Lucene search
K

4209 matches found

NCSC
NCSC
•added 2022/06/10 12:0 a.m.•7 views

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Apache has released...

9.8CVSS7AI score0.90407EPSS
Exploits2
NCSC
NCSC
•added 2022/06/10 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person can exploit the vulnerabilities potentially exploit them to execute arbitrary code, cause a denial-of-service or gain access to system data. Google has released updates to fix the vulnerabilities in Chrome...

9.3CVSS7.5AI score0.01081EPSS
Exploits0
NCSC
NCSC
•added 2022/06/10 12:0 a.m.•3 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in the Xen hypervisor. The vulnerabilities allow a malicious person with access to a guest system to obtain elevated privileges on the host and can thereby compromise the system. Xen has released updates to fix the vulnerabilities. More information can be found on...

7.2CVSS7.6AI score0.00494EPSS
Exploits3
NCSC
NCSC
•added 2022/06/08 12:0 a.m.•9 views

Vulnerability fixed in SonicWall SMA100 series

A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code under root privileges or cause a denial-of-service attack. To exploit the vulnerability the malicious party must have access to the...

9CVSS7.5AI score0.1111EPSS
Exploits0
NCSC
NCSC
•added 2022/06/08 12:0 a.m.•47 views

Vulnerability fixed in Fortinet products

Vulnerabilities have been fixed in several products from Fortinet. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution...

9.8CVSS6.2AI score0.9967EPSS
Exploits10
NCSC
NCSC
•added 2022/06/08 12:0 a.m.•12 views

Vulnerabilities fixed in IBM Cognos Command Center

Several vulnerabilities have been fixed in IBM Cognos Command Center. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing Access to sensitive data Increased user privileg...

9.8CVSS9.9AI score0.81147EPSS
Exploits17
NCSC
NCSC
•added 2022/06/07 12:0 a.m.•3 views

Vulnerabilities fixed in IBM QRadar SIEM

Vulnerabilities have been fixed in IBM QRadar SIEM. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To do this, the malicious party must trick a trick a user into using a specially preloaded archive file 7z, tar or zip to process from QRadar. I...

7.5CVSS6.9AI score0.12945EPSS
Exploits0
NCSC
NCSC
•added 2022/06/07 12:0 a.m.•7 views

Vulnerabilities fixed in Google Android and Samsung Mobile (Android)

Google has fixed several vulnerabilities in Android. In addition to the vulnerabilities fixed by Google, Samsung has also fixed 21 additional vulnerabilities fixed specifically for Samsung Mobile hardware. A malicious party could potentially exploit them to cause the following categories of damag...

10CVSS7.5AI score0.08575EPSS
Exploits2
NCSC
NCSC
•added 2022/06/03 12:0 a.m.•5 views

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. Credentials of users are printed in readable text in the IBM Spectrum Protect Plus virgo log file. IBM has released updates to fix the vulnerabilities in Spectrum Protect Plus 10.1.0.0-10.1.9.32. For more information, see:...

7.5CVSS6.8AI score0.00658EPSS
Exploits0
NCSC
NCSC
•added 2022/06/03 12:0 a.m.•3 views

Vulnerability in CakePHP fixed

In CakePHP version 3.10.4, an encryption issue of CsrfProtectionMiddleware has been fixed. In 3.10.3, verified tokens were generated using random bytes and would often not match when they were rendered in HTML. No CVE number was issued for this vulnerability. CakePHP's developers have issued...

6.6AI score
Exploits0
NCSC
NCSC
•added 2022/06/03 12:0 a.m.•7 views

0Day vulnerability discovered in Atlassian Confluence

A 0Day vulnerability has been discovered in Atlassian Confluence Server and Confluence Datacenter. An unauthenticated malicious party can exploit the vulnerability to execute arbitrary code with application privileges and thus also gain access to sensitive data within the scope of the affected...

9.8CVSS7.7AI score0.99999EPSS
Exploits76
NCSC
NCSC
•added 2022/06/03 12:0 a.m.•31 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Bypassing security measure Accessing system data GitLab has released updates t...

9.9CVSS6.3AI score0.15471EPSS
Exploits1
NCSC
NCSC
•added 2022/06/02 12:0 a.m.•6 views

Vulnerabilities fixed in HPE ProLiant Intel BIOS

Vulnerabilities have been fixed in the Intel BIOS of HPE ProLiant DX servers. The vulnerabilities in DX Gen 10 servers with features DX170r, DX190r, DX360, DX380, DX560 and DX4200 allow a local malicious person able to obtain sensitive information or increase privileges. HPE has made updates...

7.8CVSS6.7AI score0.00268EPSS
Exploits0
NCSC
NCSC
•added 2022/06/02 12:0 a.m.•4 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in Red Hat OpenShift Serverless Operator and Operator. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure The vulnerabilities are locate...

9.1CVSS6.9AI score0.52063EPSS
Exploits2
NCSC
NCSC
•added 2022/06/02 12:0 a.m.•10 views

Vulnerabilities fixed in IBM QRadar SIEM

Vulnerabilities have been fixed in the IBM QRadar Data Synchronization App for IBM QRadar SIEM. The vulnerabilities are are in underlying software and libraries, such as Node.js and SQLite. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the...

9.8CVSS9.3AI score0.37286EPSS
Exploits16
NCSC
NCSC
•added 2022/06/01 12:0 a.m.•9 views

Vulnerabilities fixed in IBM Tivoli Monitoring

Multiple vulnerabilities have been fixed in the WebSphere Application Server component of IBM Tivoli Monitoring. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution User Rights Denial-of-Service DoS...

10CVSS7.9AI score0.99999EPSS
Exploits362
NCSC
NCSC
•added 2022/06/01 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. These vulnerabilities allow a remote attacker to impersonate impersonate someone else or break outside the sandbox and thereby increase privileges. This requires a user to respond to a link from the attacker. Microsoft has made update version...

8.3CVSS7.2AI score0.01759EPSS
Exploits0
NCSC
NCSC
•added 2022/06/01 12:0 a.m.•6 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Multiple vulnerabilities have been fixed in the Red Hat OpenShift Container Platform. These vulnerabilities allow an attacker to able to perform a Cross-Site Scripting XSS attack on the subversion plugin of Jenkins or a denial-of-service DoS in GoLang. Red Hat has made updates available for Red H...

7.5CVSS6.4AI score0.7855EPSS
Exploits0
NCSC
NCSC
•added 2022/06/01 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User rights Spoofing...

9.8CVSS7.7AI score0.01112EPSS
Exploits0
NCSC
NCSC
•added 2022/05/31 12:0 a.m.•3 views

Vulnerabilities fixed in Ruby on Rails

Vulnerabilities have been fixed in Ruby on Rails. These vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code or potentially cause a denial-of-service when the package rack is in use for parsing and middleware. Updates have been made available for rack to addres...

10CVSS7.9AI score0.02056EPSS
Exploits0
NCSC
NCSC
•added 2022/05/31 12:0 a.m.•18 views

Vulnerabilities fixed in IBM SPSS

Several vulnerabilities have been fixed in Spring Framework version 5.3.20 as part of IBM SPSS Collaboration and Deployment Services. The vulnerabilities can be exploited by a malicious be exploited to execute arbitrary code and/or to cause a denial-of-service DoS exploit. These vulnerabilities...

9.8CVSS7.8AI score0.99677EPSS
Exploits106
NCSC
NCSC
•added 2022/05/30 12:0 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex One

Vulnerabilities have been fixed in Trend Micro Apex One. A malicious party could potentially exploit the vulnerability to increase its permissions and thereby load untrusted files. load. Trend Micro has released updates to fix the vulnerabilities fixes in Apex One. For more information, see:...

7.8CVSS7AI score0.00398EPSS
Exploits0
NCSC
NCSC
•added 2022/05/30 12:0 a.m.•5 views

Zero-day vulnerability discovered in Microsoft Word

A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...

7.1AI score
Exploits0
NCSC
NCSC
•added 2022/05/27 12:0 a.m.•7 views

Vulnerabilities fixed in Ctrix ADC and Gateway

Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. The vulnerabilities allow a remote malicious party able to effect a denial-of-service DoS. For CVE-2022-27508 does not require authentication, while CVE-2022-27507 does. The CVE-2022-27507 vulnerability is only exploitable when...

7.5CVSS7AI score0.01023EPSS
Exploits0
NCSC
NCSC
•added 2022/05/27 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed multiple vulnerabilities in supporting software provided with IBM Spectrum Control, The vulnerabilities are in XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categori...

8.8CVSS9.9AI score0.98124EPSS
Exploits17
NCSC
NCSC
•added 2022/05/27 12:0 a.m.•8 views

Vulnerabilities fixed in IBM MQ

IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in gzip, jackson-databind, libssh, gnutls, nettle and zlib and have been previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to gain...

8.8CVSS6.7AI score0.52063EPSS
Exploits2
NCSC
NCSC
•added 2022/05/27 12:0 a.m.•8 views

Vulnerabilities fixed in Open Automation Software Platform

Vulnerabilities have been fixed in Open Automation Software Platform. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Accessing...

9.8CVSS7.7AI score0.37606EPSS
Exploits8
NCSC
NCSC
•added 2022/05/25 12:0 a.m.•4 views

Vulnerabilities fixed in Zyxel products

Zyxel has fixed several vulnerabilities in a number of products, including USG, NSG and ATP firewalls. A malicious person could potentially exploit the vulnerabilities to execute arbitrary commands, cause a denial-of-service or obtaining sensitive information. To exploit the vulnerabilities, the...

7.8CVSS7.1AI score0.0836EPSS
Exploits4
NCSC
NCSC
•added 2022/05/25 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Google Chrome. A malicious party can exploit the vulnerabilities to cause the following categories of damage: Bypassing security measure. Remote code execution User rights Accessing sensitive data Google gives the vulnerability with attribute...

9.6CVSS7.6AI score0.0088EPSS
Exploits3
NCSC
NCSC
•added 2022/05/23 12:0 a.m.•7 views

Vulnerability fixed in Cisco IOS XR

A vulnerability has been fixed in Cisco IOS XR. The vulnerability in the health check RPM of Cisco IOS XR software could allow an unauthenticated, remote malicious party to gain access gain access to the Redis environment. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For...

6.5CVSS7.1AI score0.1176EPSS
Exploits0
NCSC
NCSC
•added 2022/05/23 12:0 a.m.•2 views

Vulnerabilities fixed in IBM Tivoli Monitoring

Vulnerabilities have been fixed in IBM Tivoli Monitoring. A malicious party can exploit the vulnerabilities to cause a denial-of-service DoS and/or execute arbitrary code. The vulnerabilities are in the libexpart parser that is used by IBM Tivoli Monitoring. Local access is required to exploit th...

9.8CVSS7.9AI score0.34174EPSS
Exploits3
NCSC
NCSC
•added 2022/05/23 12:0 a.m.•4 views

Vulnerability fixed in Grafana Enterprise

Grafana Labs has fixed a vulnerability in Grafana Enterprise. A malicious person with the rights to create their own data source could exploit the vulnerability for a Same Site Request Forgery attack SSRF and thus gain access to sensitive data. Grafana Labs has released updates to fix the...

8.5CVSS9.4AI score0.01191EPSS
Exploits0
NCSC
NCSC
•added 2022/05/23 12:0 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed two vulnerabilities in Firefox and Thunderbird. A malicious party could potentially exploit them to execute arbitrary javascript code outside the context of the browser, potentially gaining access to sensitive data. Mozilla has released updates to fix the vulnerabilities in...

8.8CVSS7.6AI score0.26709EPSS
Exploits0
NCSC
NCSC
•added 2022/05/20 12:0 a.m.•5 views

Vulnerability fixed in Oracle E-Business suite

Oracle has fixed a vulnerability in Oracle E-Business Suite. A malicious party could use the vulnerability to access gain access to sensitive information. The malicious party does not need prior authentication to do so. Oracle indicates that the vulnerability is not present in the Oracle SaaS clo...

7.5CVSS6.8AI score0.70589EPSS
Exploits1
NCSC
NCSC
•added 2022/05/19 12:0 a.m.•6 views

Vulnerability fixed in BIND

ISC has fixed a vulnerability in BIND. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party must prematurely break a TLS connection to the vulnerable server. TLS is used for both DNS over TLS DoT and DNS over HTT...

7.5CVSS6.5AI score0.06394EPSS
Exploits0
NCSC
NCSC
•added 2022/05/19 12:0 a.m.•6 views

Vulnerabilities fixed in VMWare products

VMware has fixed two vulnerabilities in Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager. An unauthenticated malicious person with access to the management environment could potentially exploit the vulnerabilities to gain gain...

9.8CVSS7.3AI score0.55801EPSS
Exploits11
NCSC
NCSC
•added 2022/05/18 12:0 a.m.•6 views

Vulnerability fixed in SonicWall SMA100

SonicWall has fixed a vulnerability in the SMA100. The vulnerability allows an authenticated remote malicious person potentially be able to use the management interface to execute arbitrary commands execute as "root" on the underlying system, or to cause a denial-of-service. SonicWall has release...

9CVSS7.3AI score0.1111EPSS
Exploits0
NCSC
NCSC
•added 2022/05/18 12:0 a.m.•5 views

Vulnerabilities fixed in NVIDIA drivers

NVIDIA has fixed vulnerabilities in its GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution Administrator/Root privileges Increased user privileges The...

9.9CVSS7.6AI score0.01525EPSS
Exploits0
NCSC
NCSC
•added 2022/05/17 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome and Chromium

Google has fixed several vulnerabilities in Chrome and Chromium. A malicious party could potentially exploit them to cause a denial-of-service, or execute arbitrary execute arbitrary code in the scope of the browser. Possibly, the malicious party could also gain access to sensitive data within th...

8.8CVSS7.6AI score0.00776EPSS
Exploits1
NCSC
NCSC
•added 2022/05/17 12:0 a.m.•2 views

Vulnerability fixed in Apache Tomcat

Apache has fixed a vulnerability in Tomcat. A unauthenticated remote malicious person could exploit the vulnerability potentially exploit it to gain access to sensitive data. The malicious party would need insight into the workings of the web application to be manipulated and exploitation is not...

8.6CVSS7AI score0.08033EPSS
Exploits0
NCSC
NCSC
•added 2022/05/17 12:0 a.m.•7 views

Vulnerability fixed in JFrog Artifactory

A vulnerability has been fixed in JFrog Artifactory. The vulnerability allows a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges JFrog's developers have released...

8.8CVSS7.3AI score0.01937EPSS
Exploits0
NCSC
NCSC
•added 2022/05/17 12:0 a.m.•3 views

Vulnerabilities fixed in Apple Safari

Apple has fixed several vulnerabilities in Safari. A remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code in the scope of the browser, or to gain access to sensitive data in the scope of the browser. However, the malicious party must trick the victim int...

8.8CVSS7.5AI score0.01424EPSS
Exploits0
NCSC
NCSC
•added 2022/05/17 12:0 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed multiple vulnerabilities in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Kernel/Root permissions Remote code execution...

9.8CVSS7.4AI score0.97108EPSS
Exploits11
NCSC
NCSC
•added 2022/05/16 12:0 a.m.•3 views

Vulnerability fixed in OpenBSD

A vulnerability has been fixed in OpenBSD. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service by running rogue PPPoE packets through the system. Only when an OpenBSD system is configured to use PPP through the pppoe4 interface is potentially...

6.7AI score
Exploits0
NCSC
NCSC
•added 2022/05/13 12:0 a.m.•4 views

Vulnerability fixed in PostgreSQL

The developers of PostgreSQL have fixed a vulnerability in PostgreSQL. It was found that certain commands such as Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER and pgamcheck do not handle permissions correctly, allowing a user to can execute these commands outside the scop...

8.8CVSS6.9AI score0.12403EPSS
Exploits0
NCSC
NCSC
•added 2022/05/13 12:0 a.m.•5 views

Vulnerability fixed in Check Point Endpoint Security Client

Check Point has fixed a vulnerability in Check Point Endpoint Security Client for Windows. A local malicious agent could exploit the vulnerability to obtain elevated privileges and then execute arbitrary code under those privileges. To do so, the malicious party must place rogue files in a...

7.8CVSS7.5AI score0.04076EPSS
Exploits0
NCSC
NCSC
•added 2022/05/13 12:0 a.m.•3 views

Vulnerability fixed in Zyxel ATP, USG and VPN products

Zyxel has fixed a vulnerability in products from its ATP, USG and VPN product line. An unauthenticated malicious person with access to the management interface could exploit the vulnerability to execute arbitrary code under privileges of the nobody-user. Exploit code for the vulnerability is...

10CVSS7.7AI score0.99938EPSS
Exploits27
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•5 views

Vulnerability fixed in Dell iDRAC9

Dell has fixed a vulnerability in iDRAC9.The vulnerability allows an unauthenticated malicious party to bypass authentication bypass authentication and gain access to the VNC console. Dell has released updates to fix the vulnerability. For more information, see:...

10CVSS7.2AI score0.53824EPSS
Exploits0
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•14 views

Vulnerabilities fixed in IBM MQ

IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in Java, Eclipse Jetty and Websphere Liberty and were previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to cause a...

9.8CVSS9.5AI score0.99298EPSS
Exploits16
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•49 views

Vulnerabilities fixed in Dell PowerEdge

Dell has fixed vulnerabilities in PowerEdge Server based on the AMD EPYC platform. The vulnerabilities allow a local malicious party to cause a denial-of-service, access gain access to sensitive data or potentially execute code. Dell has released updates to fix the vulnerabilities. For more...

5.5CVSS7.1AI score0.00265EPSS
Exploits0
Total number of security vulnerabilities4209