to...

8.8CVSS7.6AI score0.64701EPSS
Exploits1
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•2 views

Vulnerabilities fixed in Apache

Apache has released version 2.4.48 of the Apache Web server. In this version a number of vulnerabilities have been fixed, which can be exploited by an unauthenticated remote malicious person could be exploited to cause a denial-of-service. A vulnerability has also been fixed, which can be exploit...

9.8CVSS7.8AI score0.68067EPSS
Exploits0
NCSC
NCSC
•added 2021/06/04 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Thunderbird

Mozilla has fixed vulnerabilities in Thunderbird. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code execute with the application's permissions. Mozilla has released updates to fix the vulnerabilities in Thunderbird 78.11...

8.8CVSS7.3AI score0.01368EPSS
Exploits0
NCSC
NCSC
•added 2021/06/01 12:0 a.m.•2 views

Vulnerability fixed in Linux kernel

A vulnerability has been fixed in the Linux kernel. A local, authenticated malicious person can, by exploiting this vulnerability to gain root privileges on the vulnerable system. -= Fedora =- Fedora has made updates available for Fedora 33 and 34. You can install these updates using the command...

7.8CVSS8.4AI score0.00377EPSS
Exploits0
NCSC
NCSC
•added 2021/05/26 12:0 a.m.•2 views

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the linux kernel. The vulnerabilities allow a local malicious agent to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Increased user privileges -= Ubuntu =...

8.8CVSS8AI score0.27477EPSS
Exploits8
NCSC
NCSC
•added 2021/05/25 12:0 a.m.•2 views

Vulnerabilities fixed in Apple Safari

Apple has fixed vulnerabilities in Safari. The vulnerabilities potentially enable an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code...

8.8CVSS8.7AI score0.07471EPSS
Exploits2
NCSC
NCSC
•added 2021/05/21 12:0 a.m.•2 views

Vulnerability fixed in Confluence

A vulnerability has been fixed in JIRA. The vulnerability allows a local malicious agent the ability to execute arbitrary code execute under application privileges. JIRA has released updates to fix the vulnerability. More information can be found on the page below:...

8.8CVSS8.5AI score0.77735EPSS
Exploits1
NCSC
NCSC
•added 2021/05/14 12:0 a.m.•2 views

Vulnerabilities fixed in Wordpress

Wordpress has fixed two vulnerabilities in the standard included PHPMailer module. A remote malicious party can exploit the exploit the vulnerabilities to execute arbitrary code under the application's permissions, potentially gaining access gain access to sensitive information within the scope o...

9.8CVSS7.3AI score0.03095EPSS
Exploits0
NCSC
NCSC
•added 2021/05/14 12:0 a.m.•2 views

Vulnerabilities fixed in AWStats

Vulnerabilities have been fixed in AWStats. An unauthenticated malicious party could exploit the vulnerabilities to perform a path traversal attack that could gain access to arbitrary files. In doing so, the vulnerabilities can only exploited only to read key/value pairs that can be parsed by...

9.8CVSS7.1AI score0.04352EPSS
Exploits1
NCSC
NCSC
•added 2021/05/12 12:0 a.m.•2 views

Vulnerabilities fixed in Xerox WorkCentre

Vulnerabilities have been fixed in Xerox WorkCentre. The vulnerabilities allow a remote malicious person to execute arbitrary code. There are no known CVE numbers for these vulnerabilities. Xerox has released updates to fix the vulnerabilities. More information can be found on the page below:...

6.8AI score
Exploits0
NCSC
NCSC
•added 2021/05/11 12:0 a.m.•2 views

Vulnerability fixed in Microsoft Internet Explorer

Microsoft has fixed a vulnerability in Internet Explorer. A malicious person could exploit the vulnerability to execute arbitrary code in the context of the browser. The malicious needs to entice the user to visit a web page which contains the malicious code. Microsoft has made updates available...

7.6CVSS6.6AI score0.22595EPSS
Exploits3
NCSC
NCSC
•added 2021/05/07 12:0 a.m.•2 views

Vulnerabilities fixed in MariaDB

Vulnerabilities have been fixed in MariaDB. An authenticated malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. MariaDB has released updates to fix the vulnerabilities in 10.2.38 and 10.3.29. For more information, see:...

4.9CVSS9.4AI score0.04643EPSS
Exploits0
NCSC
NCSC
•added 2021/04/22 12:0 a.m.•2 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. An unauthenticated remote malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. For this vulnerabilit...

6.3AI score
Exploits0
NCSC
NCSC
•added 2021/04/20 12:0 a.m.•2 views

Vulnerability fixed in x.org

A vulnerability has been fixed in X.org. A malicious person could exploit the vulnerability to appropriate elevated privileges within the X server and thus potentially execute arbitrary code with application privileges. Under usual circumstances, an X server runs with limited permissions. -= Debi...

7.8CVSS7AI score0.0105EPSS
Exploits0
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•2 views

Vulnerability fixed in NetApp products

Several NetApp products include Lodash. Lodash versions up to and including 4.17.15 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information, the addition or modification of data, or Denial of Service DoS. NetApp has released update...

7.4CVSS8AI score0.05213EPSS
Exploits1
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the permissions of the application or gain access to sensitive data in the context of the application. To do so, the malicious party...

9.6CVSS7.9AI score0.34466EPSS
Exploits0
NCSC
NCSC
•added 2021/04/14 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the rights of the application. To do this, the malicious party needs to victim to visit a rogue Web page. Google has indicated that for...

8.8CVSS7.9AI score0.70435EPSS
Exploits6
NCSC
NCSC
•added 2021/04/09 12:0 a.m.•2 views

Vulnerability fixed in dnsmasq

A vulnerability has been fixed in dnsmasq.The vulnerability allows a malicious party the ability to perform a DNS Cache Poisoning attack execute on a dnsmasq server. dnsmasq has released updates to fix the vulnerability. For more information, see:...

4.3CVSS6.9AI score0.01988EPSS
Exploits1
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•2 views

Vulnerability fixed in WebSphere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6441063...

6.5CVSS6.8AI score0.01298EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•2 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 12 and 15. fixes in SUSE...

6.5CVSS7.1AI score0.00417EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•2 views

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in SUSE kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Live...

7.8CVSS8.5AI score0.02404EPSS
Exploits5
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•2 views

Vulnerabilities fixed in xen

Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in SU...

5.5CVSS7.1AI score0.00314EPSS
Exploits0
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•2 views

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL.The vulnerabilities allow a remote malicious person the ability to obtain sensitive information obtain. To do so, the malicious party must induce the victim to visit a server under the control of the malicious party. -= Debian =- Debian has made updates to...

5.3CVSS6.9AI score0.05301EPSS
Exploits2
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•2 views

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...

6.7AI score
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•2 views

Vulnerability fixed in SpamAssassin

The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...

10CVSS7.7AI score0.06132EPSS
Exploits0
NCSC
NCSC
•added 2021/03/22 12:0 a.m.•2 views

Vulnerabilities fixed in Xerox ColorQube systems

Xerox has fixed vulnerabilities in ColorQube systems. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to provide access to the file system. No details have been made available about the latter vulnerability made available, nor has a CVE attribute be...

6.5CVSS7AI score0.01248EPSS
Exploits0
NCSC
NCSC
•added 2021/03/11 12:0 a.m.•2 views

Vulnerabilities fixed in IBM DB2

IBM has fixed two vulnerabilities in DB2. A local malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the underlying system with root privileges. To do this, however, the malicious party must have local access to the vulnerable system. IBM...

8.4CVSS7.2AI score0.00564EPSS
Exploits0
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•2 views

Vulnerability fixed in Squid

Squid's developers have fixed a vulnerability. A authenticated user can exploit the vulnerability via an HTTP-Request Smuggling attack to still gain access gain access to services and websites that should be shielded. Squid has released updates to fix the vulnerability in Squid v 4.14 and 5.0.5...

8.6CVSS7AI score0.08161EPSS
Exploits0
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•2 views

Vulnerability fixed in Websphere Application Server

IBM has fixed a vulnerability in Websphere Application Server. A malicious party could exploit the vulnerability to gain access to sensitive data via Directory Traversal to gain access to sensitive data. IBM has released updates to fix the vulnerability in Websphere Application Server. For more...

6.5CVSS6.8AI score0.02252EPSS
Exploits0
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•2 views

Vulnerabilities fixed in Oracle Enterprise Linux

Oracle has fixed vulnerabilities in Oracle Enterprise Linux. The vulnerabilities allow a local, authenticated malicious agent to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Code execution at the kernel level Increased user privileges -= Oracle ...

7.8CVSS8.3AI score0.01377EPSS
Exploits1
NCSC
NCSC
•added 2021/03/09 12:0 a.m.•2 views

Vulnerabilitiesj fixed in Xerox AltaLink systems

Xerox has fixed vulnerabilities in AltaLink systems. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code on the system, circumvent a security measure bypass a security measure or gain access to sensitive data. No CVE ID of the vulnerabilities has been disclosed...

7.4AI score
Exploits0
NCSC
NCSC
•added 2021/03/09 12:0 a.m.•2 views

Vulnerability fixed in Apple products

The WebKit module contains code that allows a Web browser to be realized. The WebKit module is found in several Apple products. Apple has fixed a vulnerability in the WebKit module. fixed. The vulnerability allows a remote malicious person to able to cause a denial-of-service with potentially the...

8.8CVSS7AI score0.02368EPSS
Exploits0
NCSC
NCSC
•added 2021/03/04 12:0 a.m.•2 views

Vulnerability fixed in wpa_supplicant

A vulnerability has been fixed in wpasupplicant when it is configured for P2P Wi-Fi Direct support. A malicious person within Wi-Fi range could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with root privileges. w1.fi has released updates to fix t...

7.5CVSS7.5AI score0.01228EPSS
Exploits0
NCSC
NCSC
•added 2021/03/03 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data As usual, Google...

8.8CVSS7.2AI score0.26525EPSS
Exploits24
NCSC
NCSC
•added 2021/02/23 12:0 a.m.•2 views

Vulnerability fixed in Jenkins

A vulnerability has been fixed in Jenkins. The vulnerability allows an authenticated malicious person to obtain elevated privileges. obtain. Jenkins has released updates to fix the vulnerability. More information can be found on the page below: https://www.jenkins.io/security/advisory/2021-02-19/...

9CVSS6.4AI score0.03197EPSS
Exploits0
NCSC
NCSC
•added 2021/02/23 12:0 a.m.•2 views

Vulnerability fixed in OpenLDAP

A vulnerability has been fixed in OpenLDAP. The vulnerability allows an unauthenticated remote malicious party to cause a denial-of-service attack. The developers of OpenLDAP have released updates to fix the vulnerability. More information can be found at the page below:...

7.5CVSS6.8AI score0.64147EPSS
Exploits1
NCSC
NCSC
•added 2021/02/19 12:0 a.m.•2 views

Vulnerability fixed in IBM WebSphere Application Server

IBM WebSphere Application Server can let an attacker remotely access folders access folders. An attacker can send a specially crafted URL request with "dot-dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. For more information, see:...

7.8CVSS6.8AI score0.03696EPSS
Exploits0
NCSC
NCSC
•added 2021/02/16 12:0 a.m.•2 views

Vulnerabilities fixed in IBM WebSphere Application Server

Vulnerabilities have been fixed in IBM WebSphere. The vulnerabilities with reference CVE-2020-2773, CVE-2020-14781 and CVE-2020-14782 have been previously described in the security advisories with attribute NCSC-2020-0279 and NCSC-2020-0856. The vulnerability with attribute CVE-2020-27221 allows ...

9.8CVSS8.4AI score0.03625EPSS
Exploits0
NCSC
NCSC
•added 2021/02/12 12:0 a.m.•2 views

Vulnerabilities fixed in PostgreSQL

Several vulnerabilities have been fixed in PostgreSQL. A malicious person with limited privileges could potentially exploit them to gain access to data stored in a PostgreSQL database. Developers have released updates to fix the vulnerabilities fixes in PostgreSQL 13.2, 12.6, 11.11, 10.16, 9.6.21...

4.3CVSS7.1AI score0.01466EPSS
Exploits2
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•2 views

Vulnerabilities fixed in Docker

Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...

6.8CVSS8.9AI score0.03287EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•2 views

Vulnerability fixed in PEAR

A vulnerability has been fixed in PEAR ArchiveTar. A malicious party could potentially exploit the vulnerability to run execute arbitrary PHP code under the privileges of the application. To do this, the malicious party must create a rogue .tar-, .tar.gz, .bz2, or .tlz file to be processed by the...

7.5CVSS7.1AI score0.70595EPSS
Exploits0
NCSC
NCSC
•added 2021/02/08 12:0 a.m.•2 views

Vulnerabilities fixed in OpenSUSE Linux kernel

Several vulnerabilities have been fixed in the Linux kernel as used by openSUSE. The vulnerabilities allow a local, authenticated malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution at the kernel level Access to sensiti...

8.8CVSS8.2AI score0.01377EPSS
Exploits2
NCSC
NCSC
•added 2021/02/05 12:0 a.m.•2 views

Vulnerability fixed in IBM Integration Bus

IBM has fixed a vulnerability in the node.js component of Integration Bus. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. IBM has released updates to fix the vulnerability in Integration Bus V10.0.0.23. For more information, see:...

7.5CVSS6.7AI score0.0344EPSS
Exploits1
NCSC
NCSC
•added 2021/02/03 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

9.6CVSS7.3AI score0.01116EPSS
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed several vulnerabilities in Firefox. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitive...

8.8CVSS6.9AI score0.01323EPSS
Exploits2
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•2 views

Vulnerability fixed in Jenkins

A vulnerability has been fixed in Jenkins. A malicious party can exploit the vulnerability to obtain information from the system, potentially bypassing existing security measures. bypassing existing security measures. This vulnerability arose in the most recent version of Jenkins when the...

6.5CVSS6.7AI score0.02226EPSS
Exploits0
NCSC
NCSC
•added 2021/01/20 12:0 a.m.•2 views

Vulnerability fixed in NetApp products

A vulnerability has been fixed in NetApp products. The vulnerability allows a malicious party to obtain sensitive data obtain sensitive data. NetApp has released updates to fix the vulnerability. More information can be found on the page below:...

4.3CVSS8.2AI score0.04803EPSS
Exploits0
NCSC
NCSC
•added 2021/01/20 12:0 a.m.•2 views

Vulnerability fixed in Red Hat kernel

A vulnerability has been fixed in the Red Hat kernel. The vulnerability allows a local malicious agent to cause a denial-of-service and to modify data. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...

6CVSS7.8AI score0.00566EPSS
Exploits1
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•2 views

Serious vulnerability fixed in Mozilla Firefox

A serious vulnerability has been fixed in Mozilla Firefox. A malicious party, by modifying a COOKIE-ECHO chunk in an SCTP package potentially cause a use-after-free. Mozilla indicates that it is likely, with enough effort, that this vulnerability could lead to the execution of arbitrary code...

8.8CVSS6.8AI score0.01304EPSS
Exploits0
Total number of security vulnerabilities4189