Lucene search
K

4209 matches found

NCSC
NCSC
•added 2023/01/04 12:0 a.m.•119 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc, Imagination Technologies and Mediatek. The vulnerabilities allow a malicious party potentially able to launch attacks that lead ...

9.8CVSS7.2AI score0.03763EPSS
Exploits4
NCSC
NCSC
•added 2023/01/03 12:0 a.m.•6 views

Vulnerability fixed in MISP

A vulnerability has been fixed in MISP. The vulnerability allows an authenticated malicious person to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application being visited. CIRCL has released an...

6.1CVSS6.6AI score0.00415EPSS
Exploits0
NCSC
NCSC
•added 2023/01/02 12:0 a.m.•2 views

Vulnerability found in SugarCRM

A new vulnerability may have been found in SugarCRM. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Web server. The described vulnerability is said to be located in the AttachFiles action o...

8AI score
Exploits0
NCSC
NCSC
•added 2023/01/02 12:0 a.m.•5 views

Vulnerabilities fixed in Snipe-IT

Several vulnerabilities have been fixed in Snipe-IT. The vulnerabilities allow a remote malicious person to launch an XSS attack and to retrieve usernames. To exploit the XSS vulnerability, the malicious party must be authenticated and have rights to Accessory and Consumables to modify. The...

5.4CVSS6.6AI score0.00646EPSS
Exploits2
NCSC
NCSC
•added 2022/12/29 12:0 a.m.•4 views

Vulnerability fixed in Esri ArcGIS Server

A vulnerability has been fixed in Esri ArcGis Server. This vulnerability allows an unauthenticated malicious person through path traversal to view system information from the server on which the application is running. Esri has released updates to fix the vulnerability. For more information, see:...

7.5CVSS6.7AI score0.01333EPSS
Exploits0
NCSC
NCSC
•added 2022/12/28 12:0 a.m.•3 views

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.20 to fix the vulnerability. For more information, see:...

8.2CVSS6.8AI score0.08689EPSS
Exploits1
NCSC
NCSC
•added 2022/12/27 12:0 a.m.•6 views

Vulnerability fixed in HCL BigFix

A vulnerability has been fixed in HCL BigFix. The vulnerability allows an authenticated remote malicious person to obtain to obtain sensitive data. HCL has released updates to fix the vulnerability. More information can be found on the page below: https://support.hcltechsw.com...

7.7CVSS6.6AI score0.00312EPSS
Exploits0
NCSC
NCSC
•added 2022/12/23 12:0 a.m.•7 views

Vulnerability fixed in Juniper JunOS

Juniper has fixed a vulnerability in JunOS and JunOS Evolved. The vulnerability allows an unauthenticated malicious person at remote user to cause a denial-of-service by sending a sending a rogue BGP message. To do this, the malicious party must have built a valid BGP session. The vulnerability i...

7.5CVSS6.9AI score0.00665EPSS
Exploits0
NCSC
NCSC
•added 2022/12/23 12:0 a.m.•7 views

Vulnerabilities fixed in HCL Lotus Notes

HCL has fixed vulnerabilities in Lotus Notes. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service, or to potentially execute arbitrary execute arbitrary code with user privileges. HCL has released updates to fix the vulnerabilities in Lotus Notes 9.0....

9.8CVSS7.7AI score0.00704EPSS
Exploits0
NCSC
NCSC
•added 2022/12/23 12:0 a.m.•6 views

Vulnerability fixed in HP OfficeConnect 1820 and 1850 switches

HPO has fixed a vulnerability in the firmware of its OfficeConnect 1820 and 1850 switches. An unauthenticated malicious party could, by exploiting the vulnerability, perform a directory traversal and thereby gain access to system data. This data could potentially be used to setting up further...

7.5CVSS6.9AI score0.01765EPSS
Exploits0
NCSC
NCSC
•added 2022/12/22 12:0 a.m.•7 views

Vulnerability fixed in NetApp OnCommand Insight

NetApp has fixed a vulnerability in OnCommand Insight. A unauthenticated malicious person with access to the management interface, could exploit the vulnerability to obtain system data and cause a denial-of-service cause. The vulnerability does not allow the malicious party to access the collecte...

8.6CVSS6.8AI score0.00529EPSS
Exploits0
NCSC
NCSC
•added 2022/12/22 12:0 a.m.•4 views

Vulnerabilities fixed in Mattermost

Unspecified vulnerabilities have been fixed in MatterMost. Mattermost has not released any substantive information released, but estimates the severity of the vulnerabilities as MEDIUM. The grading of this security advisory is accordingly accordingly. MatterMost indicates in accordance with their...

6.8AI score
Exploits0
NCSC
NCSC
•added 2022/12/21 12:0 a.m.•9 views

Vulnerability discovered in pfSense pfBlockerNG

Researchers have discovered a vulnerability in the pfBlockerNG package of pfSense. A malicious person could exploit it to execute arbitrary OS commands on the vulnerable system, when the malicious party has access to the web console of pfSense. It is good practice not to have such a console...

9.8CVSS7.5AI score0.17107EPSS
Exploits1
NCSC
NCSC
•added 2022/12/21 12:0 a.m.•3 views

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL. The vulnerabilities allow a malicious party the ability to bypass a security measure or cause a denial-of-service. The developers of cURL have released updates to fix the vulnerabilities. For more information, see: https://curl.se/docs/CVE-2022-43551.html...

7.5CVSS6.8AI score0.1654EPSS
Exploits2
NCSC
NCSC
•added 2022/12/21 12:0 a.m.•6 views

Vulnerability fixed in Dell Openmanage

A vulnerability has been fixed in Dell Openmanage Server Administrator OMSA. An authenticated malicious party can exploit the exploit the vulnerability to grant themselves elevated privileges on the vulnerable system and thereby execute arbitrary code with privileges of the system. This...

7.8CVSS7.2AI score0.00186EPSS
Exploits0
NCSC
NCSC
•added 2022/12/19 12:0 a.m.•6 views

Vulnerabilities fixed in Samba

Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious party to obtain elevated privileges or to obtain sensitive data. The vulnerabilities marked CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023 are vulnerabilities in RC4-HMAC that were previously fixed by Microsoft. Th...

9.8CVSS6.7AI score0.04488EPSS
Exploits0
NCSC
NCSC
•added 2022/12/19 12:0 a.m.•5 views

Vulnerability fixed in OTRS

A vulnerability has been fixed in OTRS. The vulnerability allows an authenticated malicious person to perform an SQL injection. execute. OTRS instances are only vulnerable if the TicketSearch Web service is configured. OTRS developers have released updates to fix the vulnerability. More informati...

9.8CVSS7.1AI score0.00715EPSS
Exploits0
NCSC
NCSC
•added 2022/12/19 12:0 a.m.•8 views

Vulnerabilities fixed in HCL Domino and HCL Notes

Vulnerabilities have been fixed in HCL Domino and HCL Notes. The vulnerabilities allow an unauthenticated remote malicious person to remotely capable of executing arbitrary code. HCL has released updates to fix the vulnerabilities. More information can be found on the pages below: HCL Domino:...

9.8CVSS7AI score0.16379EPSS
Exploits0
NCSC
NCSC
•added 2022/12/16 12:0 a.m.•6 views

Vulnerability fixed in Exact Synergy

A vulnerability has been fixed in Exact Synergy Enterprise. The vulnerability allows a malicious party to use Cross-Site Scripting XSS to execute arbitrary code under the rights of the user. A malicious party needs to be authenticated to be able to see within the application a profile picture, in...

7.8CVSS6.8AI score0.00223EPSS
Exploits0
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•3 views

Vulnerabilities fixed in Apple Safari

Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Access to sensitive data Access to system data Apple states that it is aware of...

8.8CVSS7.6AI score0.34574EPSS
Exploits2
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•26 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of authentication Remote code...

9.8CVSS6.1AI score0.44678EPSS
Exploits15
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•3 views

Vulnerabilities fixed in X.Org X Server

Vulnerabilities have been fixed in X.Org X Server. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Increased user privileges Misuse of the...

8.8CVSS8AI score0.02685EPSS
Exploits0
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•5 views

Vulnerability fixed in IBM Spectrum Protect Plus

A vulnerability has been fixed in IBM Spectrum Protect Plus. The vulnerability allows a malicious person to access gain access to sensitive data. The malicious party can alter the communication flow via a Man-in-the-Middle attack between Spectrum Protect Plus vSnap and associated agents because i...

6.8CVSS6.5AI score0.00387EPSS
Exploits0
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•16 views

Vulnerabilities fixed in IBM AIX

Vulnerabilities have been fixed in IBM AIX. The vulnerabilities allow a malicious party to obtain elevated user privileges and cause a denial-of-service DoS cause. The vulnerability with attribute CVE-2022-41290 and a CVSSv3 score of 8.4 enables an unauthenticated malicious person to obtain root...

8.4CVSS7.1AI score0.00189EPSS
Exploits0
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•6 views

Vulnerabilities fixed in Lansweeper

Vulnerabilities have been fixed in Lansweeper. The vulnerabilities allow a malicious party to access sensitive data and to execute arbitrary code execute arbitrary code under administrator/root privileges. The vulnerabilities marked CVE-2022-32573 and CVE-2022-29517 are exploited by sending a rog...

9.9CVSS8AI score0.60199EPSS
Exploits5
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•5 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication. Remote code execution Administrator/Root rights...

9.8CVSS8AI score0.44678EPSS
Exploits14
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•5 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities allow an unauthenticated remote malicious person to cause a denial-of-service DoS or execute arbitrary code. execute. To do so, the malicious party must trick the victim into entice the victim to open malicious content. Google has...

8.8CVSS7.5AI score0.00651EPSS
Exploits0
NCSC
NCSC
•added 2022/12/15 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...

9.8CVSS7.3AI score0.00921EPSS
Exploits0
NCSC
NCSC
•added 2022/12/14 12:0 a.m.•41 views

Vulnerabilities fixed in several VMware products

VMWare has fixed several vulnerabilities in its products: VMware Workspace ONE Access and Identity Manager, VMware ESXi, VMware Workstation Pro / Player, VMware Fusion Pro / Fusion, VMware Cloud Foundation and VMware vRealize Impact A malicious party could potentially exploit the vulnerabilities ...

9.8CVSS8AI score0.01792EPSS
Exploits1
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•12 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in the various Developer Tools. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Increased user privileges The vulnerability in...

8.5CVSS7.5AI score0.61605EPSS
Exploits4
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•17 views

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Increased user privileges The tables below provide an...

7.8CVSS6.3AI score0.00519EPSS
Exploits0
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•17 views

Vulnerability fixed in Microsoft Apps

A vulnerability has been fixed in Windows Terminal. The vulnerability allows a local malicious person to execute arbitrary code to execute arbitrary code. To exploit the vulnerability, the malicious party must trick the victim into downloading and opening a rogue file. download and open it. Windo...

7.8CVSS6.6AI score0.01365EPSS
Exploits0
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•10 views

Vulnerability fixed in Citrix Gateway and ADC

Citrix has fixed a vulnerability in Citrix Gateway and Citrix ADC. An unauthenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code. To do so, rogue network traffic must be sent to the vulnerable system be sent. Gateway and ADC systems are only...

9.8CVSS9.4AI score0.06931EPSS
Exploits1
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote co...

8.5CVSS7.7AI score0.76106EPSS
Exploits6
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•5 views

Vulnerabilities fixed in Ubuntu

Vulnerabilities have been fixed in the Linux kernel as used by Ubuntu. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Access to sensitive data -= Ubunt...

7.8CVSS7AI score0.21314EPSS
Exploits3
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•2 views

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. The vulnerabilities allow a malicious person to impersonate as another user or obtain elevated privileges. Microsoft Edge Chromium-based: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

8.3CVSS6.2AI score0.01887EPSS
Exploits0
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•9 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User Rights...

9.9CVSS8.9AI score0.99931EPSS
Exploits45
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Dynamics

A vulnerability has been fixed in Microsoft Dynamics Business Central. The vulnerability allows an authenticated malicious person remotely able to execute arbitrary code on the host OS of the system on which Microsoft Dynamics Business Central is is installed on. To properly exploit this...

8.5CVSS7.2AI score0.0157EPSS
Exploits0
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•32 views

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in Microsoft Office. The vulnerabilities allow a malicious person to impersonate as another user, to execute arbitrary code under the user's privileges or obtain elevated privileges. To exploit the vulnerabilities marked CVE-2022-44690 and CVE-2022-44693 CVSS 8.8,...

8.8CVSS7.4AI score0.82081EPSS
Exploits0
NCSC
NCSC
•added 2022/12/13 12:0 a.m.•17 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Mendix, among others, Nucleus NET, RUGGEDCOM, SCALANCE, SICAM, SIMATIC, SIPROTEC and SIMATIC WinCC-OA. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF...

10CVSS7.3AI score0.92488EPSS
Exploits47
NCSC
NCSC
•added 2022/12/12 12:0 a.m.•6 views

Vulnerability fixed in FortiOS SSL-VPN

Fortinet has fixed a vulnerability in FortiOS SSL-VPN. A unauthenticated remote malicious party can exploit the vulnerability exploit it to execute arbitrary code. This requires malicious network traffic must be sent to the vulnerable interface sent. Fortinet says it is aware of an incident in...

9.8CVSS7.5AI score0.99474EPSS
Exploits11
NCSC
NCSC
•added 2022/12/09 12:0 a.m.•7 views

Vulnerabilities fixed in VMware vCenter and ESXi

VMWare has fixed several vulnerabilities in vCenter Server and ESXi. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to gain access to sensitive data, including cleat-text passwords and, under certain circumstances to break out of the sandbox of a guest environme...

8.8CVSS7AI score0.47795EPSS
Exploits0
NCSC
NCSC
•added 2022/12/09 12:0 a.m.•3 views

Vulnerabilities fixed in NetApp Clustered Data ONTAP

NetApp has fixed several vulnerabilities in Clustered Data ONTAP. The vulnerabilities are in underlying libraries such as libcurl, libexpat and libxml2. The vulnerabilities allow a malicious party to cause a denial-of-service, gain access to sensitive data and/or manipulate it. NetApp has release...

9.8CVSS8.8AI score0.3197EPSS
Exploits9
NCSC
NCSC
•added 2022/12/09 12:0 a.m.•9 views

Vulnerability fixed in Cisco IP phones

Cisco has fixed a vulnerability in the firmware for Cisco IP phones series 7800 and 8800. An unauthenticated malicious person with access to the phone network could exploit the vulnerability to cause cause a stack overflow on the vulnerable device. With this causes a denial-of-service and allows...

8.8CVSS7.9AI score0.06099EPSS
Exploits0
NCSC
NCSC
•added 2022/12/08 12:0 a.m.•4 views

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. An unauthenticated malicious party can gain access to the remoteagent.php file. By bypassing the authentication of this file...

9.8CVSS7.8AI score0.99826EPSS
Exploits48
NCSC
NCSC
•added 2022/12/07 12:0 a.m.•6 views

Vulnerabilities fixed in MobaXterm

Vulnerabilities have been fixed in Mobatek MobaXterm. The vulnerability allows a malicious party to bypass authentication bypass and connect unauthenticated via the SSH or SFTP protocol. Furthermore, a malicious party can perform a denial-of-service DoS exploit on the SFTP protocol. The...

9.1CVSS7.2AI score0.00829EPSS
Exploits1
NCSC
NCSC
•added 2022/12/07 12:0 a.m.•5 views

Vulnerabilities fixed in Aruba ClearPass

Aruba Networks has fixed vulnerabilities in ClearPass. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights...

8.8CVSS7.5AI score0.23061EPSS
Exploits1
NCSC
NCSC
•added 2022/12/07 12:0 a.m.•32 views

Vulnerabilities fixed in Fortinet products

Vulnerabilities have been fixed in Fortinet products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication SQL Injection Accessing system data The vulnerability with...

9.8CVSS6.9AI score0.00889EPSS
Exploits0
NCSC
NCSC
•added 2022/12/06 12:0 a.m.•14 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm and Mediatek. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that lead to the following...

9.8CVSS6.4AI score0.08854EPSS
Exploits3
NCSC
NCSC
•added 2022/12/05 12:0 a.m.•2 views

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...

8.8CVSS7.3AI score0.16109EPSS
Exploits2
Total number of security vulnerabilities4209