Lucene search
K

4209 matches found

NCSC
NCSC
•added 2022/09/28 12:0 a.m.•5 views

Researcher discovered vulnerabilities in Layer-2 managed switches

A researcher has found vulnerabilities in network security techniques at the Layer-2 level. The vulnerabilities reside in the fact that the QinQ functionality IEEE 802.1ad standard incorrectly allows VLAN 0 priority tag and 802.2 LLC/SNAP headers can be stacked multiple define VLANs within VLANs....

4.7CVSS6.8AI score0.0071EPSS
Exploits1
NCSC
NCSC
•added 2022/09/27 12:0 a.m.•5 views

Vulnerability fixed in Redis

A vulnerability has been fixed in Redis. The vulnerability allows a malicious party to use heap overflow to execute arbitrary code with user privileges or a denial-of-service DoS. To exploit the vulnerability, a malicious party must issue an XAUTOCLAIM command with a rogue COUNT argument on a key...

9.8CVSS7.2AI score0.02904EPSS
Exploits0
NCSC
NCSC
•added 2022/09/27 12:0 a.m.•1 views

Vulnerabilities fixed in Squid

Vulnerabilities have been fixed in Squid. The vulnerabilities allow a malicious party the ability to access sensitive data obtain or cause a denial-of-service. The developers of Squid have released an update to fix the vulnerability with reference CVE-2022-41317. For more information, see:...

8.6CVSS7.2AI score0.0282EPSS
Exploits0
NCSC
NCSC
•added 2022/09/27 12:0 a.m.•4 views

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana. The vulnerability allows a remote malicious person to obtain elevated privileges. obtain. Grafana has released updates to fix the vulnerability. More information can be found on the page below: https://github.com/grafana/grafana/security/advisories...

7.6CVSS9.2AI score0.00612EPSS
Exploits0
NCSC
NCSC
•added 2022/09/27 12:0 a.m.•3 views

Vulnerabilities fixed in Veritas NetBackup

Vulnerabilities have been fixed in Veritas NetBackup Server and Client. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data The vulnerabilities with CVSS3 scores 9.0 and 8.0...

8AI score
Exploits0
NCSC
NCSC
•added 2022/09/26 12:0 a.m.•6 views

Vulnerability fixed in Sophos Firewall

A vulnerability has been fixed in Sophos Firewall.The vulnerability is located in the User Portal and Webadmin of the Sophos Firewall. The vulnerability allows a remote malicious person able to execute arbitrary code. Sophos has indicated that this vulnerability is being exploited on a limited...

9.8CVSS7.1AI score0.98905EPSS
Exploits0
NCSC
NCSC
•added 2022/09/26 12:0 a.m.•5 views

Vulnerabilities fixed in HPE Integrated Lights-Out (ILO)

Vulnerabilities have been fixed in HPE Integrated Lights-Out ILO. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data For all vulnerabilities...

8.8CVSS7.6AI score0.0054EPSS
Exploits0
NCSC
NCSC
•added 2022/09/26 12:0 a.m.•11 views

Vulnerabilities fixed in WhatsApp

Two vulnerabilities have been fixed in WhatsApp. The vulnerability with reference CVE-2022-36934 allows a remote malicious person to able to execute arbitrary code during a video call. The vulnerability with attribute CVE-2022-27492 allows a remote malicious person to remotely able to execute...

9.8CVSS7.9AI score0.01961EPSS
Exploits1
NCSC
NCSC
•added 2022/09/26 12:0 a.m.•3 views

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Manipulation of data Spoofing Access to sensitive data Node.js developers have released updates to address the vulnerabilities. More...

9.1CVSS6.5AI score0.68796EPSS
Exploits5
NCSC
NCSC
•added 2022/09/21 12:0 a.m.•3 views

Vulnerabilities fixed in BIND

ISC has fixed several vulnerabilities in BIND. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND. For more information, see: https://kb.isc.org/docs/cve-2022-2795...

8.2CVSS8.1AI score0.02299EPSS
Exploits0
NCSC
NCSC
•added 2022/09/21 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to execute arbitrary execute code under the user's privileges or to access gain access to sensitive data within the scope of the application. Mozilla has released updates to fix the...

8.8CVSS7.3AI score0.01342EPSS
Exploits0
NCSC
NCSC
•added 2022/09/16 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to execute arbitrary code or cause a denial-of-service. As usual, few technical details about the vulnerabilities publicly available made available...

8.8CVSS7.9AI score0.01908EPSS
Exploits0
NCSC
NCSC
•added 2022/09/16 12:0 a.m.•4 views

Vulnerabilities fixed in Synology DiskStation Manager

Vulnerabilities have been fixed in GLPI for Synology DiskStation Manager. An unauthenticated malicious person could exploit them to perform SQL injections and gain accessing sensitive data. Synology has made updates available to address the vulnerabilities. fixes. For more information, see:...

10CVSS7.6AI score0.00981EPSS
Exploits0
NCSC
NCSC
•added 2022/09/15 12:0 a.m.•2 views

Vulnerability found in Microsoft Teams

Researchers from security firm Vectra have found a vulnerability found in the Microsoft Teams user application. The vulnerability allows a malicious party to obtain obtain authentication tokens from users and thereby perform actions with the victim's privileges. The vulnerability has not been...

6.8AI score
Exploits0
NCSC
NCSC
•added 2022/09/15 12:0 a.m.•2 views

Vulnerabilities fixed in Linux Kernel

Vulnerabilities have been fixed in the Linux Kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Increased user...

7.8CVSS7.4AI score0.05871EPSS
Exploits19
NCSC
NCSC
•added 2022/09/14 12:0 a.m.•4 views

Vulnerabilities fixed IBM Integration Bus and App Connect Enterprise

IBM has fixed vulnerabilities in the Node.js and OpenSSL components of the Integration Bus and App Connect Enterprise. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of...

8.1CVSS6.5AI score0.81464EPSS
Exploits4
NCSC
NCSC
•added 2022/09/14 12:0 a.m.•50 views

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in several products. A malicious party can exploit these vulnerabilities to gain accessing files, executing arbitrary code and cause a denial-of-service. For most vulnerabilities successful exploitation requires that the victim be entice the victim to perform a...

7.8CVSS7.5AI score0.36756EPSS
Exploits0
NCSC
NCSC
•added 2022/09/14 12:0 a.m.•4 views

Vulnerabilities fixed in Zoom

Vulnerabilities have been fixed in Zoom. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Accessing sensitive data The vulnerabilities with characteristics CVE-2022-28758 and...

8.6CVSS6.7AI score0.00578EPSS
Exploits0
NCSC
NCSC
•added 2022/09/14 12:0 a.m.•6 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of authentication Remote code execution Administrator/Root rights Access to...

9.8CVSS7.7AI score0.03054EPSS
Exploits0
NCSC
NCSC
•added 2022/09/14 12:0 a.m.•80 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privileges SAP...

8.1CVSS6.2AI score0.22224EPSS
Exploits6
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•5 views

Vulnerabilities fixed in macOS

Apple has fixed vulnerabilities in macOS Big Sur and Monterey. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution Kernel/Root permissions. Access to sensitive data Access to system data Increased...

7.8CVSS7.4AI score0.05557EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•5 views

Vulnerabilities fixed in Safari

Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious party to execute arbitrary code execute within the scope of the browser and to spoof user interfaces. spoofing. To do this, however, the malicious party must entice the victim to open rogue content. -= Apple =- Apple...

8.8CVSS7.1AI score0.01413EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•3 views

Vulnerabilities fixed in iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution Kernel/Root permissions Access to sensitive data Access to system data Increased user privileg...

8.8CVSS7.4AI score0.05557EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•7 views

Vulnerabilities fixed in Sophos Firewall

Sophos has fixed vulnerabilities in Sophos Firewall. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks leading to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights Remote...

10CVSS7.5AI score0.99796EPSS
Exploits14
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•22 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Bypassing security measure Remote code execution Administrator/Roo...

9.8CVSS6.3AI score0.85762EPSS
Exploits13
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•15 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in RUGGEDCOM, SCALANCE and SIMATIC products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication. Remote co...

9.8CVSS6.9AI score0.78675EPSS
Exploits19
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•5 views

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in AIX. The vulnerabilities allow a local malicious person to obtain elevated privileges. obtain. To do so, a rogue command must be executed on the vulnerable system must be executed. IBM has made updates available to address the vulnerabilities. fix. For more...

8.4CVSS6.7AI score0.00214EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Azure

A vulnerability has been fixed in Microsoft Azure. A authenticated malicious party could potentially abuse it to obtain elevated privileges and execute arbitrary code under root privileges. Microsoft indicates that proof-of-concept code is known for this vulnerability. Microsoft has made updates...

7.8CVSS7.2AI score0.00627EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in .NET and Visual Studio. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to obtain elevated privileges obtain and execute code with the victim's privileges. The vulnerabilities are located in the development environments o...

7.8CVSS7.6AI score0.03233EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•15 views

Vulnerabilities fixed in Microsoft Office products

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application. To execute code in Office and Visio, the malicious party does not need prior authentication, but needs to trick the vict...

8.8CVSS7.3AI score0.52885EPSS
Exploits5
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Microsoft Dynamics. A authenticated malicious person could exploit the vulnerabilities to execute SQL injections, and thus arbitrary code within the context of the database, with dbowner privileges. The tables below list the vulnerabilities fixed by Microsof...

8.8CVSS7.5AI score0.03236EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•4 views

Vulnerability fixed in IBM WebSphere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. An authenticated malicious person could exploit the vulnerability potentially exploit it to perform a cross-site scripting attack. Through such an attack, the malicious party could execute code in the browser of the victim and thus be...

5.4CVSS6.6AI score0.00427EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Defender

Microsoft has fixed a vulnerability in Defender Endpoint for macOS. A local, authenticated malicious party can exploit the exploit the vulnerability to grant itself elevated privileges and thus execute code with SYSTEM/root privileges. Microsoft has made updates available that fix the described...

7.8CVSS6.9AI score0.00478EPSS
Exploits0
NCSC
NCSC
•added 2022/09/13 12:0 a.m.•62 views

Vulnerabilities fixed in TYPO3

The Typo3 Association has fixed vulnerabilities in the Core software of the TYPO3 Content Management System. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, gain access to system information, or launch Perform Cross-Site-Scripting XSS attacks. The...

7.5CVSS6.8AI score0.01731EPSS
Exploits0
NCSC
NCSC
•added 2022/09/09 12:0 a.m.•5 views

Vulnerability fixed in HP Support Assistant

HP has fixed a vulnerability in the Support Assistant, software installed by default on desktops and notebooks from HP. The vulnerability allows a local malicious party to increase its permissions. HP has released version 9.11 as an update to fix the problem. fix. For more information, see:...

7.8CVSS6.7AI score0.02776EPSS
Exploits0
NCSC
NCSC
•added 2022/09/09 12:0 a.m.•2 views

Vulnerability fixed in IBM Webpshere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a malicious party to perform an HTTP header injection. This allows a malicious perform various attacks such as cache poisoning and cross-site scripting. IBM has released updates to fix the vulnerability. More...

5.4CVSS6.8AI score0.00458EPSS
Exploits0
NCSC
NCSC
•added 2022/09/09 12:0 a.m.•4 views

Vulnerability fixed in DokuWiki

A vulnerability has been fixed in DokuWiki. The vulnerability allows a malicious person to perform a Cross-Site Scripting XSS attack. To exploit the vulnerability, a malicious person must entice the victim to open a rogue link or file. Updates have been released to fix the vulnerability. More...

6.1CVSS6.2AI score0.00891EPSS
Exploits1
NCSC
NCSC
•added 2022/09/09 12:0 a.m.•8 views

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Aruba has fixed vulnerabilities in ClearPass Policy Manager CPPM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Remote code execution Administrator/Roo...

8.8CVSS8.2AI score0.01386EPSS
Exploits0
NCSC
NCSC
•added 2022/09/07 12:0 a.m.•27 views

Vulnerabilities fixed in Fortinet products

Forinet has fixed vulnerabilities in FortiOS, FortiAP, and FortiMail. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...

7.8CVSS6.4AI score0.01265EPSS
Exploits0
NCSC
NCSC
•added 2022/09/07 12:0 a.m.•17 views

Vulnerabilities fixed in Android

Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Access to system data Increased user privileges To exploit the...

9.8CVSS6.1AI score0.04829EPSS
Exploits3
NCSC
NCSC
•added 2022/09/05 12:0 a.m.•3 views

Vulnerability fixed in Google Chrome and Microsoft Edge

Google and Microsoft have fixed a vulnerability in Google Chrome and Microsoft Edge. The vulnerability allows a local malicious party to perform attacks in the context of the browser that lead to the execution of arbitrary code. Microsoft indicates that exploit code is available. -= Google =-...

9.6CVSS7.3AI score0.0568EPSS
Exploits0
NCSC
NCSC
•added 2022/09/02 12:0 a.m.•8 views

Vulnerabilities fixed in NetApp Active IQ Unified Manager

NetApp has fixed vulnerabilities in the Spring Security component of Active IQ Unified Manager for Windows, Linux, and VMware vSphere. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data...

9.8CVSS6.7AI score0.10689EPSS
Exploits6
NCSC
NCSC
•added 2022/08/31 12:0 a.m.•4 views

Vulnerabilities fixed in Aruba AOS-CX switches

Vulnerabilities have been fixed in several Aruba AOS-CX switches. These vulnerabilities do not apply to wireless products. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS...

8.8CVSS7.7AI score0.0162EPSS
Exploits0
NCSC
NCSC
•added 2022/08/31 12:0 a.m.•40 views

Vulnerabilities fixed in GitLab CE and EE

Vulnerabilities have been fixed in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing...

9.9CVSS7.7AI score0.86194EPSS
Exploits5
NCSC
NCSC
•added 2022/08/31 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. The vulnerabilities allow a malicious person to perform attacks execute attacks in the context of the browser that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User righ...

8.8CVSS7.5AI score0.24738EPSS
Exploits1
NCSC
NCSC
•added 2022/08/30 12:0 a.m.•6 views

Vulnerabilities fixed in WatchGuard firewalls

Several vulnerabilities have been fixed in WatchGuard firewall products. An unauthenticated remote malicious agent could vulnerability potentially exploit it to execute arbitrary code under root privileges. To be exploited, however, the management interface, however, must be accessible via the...

9.8CVSS7.8AI score0.01533EPSS
Exploits1
NCSC
NCSC
•added 2022/08/29 12:0 a.m.•4 views

Vulnerability fixed in GnuTLS

A vulnerability has been fixed in GnuTLS. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code execute with the application's privileges. The vulnerability was found in the PKCS 7 authentication code. In doing...

7.5CVSS9AI score0.01492EPSS
Exploits0
NCSC
NCSC
•added 2022/08/29 12:0 a.m.•7 views

Vulnerabilities fixed in Foxit PDF Editor

Vulnerabilities have been fixed in Foxit PDF Editor. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, to obtain sensitive data, or to execute arbitrary code in the scope of the application. This requires the malicious party to trick the victim into opening a rogue...

7.5CVSS7.7AI score0.00946EPSS
Exploits2
NCSC
NCSC
•added 2022/08/26 12:0 a.m.•8 views

Vulnerabilities fixed in Nessus Agent

Tenable has fixed two vulnerabilities in Nessus Agent. A authenticated malicious person with the ability and knowledge to create custom audit files could exploit the vulnerabilities to execute code with administrator privileges, or to access gain access to arbitrary system files of the underlying...

9CVSS7.3AI score0.01255EPSS
Exploits0
NCSC
NCSC
•added 2022/08/25 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco NX-OS and FXOS

Cisco has fixed vulnerabilities in NX-OS and FXOS for various Firepower, Nexus and UCS hardware. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or use command-injection to execute commands on the vulnerable system with root privileges. To exploit the...

8.8CVSS7.4AI score0.01022EPSS
Exploits0
Total number of security vulnerabilities4209