Lucene search
K

4209 matches found

NCSC
NCSC
•added 2022/04/13 12:0 a.m.•5 views

Vulnerability fixed in HAProxy

A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...

7.5CVSS6.8AI score0.16563EPSS
Exploits0
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•5 views

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...

8.8CVSS7.1AI score0.02322EPSS
Exploits0
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•3 views

Vulnerabilities fixed in Ruby

Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Ruby developers have released updates to address the vulnerabilities. More information can be foun...

9.8CVSS6.8AI score0.04127EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•92 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote...

10CVSS7.6AI score0.91316EPSS
Exploits23
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in supporting products of Azure. A malicious party could potentially exploit them to appropriate elevated privileges and gain access gain access to sensitive data. The vulnerabilities in Azure Site Recovery are located specifically in the VMWare-to-Azure and...

7.2CVSS6.6AI score0.02306EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•2 views

Vulnerability found in NGINX-LDAP

A vulnerability has been found in the LDAP reference implementation of NGINX. This allows a malicious party to execute arbitrary code execute arbitrary code when certain conditions are met. The use of command-line parameters to configure the Python daemon configuration, unused configuration...

7.8AI score
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•9 views

Vulnerability fixed in Microsoft Power BI

Microsoft has fixed a vulnerability in the Power BI Gateway. The vulnerability occurs when multiple users simultaneously using the gateway, causing the gateway to mixes sessions. A malicious party could potentially exploit this vulnerability to gain access to sensitive data. Abuse is not easy. Th...

3.7CVSS6.2AI score0.00797EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Windows Defender

A vulnerability has been fixed in Microsoft Windows Defender. A malicious party can exploit this vulnerability to cause a denial-of-service. This requires a user to be tricked into handling a rogue file on the system. Windows Defender: |----------------|------|------------------------------------...

5.5CVSS6.1AI score0.02713EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Dynamics

A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

9CVSS7.5AI score0.02776EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Spoofing Access to sensitive data The tables below provide an...

8CVSS7AI score0.03301EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•4 views

Vulnerability fixed in libarchive

The developers of libarchive have fixed a vulnerability. The vulnerability allows a remote malicious party to view sensitive data or cause a denial-of-service DoS cause. To do so, the malicious party must induce a victim to install open a malicious and compressed file with an application that use...

6.5CVSS6.7AI score0.01877EPSS
Exploits1
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•9 views

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User Rights...

9.9CVSS7.3AI score0.70561EPSS
Exploits6
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•10 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Developer Tools. Abuse of the vulnerabilities potentially enable a malicious party to be able to obtain elevated privileges or cause a denial-of-service cause. The tables below list the vulnerabilities fixed by Microsoft with the corresponding CVSSv3...

7.8CVSS6.4AI score0.0328EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. The vulnerability potentially allows a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google did not make additional information available about the fixed vulnerability. Google has released version...

9.6CVSS6.9AI score0.00898EPSS
Exploits10
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•3 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in Xen Hypervisor. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially lead to the following categories of damage: Denial-of-Service DoS. Obtaining elevated privileges Accessing sensitive data Xen has published mitigati...

7.8CVSS6.8AI score0.00344EPSS
Exploits0
NCSC
NCSC
•added 2022/04/07 12:0 a.m.•6 views

Vulnerabilities fixed in FortiClient

Vulnerabilities have been fixed in FortiClient for Linux and Windows. The vulnerabilities allow a local malicious agent to to gain access to system data and obtain elevated privileges. Fortinet has released updates to fix the vulnerability. More information can be found on the pages below:...

8.8CVSS6.7AI score0.00888EPSS
Exploits0
NCSC
NCSC
•added 2022/04/07 12:0 a.m.•7 views

Vulnerabilities fixed in VMware products

Vulnerabilities have been fixed in several VMware products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Bypassing authentication Circumvention of security measure Remote code...

10CVSS7.9AI score0.99997EPSS
Exploits39
NCSC
NCSC
•added 2022/04/07 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution Use...

8.8CVSS6.8AI score0.01241EPSS
Exploits0
NCSC
NCSC
•added 2022/04/06 12:0 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox and Firefox ESR

Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remot...

8.8CVSS7.5AI score0.1446EPSS
Exploits9
NCSC
NCSC
•added 2022/04/06 12:0 a.m.•6 views

Vulnerabilities fixed in MediaWiki

There are vulnerabilities in MediaWiki. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To exploit, the malicious party must be able to modify page titles or only be able to modify a specially prepared URI to visit. A malicious party can exploi...

7.5CVSS6.9AI score0.01161EPSS
Exploits3
NCSC
NCSC
•added 2022/04/06 12:0 a.m.•9 views

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerabilities. For more information, see: https://www.ibm.com/support/pages/node/6564711...

6.5CVSS6.6AI score0.01066EPSS
Exploits0
NCSC
NCSC
•added 2022/04/05 12:0 a.m.•10 views

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Access to sensitive data Access to system dat...

10CVSS7.6AI score0.00748EPSS
Exploits0
NCSC
NCSC
•added 2022/04/05 12:0 a.m.•2 views

Vulnerability fixed in IBM Tivoli Netcool Impact

A vulnerability has been fixed in IBM Tivoli Netcool Impact. A malicious party can exploit the vulnerability to cause a denial-of-service DoS attack. The vulnerability is in the gson component that is part of IBM Tivoli Netcool Impact. IBM has released updates to fix the vulnerability in Tivoli...

6.7AI score
Exploits0
NCSC
NCSC
•added 2022/04/05 12:0 a.m.•2 views

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. The vulnerability potentially allows a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google has not made any additional information made available about the fixed vulnerability. Google has release...

8.8CVSS7.1AI score0.16488EPSS
Exploits2
NCSC
NCSC
•added 2022/04/04 12:0 a.m.•6 views

Vulnerability fixed in ABB 800xA for AC. 800MCompact

ABB has fixed a vulnerability in 800xA, Control Software for AC 800MCompact. The vulnerability allows an authenticated malicious person with network access to the vulnerable system able to perform a denial-of-service. ABB has released updates to fix the vulnerability. Mitigating measures have als...

7.8CVSS6.9AI score0.0091EPSS
Exploits1
NCSC
NCSC
•added 2022/04/04 12:0 a.m.•21 views

Vulnerabilities fixed in Dell Wyse Device Agent

Vulnerabilities have been fixed in Dell Wyse Device Agent. A local malicious party could exploit the vulnerabilities to gain access to the WMS server and/or gain access to sensitive information from the WMS server. Dell has released updates to fix the vulnerability in Wyse Device Agent. For more...

6.7CVSS6.9AI score0.00685EPSS
Exploits0
NCSC
NCSC
•added 2022/04/01 12:0 a.m.•1 views

Vulnerabilities fixed in Apple products

Two different vulnerabilities have been fixed by Apple. The vulnerability with CVE attribute CVE-2022-22675 allows a malicious person able to execute arbitrary code with kernel privileges. This vulnerability has been fixed in macOS, iOS and iPadOS. The second vulnerability, CVE-2022-22674, allows...

9.3CVSS7.7AI score0.12642EPSS
Exploits0
NCSC
NCSC
•added 2022/04/01 12:0 a.m.•8 views

Vulnerabilities fixed in Tomcat for Ubuntu

Vulnerabilities have been fixed in Tomcat. The vulnerabilities potentially allow a malicious party to cause a denial-of-service cause, access sensitive data or execute code execute code with privileges from the vulnerable application. These vulnerabilities have already been described in several...

7.5CVSS9.7AI score0.75353EPSS
Exploits17
NCSC
NCSC
•added 2022/04/01 12:0 a.m.•19 views

Vulnerability fixed in Zyxel Firewall and VPN systems

Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...

9.8CVSS7.1AI score0.84839EPSS
Exploits0
NCSC
NCSC
•added 2022/04/01 12:0 a.m.•32 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Accessing sensitive...

9.8CVSS6.6AI score0.87369EPSS
Exploits4
NCSC
NCSC
•added 2022/04/01 12:0 a.m.•11 views

Vulnerabilities fixed in IBM QRadar

IBM has fixed vulnerabilities in QRadar. The vulnerabilities are in underlying software and libraries, such as the Linux kernel used, OpenSSL, Bash, OpenSSH, Kerberos and Mozilla software. A malicious party could exploit the vulnerabilities to causing a denial-of-service, executing arbitrary code...

9.8CVSS7AI score0.94921EPSS
Exploits163
NCSC
NCSC
•added 2022/04/01 12:0 a.m.•5 views

Vulnerability fixed in Rapid7 Nexpose

A vulnerability has been fixed in Nexpose, the scanning tool from Rapid7. The vulnerability potentially allows a malicious party to to gain access to sensitive information via SQL injection. Rapid7 has made updates available to fix the vulnerability. fix. For more information, see:...

8.8CVSS7.3AI score0.01183EPSS
Exploits0
NCSC
NCSC
•added 2022/03/31 12:0 a.m.•8 views

0day vulnerability discovered in Spring Core Framework

A vulnerability has been discovered in Spring Core Framework. Spring Core Framework is a set of Java libraries that can be used to develop applications in a structured way to develop applications that can can then run either standalone or in Web application environments such as Tomcat. A maliciou...

9.8CVSS7.6AI score0.99939EPSS
Exploits36
NCSC
NCSC
•added 2022/03/30 12:0 a.m.•4 views

Vulnerability fixed in Arista EOS switches

Arista has fixed a vulnerability in switches running on the EOS platform. The vulnerability is in the way VXLAN access rules are processed on the IP4 stack. Because this does not the access rule can be dropped in certain circumstances, allowing network traffic to pass unauthorized. Not all switch...

7.5CVSS6.6AI score0.00706EPSS
Exploits0
NCSC
NCSC
•added 2022/03/30 12:0 a.m.•6 views

Vulnerabilities fixed in Salt

Several vulnerabilities have been fixed in Salt. The vulnerabilities allow a malicious person to perform the following attacks execute: - altering piller data sent by the master to the minion - denial-of-service on a minion process by impersonating a rogue master - resending file server...

8.8CVSS7AI score0.01586EPSS
Exploits0
NCSC
NCSC
•added 2022/03/30 12:0 a.m.•7 views

Vulnerability fixed in Spring Cloud Function

A vulnerability has been fixed in Spring Cloud Function. A malicious party could potentially exploit the vulnerability to execute arbitrary code under application privileges. Spring Cloud Function is a complementary library for Spring Cloud, but is made available separately from the Spring...

9.8CVSS7.4AI score0.99939EPSS
Exploits36
NCSC
NCSC
•added 2022/03/30 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has published a new version of Chrome 100.0.4896.60, which fixes vulnerabilities. A malicious party can exploit the vulnerabilities to bypass security measures, execute code under the user's privileges, or potentially gain access to sensitive data in the context of the browser. The malicio...

8.8CVSS7.5AI score0.01613EPSS
Exploits17
NCSC
NCSC
•added 2022/03/29 12:0 a.m.•4 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Red Hat has fixed vulnerabilities in the OpenShift Container Platform. A malicious party could exploit the vulnerabilities to bypass security measures, execute arbitrary code on the underlying system, or gain access to sensitive information. However, the malicious party must have prior...

8.8CVSS7.2AI score0.01786EPSS
Exploits0
NCSC
NCSC
•added 2022/03/29 12:0 a.m.•4 views

Vulnerability fixed in OpenBSD slaacd

A vulnerability has been fixed in OpenBSD slaacd. This is a service for IPv6 stateless address autoconfiguration SLAAC. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service. To do so, the malicious party needs to send a specially prepared router advertisement...

7.5CVSS7AI score0.01877EPSS
Exploits1
NCSC
NCSC
•added 2022/03/29 12:0 a.m.•2 views

Vulnerability fixed in zlib

A vulnerability has been fixed in Zlib. The vulnerability allows a malicious person potentially able to corrupt memory during compression of specially prepared data. As a result of this, the malicious party could establish a denial-of-service effect a Denial-of-Service in the application using...

7.5CVSS7AI score0.52063EPSS
Exploits1
NCSC
NCSC
•added 2022/03/28 12:0 a.m.•2 views

Vulnerability fixed in Google Chrome and Microsoft Edge

A vulnerability has been fixed in Google Chrome and Microsoft Edge. The vulnerability potentially allows a malicious person to execute arbitrary code under the application's permissions. Google indicates that the vulnerability is being actively exploited. The NCSC has not yet found any public...

8.8CVSS7.2AI score0.24237EPSS
Exploits1
NCSC
NCSC
•added 2022/03/25 12:0 a.m.•7 views

Vulnerability found in Atlassian Confluence Datacenter

A vulnerability has been found in Atlassian Confluence Datacenter. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code. Confluence Datacenter systems are only vulnerable when using the cluster functionality. Confluence...

8.1CVSS6.9AI score0.03711EPSS
Exploits1
NCSC
NCSC
•added 2022/03/25 12:0 a.m.•2 views

Vulnerability fixed in Sophos Firewall

Sophos has fixed a vulnerability in Sophos Firewall. The vulnerability allows a malicious party to bypass authentication in the User Portal and Webadmin interfaces to bypass authentication. Subsequently, the malicious party executes code on the vulnerable system. Sophos has released updates to fi...

9.8CVSS7.3AI score0.99796EPSS
Exploits9
NCSC
NCSC
•added 2022/03/25 12:0 a.m.•6 views

Vulnerability fixed in SonicOS

SonicWall has fixed a vulnerability in SonicOS. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service, and potentially execute arbitrary code execute arbitrary code in the firewall process. SonicWall has released updates to fix the vulnerability in SonicO...

9.8CVSS7.6AI score0.57324EPSS
Exploits3
NCSC
NCSC
•added 2022/03/25 12:0 a.m.•2 views

Vulnerability fixed in containerd

Cloud Native Computing Foundation CNCF has fixed a vulnerability fixed in containerd as used by Kubernetes, among others and Docker. A malicious party could exploit the vulnerability to gain access to sensitive data. To do so, the malicious party persuades the victim to use a rogue container imag...

7.5CVSS9.1AI score0.27392EPSS
Exploits4
NCSC
NCSC
•added 2022/03/24 12:0 a.m.•4 views

Vulnerabilities fixed in McAfee ePolicy Orchestrator

McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to sensitive dat...

7.5CVSS9.1AI score0.64509EPSS
Exploits0
NCSC
NCSC
•added 2022/03/24 12:0 a.m.•5 views

Vulnerability fixed in IrfanView

A vulnerability has been fixed in IrfanView. The vulnerability allows a malicious party to cause a denial-of-service of the application or possibly under user privileges to cause execute arbitrary code. To do this, the malicious party needs to victim to open a rogue TIFF file. The developer has...

7.8CVSS7.2AI score0.01104EPSS
Exploits0
NCSC
NCSC
•added 2022/03/23 12:0 a.m.•5 views

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6560040...

6.5CVSS6.6AI score0.00945EPSS
Exploits0
NCSC
NCSC
•added 2022/03/23 12:0 a.m.•9 views

Vulnerabilities fixed in NetApp Clustered Data ONTAP

NetApp has released updates to fix vulnerabilities in several third-party components for Clustered Data ONTAP. The vulnerabilities are in OpenSSL, PHP, OpenSSH and Apache and enable a malicious party to cause a denial-of-service cause, gain access to sensitive data and potentially manipulate data...

9.8CVSS7.5AI score0.99999EPSS
Exploits11
NCSC
NCSC
•added 2022/03/23 12:0 a.m.•18 views

Vulnerabilities fixed in HP printers

HP has fixed vulnerabilities in several printers. The vulnerabilities allow an unauthenticated malicious person with network access to the printer to execute arbitrary code execute arbitrary code, cause a denial-of-service, or access gain access to sensitive information. HP has released updates t...

10CVSS7.6AI score0.07022EPSS
Exploits0
Total number of security vulnerabilities4209