Lucene search
K

4209 matches found

NCSC
NCSC
•added 2022/12/02 12:0 a.m.•3 views

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in the Asterisk VoIP server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The vulnerability with...

7.5CVSS8.2AI score0.01236EPSS
Exploits0
NCSC
NCSC
•added 2022/12/02 12:0 a.m.•7 views

Vulnerabilities fixed in Sophos firewall

Sophos has fixed several vulnerabilities in Sophos firewall. A malicious party could exploit the vulnerabilities to obtain system data through API calls and Cross-Site-Scripting XSS attacks. In addition, arbitrary code can be executed if the malicious party has gained management rights or gained...

9.8CVSS7AI score0.98905EPSS
Exploits0
NCSC
NCSC
•added 2022/12/02 12:0 a.m.•2 views

Vulnerabilities fixed in WordPress

Vulnerabilities have been fixed in WordPress. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site Scripting XSS SQL Injection Access to sensitive data No CVE features have been made available at...

6.9AI score
Exploits0
NCSC
NCSC
•added 2022/12/02 12:0 a.m.•2 views

Vulnerability fixed in Grafana

Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code in the browser on a victim's victim's system. To do this, the malicious party must trick the entice the victim to click on a rogue link. Grafana...

8.7CVSS9.5AI score0.68603EPSS
Exploits0
NCSC
NCSC
•added 2022/12/02 12:0 a.m.•4 views

Vulnerabilities fixed in MISP

The MISP project has fixed two vulnerabilities in MISP. A malicious party can exploit the vulnerabilities to manipulate threat information when shared via Galaxy Clusters and/or Tags. No CVE ID has yet been released for these vulnerabilities and little further little substantive information known...

6.5AI score
Exploits0
NCSC
NCSC
•added 2022/12/01 12:0 a.m.•8 views

Vulnerabilities fixed in Zimbra Collaboration

Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party could exploit the vulnerabilities to use a Cross-site scripting attack to gain access to sensitive data, or to execute arbitrary code on the system. To execute arbitrary code, the malicious party needs prior authenticatio...

8.6CVSS9.4AI score0.19008EPSS
Exploits1
NCSC
NCSC
•added 2022/12/01 12:0 a.m.•4 views

Vulnerabilities fixed in NVIDIA GPU Display Driver

NVIDIA has fixed vulnerabilities in the GPU Display Driver for Linux and Windows. The vulnerabilities allow a malicious person to able to perform exploits that could lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...

8.8CVSS8.1AI score0.01387EPSS
Exploits0
NCSC
NCSC
•added 2022/11/30 12:0 a.m.•5 views

Vulnerabilities fixed in Aruba AirWave Management Platform

Aruba has fixed vulnerabilities in the AirWave Management Platform. The vulnerabilities allow an authenticated user, without administrator privileges, may be able to perform to perform administrative tasks within the application. Aruba indicates that at least viewing and modifying network...

8.1CVSS6.9AI score0.0076EPSS
Exploits0
NCSC
NCSC
•added 2022/11/30 12:0 a.m.•5 views

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google has...

8.8CVSS7.6AI score0.23918EPSS
Exploits1
NCSC
NCSC
•added 2022/11/28 12:0 a.m.•4 views

Vulnerability fixed in Erlang OTP

Erlang developers have fixed a vulnerability in Erlang OTP. A malicious party could exploit the vulnerability to gain access to sensitive data, when using Erlang SSL in combination with client authentication. Erlang has released updates to fix the vulnerability in OTP 25.1; for more information,...

9.8CVSS8.7AI score0.01167EPSS
Exploits0
NCSC
NCSC
•added 2022/11/25 12:0 a.m.•3 views

Vulnerability fixed in Exim

A vulnerability has been fixed in Exim. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service DoS attack. The way regular expressions are processed in configuration files processed can lead to a crash under certain circumstances. To do so, the...

7.5CVSS6.5AI score0.03661EPSS
Exploits0
NCSC
NCSC
•added 2022/11/25 12:0 a.m.•5 views

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...

9.6CVSS7.3AI score0.31864EPSS
Exploits1
NCSC
NCSC
•added 2022/11/25 12:0 a.m.•5 views

Vulnerability fixed in IBM DB2

A vulnerability has been fixed in IBM DB2. This vulnerability allows a malicious party to perform a denial-of-service DoS cause by using the db2expln tool and entering an incorrect SQL statement into it. IBM has made an update available to fix the vulnerability. fix. For more information, see:...

6.5CVSS7.3AI score0.01079EPSS
Exploits0
NCSC
NCSC
•added 2022/11/24 12:0 a.m.•5 views

Vulnerabilities fixed in Mattermost Server

Two vulnerabilities have been fixed in Mattermost Server. The vulnerabilities allow an authenticated remote malicious person able to perform a denial-of-service attack by crashing the server crashing the server. To do this, the malicious party must send multiple prepared requests to the server...

6.5CVSS7.2AI score0.01069EPSS
Exploits1
NCSC
NCSC
•added 2022/11/24 12:0 a.m.•4 views

Vulnerabilities fixed in ImageMagick

Several vulnerabilities have been fixed in ImageMagick. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to have a specially prepared file to be processed by the victim. Given the use of ImageMagick, it is possible...

7.8CVSS6.8AI score0.0238EPSS
Exploits2
NCSC
NCSC
•added 2022/11/24 12:0 a.m.•6 views

Vulnerabilities fixed in SolarWinds products

Vulnerabilities have been fixed in several SolarWinds products, including Platform and Orion. The vulnerabilities allow an authenticated malicious person able to execute arbitrary code execute under application permissions or to elevate permissions. SolarWinds has released updates to address the...

8.8CVSS7.5AI score0.16813EPSS
Exploits0
NCSC
NCSC
•added 2022/11/23 12:0 a.m.•4 views

Vulnerability fixed in Red Hat OpenShift

A vulnerability has been fixed in the go-restful component of Red Hat OpenShift. A remote malicious agent could potentially exploit it to bypass authentication on a specific endpoint bypass. To do this, the malicious party must use the AllowedDomains Cross-Origin Resource Sharing CORS filter. Red...

9.3CVSS9.4AI score0.02737EPSS
Exploits1
NCSC
NCSC
•added 2022/11/22 12:0 a.m.•5 views

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. A malicious person can by importing a prepared XAR file can exploit the exploit the vulnerability to view or edit any page, whereas it should be editing, when it should not be available to the malicious party. Also, potentially sensitive information can b...

9.6CVSS6.7AI score0.00732EPSS
Exploits0
NCSC
NCSC
•added 2022/11/22 12:0 a.m.•4 views

Vulnerability in HPE OfficeConnect switches

HP Enterprise has fixed a vulnerability in several OfficeConnect switches. The vulnerability allows a malicious party to able to bypass authentication. The malicious party can use the acquired access to the switch to execute code on the underlying system with the privileges of the root user...

9.8CVSS7.2AI score0.02641EPSS
Exploits1
NCSC
NCSC
•added 2022/11/18 12:0 a.m.•5 views

Vulnerability fixed in F-Secure Policy Manager

A vulnerability has been fixed in F-Secure Policy Manager from WithSecure. The vulnerability allows an authenticated malicious person able to write files to the server on which the application is running on. This can have several possible types of impact have, such as denial of service or executi...

9.8CVSS7AI score0.00828EPSS
Exploits0
NCSC
NCSC
•added 2022/11/17 12:0 a.m.•4 views

Vulnerability fixed in Atlassian Crowd

A vulnerability has been fixed in Atlassian Crowd. This vulnerability allows a malicious person to, through a configuration error to authenticate itself and thereby interact with the user management REST API. In doing so, the IP of the attacker must be on the allow list, which is not the default...

9.8CVSS6.7AI score0.00888EPSS
Exploits0
NCSC
NCSC
•added 2022/11/17 12:0 a.m.•3 views

Vulnerabilities fixed in F5 products

Vulnerabilities have been fixed in F5 products. The vulnerability with reference CVE-2022-41622 allows a remote malicious person to remote user to perform a cross-site request forgery attack. execute. A malicious party could use this vulnerability to cause a user with elevated privileges to perfo...

8.8CVSS7AI score0.87987EPSS
Exploits9
NCSC
NCSC
•added 2022/11/17 12:0 a.m.•2 views

Vulnerability fixed in Bitbucket Server and Data Center

A vulnerability has been fixed in Bitbucket Server and Data Center. The vulnerability allows a malicious person to execute arbitrary code by manipulating environment variables manipulating environment variables within the application. This requires the malicious person to be able to modify his...

9.8CVSS7.3AI score0.98076EPSS
Exploits3
NCSC
NCSC
•added 2022/11/17 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco Identity Services Engine (ISE).

Vulnerabilities have been fixed in Cisco Identity Services Engine ISE. The vulnerabilities allow an authenticated malicious person remotely able to execute arbitrary commands, bypass a bypass a security measure or perform Cross Site Scripting XSS attacks. Cisco has released hot patches to address...

8.8CVSS6.9AI score0.30649EPSS
Exploits0
NCSC
NCSC
•added 2022/11/17 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat Satellite

Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Administrator/Root rights SQL Injection Access to sensitiv...

9.8CVSS7.2AI score0.73274EPSS
Exploits6
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•3 views

Vulnerability fixed in Sophos UTM

A vulnerability has been fixed in Sophos UTM. The vulnerability allows an authenticated remote malicious person to perform an SQL injection to execute, potentially obtaining sensitive data. obtain. The vulnerability is located in the quarantine manager of the email component of Sophos UTM. Sophos...

6.8AI score
Exploits0
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•5 views

Vulnerabilities fixed in Heimdal

Vulnerabilities have been fixed in Heimdal, an implementation of ASN.1/DER, PFIX and Kerberos. The vulnerabilities allow a remote malicious party to potentially execute arbitrary code execute in Heimdal's Key Distribution Center KDC, obtain secret keys obtain secret keys when using 1DES, 3DES, or...

9.8CVSS8.9AI score0.06419EPSS
Exploits1
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•3 views

Vulnerabilities fixed in Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...

9.8CVSS8.6AI score0.0176EPSS
Exploits0
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•4 views

Vulnerability fixed in Node.js

A vulnerability has been fixed in nodejs. The vulnerability allows a remote malicious person to execute arbitrary code. execute. This is caused by the inspect parameter and the allowing incorrect octal IP addresses, leading to DNS rebinding. Node.js has released updates to fix the vulnerability i...

8.1CVSS7.3AI score0.14024EPSS
Exploits0
NCSC
NCSC
•added 2022/11/16 12:0 a.m.•6 views

Vulnerability fixed in RICOH Aficio SP 4210N

A vulnerability has been fixed in RICOH Aficio SP 4210N. The vulnerability allows a remote malicious person to perform a Cross-Site Scripting attack. To exploit this vulnerability exploitation requires access to the Web Image Monitor. RICOH has released updates to fix the vulnerability. More...

4.8CVSS6.4AI score0.00598EPSS
Exploits0
NCSC
NCSC
•added 2022/11/15 12:0 a.m.•6 views

Vulnerability fixed in Zoom

A vulnerability has been fixed in Zoom. The vulnerability allows a local malicious party to gain access to sensitive data, such as meeting data and chat messages sent during meetings. This is caused by a combination of insufficient cleaning of the data after the meeting is closed and the use of a...

3.3CVSS6.8AI score0.00268EPSS
Exploits0
NCSC
NCSC
•added 2022/11/15 12:0 a.m.•5 views

Vulnerabilities fixed in IBM WebSphere Application Server

Vulnerabilities have been fixed in IBM HTTP Server, part of IBM WebSphere Application Server. The vulnerabilities are specifically in the libexpat component of the product. For more information about the vulnerability in libexpat, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0684 The...

7.5CVSS7.8AI score0.20093EPSS
Exploits3
NCSC
NCSC
•added 2022/11/15 12:0 a.m.•8 views

Vulnerabilities fixed in Liferay Portal

Vulnerabilities have been fixed in Liferay Portal. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Remote code execution User Rights SQL Injection Access to sensitiv...

9.8CVSS7.5AI score0.00729EPSS
Exploits1
NCSC
NCSC
•added 2022/11/14 12:0 a.m.•9 views

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in MQ Internet Pass-Thru. The vulnerability allows a local malicious party to potentially see sensitive information in trace files of the application when this feature is enabled. IBM has released updates to fix the vulnerabilities in MQ. For more information, see:...

5.5CVSS6.5AI score0.00171EPSS
Exploits0
NCSC
NCSC
•added 2022/11/14 12:0 a.m.•9 views

Vulnerabilities fixed in IBM Db2

IBM has released updates to fix vulnerabilities in DB2. With the exception of CVE-2022-22390, the vulnerabilities are located in the log4j component of the application. For more information about the log4j vulnerabilities, see: https://www.ncsc.nl/actueel/advisory?id=NCSC-2021-1052 The...

10CVSS9.3AI score0.99999EPSS
Exploits360
NCSC
NCSC
•added 2022/11/14 12:0 a.m.•4 views

Vulnerabilities fixed in PHP

Vulnerabilities have been fixed in PHP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data PHP developers have released updates to...

9.8CVSS7.4AI score0.49336EPSS
Exploits6
NCSC
NCSC
•added 2022/11/11 12:0 a.m.•6 views

Vulnerability fixed in Brocade Fabric OS

A vulnerability has been fixed in Brocade Fabric OS. The vulnerability allows an unauthenticated remote malicious person able to execute commands. These commands allow the malicious party change zoning, disable the switch, disable ports disable ports, and change the switch's IP address. Broadcom...

9.8CVSS7.3AI score0.01546EPSS
Exploits2
NCSC
NCSC
•added 2022/11/11 12:0 a.m.•8 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. A malicious party could exploit the vulnerabilities to grant themselves elevated user privileges and/or gain access to sensitive data. To exploit the vulnerabilities, the malicious party needs prior privileges to execute arbitrary code with...

7.8CVSS7.8AI score0.00767EPSS
Exploits0
NCSC
NCSC
•added 2022/11/11 12:0 a.m.•6 views

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in QRadar SIEM and in the QRadar Assistant App. A malicious party could potentially exploit them for attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS9.1AI score0.2241EPSS
Exploits15
NCSC
NCSC
•added 2022/11/10 12:0 a.m.•2 views

Vulnerabilities fixed in Grafana

Grafana Labs has fixed vulnerabilities in Grafana. A malicious party could potentially exploit the vulnerabilities to retrieve discover user accounts, use password resets to appropriate an account, or in specific cases where an environment is heavily loaded, to cause a race condition and thus gai...

9.8CVSS9.6AI score0.00922EPSS
Exploits0
NCSC
NCSC
•added 2022/11/10 12:0 a.m.•63 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in the following Cisco products: Cisco Adaptive Security Appliance ASA. Cisco Firepower Management Center Cisco Firepower Threat Defense Cisco Secure Firewall Snort The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the...

8.8CVSS6.9AI score0.01385EPSS
Exploits0
NCSC
NCSC
•added 2022/11/09 12:0 a.m.•4 views

Vulnerabilities fixed in FoxIT PDF Reader and Editor

FoxIT has fixed vulnerabilities in PDF Reader and PDF Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to execute code in the victim's scope. The malicious party must trick the victim into opening a rogue file to open. FoxI...

8.8CVSS7.5AI score0.0135EPSS
Exploits3
NCSC
NCSC
•added 2022/11/09 12:0 a.m.•4 views

Vulnerabilities fixed in VMware Workspace ONE Assist

Vulnerabilities have been fixed in VMware Workspace ONE Assist. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Bypassing security measure Remote code execution...

9.8CVSS7AI score0.00954EPSS
Exploits0
NCSC
NCSC
•added 2022/11/09 12:0 a.m.•7 views

Vulnerabilities fixed in Intel Products

Intel has fixed vulnerabilities in the firmware of chipsets from Active Management Technology AMT, Server Platform Services SPS, and PROSet/Wireless WiFi. The vulnerabilities allow a malicious able to perform a denial-of-service DoS or obtain elevated user privileges. Intel has released updates t...

9.8CVSS7AI score0.00654EPSS
Exploits0
NCSC
NCSC
•added 2022/11/09 12:0 a.m.•5 views

Vulnerability fixed in IBM Security Access Manager

A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows an authenticated remote malicious party to remote user to perform a Cross-Site Scripting attack on the admin console. IBM has released updates to fix the vulnerabilities. More information can be found on...

5.4CVSS5.8AI score0.00371EPSS
Exploits0
NCSC
NCSC
•added 2022/11/09 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious party to cause a denial-of-service DoS cause or execute arbitrary code under the privileges of the user. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual,...

9.6CVSS9.6AI score0.00706EPSS
Exploits0
NCSC
NCSC
•added 2022/11/08 12:0 a.m.•58 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Denial-of-Service DoS Remote code execution User rights Access to sensitive data Access to system data Increased user privileges This update also...

9.8CVSS7.5AI score0.00833EPSS
Exploits2
NCSC
NCSC
•added 2022/11/08 12:0 a.m.•2 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics. An authenticated malicious party could exploit the vulnerability to gain access to sensitive data. The table below lists the vulnerability fixed by Microsoft with the corresponding CVSSv3 score. Microsoft Dynamics:...

4.4CVSS6AI score0.01066EPSS
Exploits0
NCSC
NCSC
•added 2022/11/08 12:0 a.m.•13 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive dat...

8.8CVSS8.5AI score0.24623EPSS
Exploits1
NCSC
NCSC
•added 2022/11/08 12:0 a.m.•11 views

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to execute arbitrary code under the privileges of the user. The vulnerabilities marked CVE-2022-3602 and CVE-2022-3786 are located in OpenSSL and were previously...

9.8CVSS7.5AI score0.92488EPSS
Exploits7
Total number of security vulnerabilities4209