Lucene search
K

4207 matches found

NCSC
NCSC
•added 2022/03/21 12:0 a.m.•3 views

Vulnerabilities fixed in Adobe Acrobat

Adobe has fixed vulnerabilities in Acrobat. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Successful...

9.3CVSS7.6AI score0.57304EPSS
Exploits1
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•3 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. A malicious person who has a user's partial credentials can exploit the exploit the vulnerability to bypass authentication. Only systems that use multiple external authentication plug-ins are vulnerable. OpenVPN has released updates to fix the...

9.8CVSS7.1AI score0.03519EPSS
Exploits0
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•4 views

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Remote code execution User Rights The developers of MISP have released a new versi...

7.2AI score
Exploits0
NCSC
NCSC
•added 2022/03/18 12:0 a.m.•4 views

Vulnerability fixed in libxml2

A vulnerability has been fixed in libxml2. The vulnerability allows a remote malicious party the ability to cause a denial-of-service cause. The developers of libxml2 have released an update to fix the vulnerability: https://gitlab.gnome.org/GNOME/libxml2/-/commit...

7.5CVSS6.8AI score0.0601EPSS
Exploits0
NCSC
NCSC
•added 2022/03/17 12:0 a.m.•6 views

Vulnerabilities fixed in BIND

The Internet Systems Consortium ISC has fixed vulnerabilities in BIND. An unauthenticated remote malicious person can exploit the exploit the vulnerabilities to perform a cache-poisoning attack or cause a denial-of-service. One of the fixed vulnerabilities has been given the attribute CVE-2022-06...

7.5CVSS7.4AI score0.0325EPSS
Exploits0
NCSC
NCSC
•added 2022/03/17 12:0 a.m.•4 views

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data Increased user privileges Python...

9.8CVSS7.4AI score0.70561EPSS
Exploits5
NCSC
NCSC
•added 2022/03/17 12:0 a.m.•4 views

Vulnerabilities fixed in Drupal

Vulnerabilities have been fixed in CKEditor as used by Drupal. The vulnerability with reference CVE-2022-24728 can be exploited to perform a cross-site scripting attack. The vulnerability with attribute CVE-2022-24729 allows a malicious additionally able to cause a denial-of-service that is limit...

7.5CVSS6.5AI score0.02448EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•4 views

Vulnerability fixed in Tibco JasperReports

A path-traversal vulnerability has been fixed in TIBCO JasperReports. TIBCO indicates that the vulnerability could theoretically could theoretically be used to obtain sensitive data obtain sensitive data from the system on which the JasperReports server is hosted. TIBCO has released updates to fi...

9.9CVSS6.6AI score0.02096EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•7 views

Vulnerabilities fixed in Mattermost Server

Two vulnerabilities have been fixed in Mattermost Server. A unauthenticated malicious person can exploit the vulnerabilities to cause a denial-of-service. To do so, a malicious file needs to be uploaded or a malicious POST request needs to be sent be sent to the server. For the latter, no...

7.5CVSS7.2AI score0.00909EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•4 views

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. The vulnerability allows an unauthenticated malicious person to cause a denial-of-service. To do so, the malicious party must offer a specially crafted certificate to the system that of OpenSSL. The vulnerability is caused by the "BNmodsqrt" function. Th...

7.5CVSS8AI score0.70561EPSS
Exploits2
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•7 views

Vulnerabilities fixed in Expat

Vulnerabilities have been fixed in Expat. Combining exploiting these vulnerabilities allows a remote malicious person able to execute arbitrary code or cause a Denial-of-Service cause. Expat's developers have made updates available to address the vulnerabilities. For more information, see:...

9.8CVSS7.7AI score0.34174EPSS
Exploits1
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•5 views

Vulnerabilities fixed in Bareos

Vulnerabilities have been fixed in Bareos. The vulnerability with reference CVE-2022-24755 can be exploited to bypass authentication. circumvention. To exploit this vulnerability, the Bareos Director must be configured with PAM as the authentication agent. The vulnerability with attribute...

9.8CVSS7.1AI score0.01996EPSS
Exploits2
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the application's permissions. As usual, Google has made little to no information made available about the fixed vulnerabilities. Google has released...

9.6CVSS7AI score0.01089EPSS
Exploits10
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•2 views

Vulnerability fixed in IBM WebSphere and Tivoli Netcool/OMNIbus WebGUI

IBM has fixed a vulnerability in WebSphere Application Server. WebSphere is also used by other systems such as Tivoli Netcool/OMNIbus. The vulnerability allows an unauthenticated remote malicious person to execute arbitrary code to execute arbitrary code. To do so, rogue network traffic must be...

9.8CVSS7.3AI score0.30367EPSS
Exploits1
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•6 views

Vulnerabilities fixed in CyberArk Privileged Session Manager and Password Vault Manager

Vulnerabilities have been fixed in the CyberArk Privileged Session Manager and Password Vault Manager. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to...

7.5AI score
Exploits0
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•8 views

Vulnerabilities fixed in macOS

Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...

9.8CVSS8.5AI score0.17715EPSS
Exploits13
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•38 views

Vulnerabilities fixed in iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Circumvention of security measure. Remote code execution...

9.8CVSS7.6AI score0.08067EPSS
Exploits0
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•7 views

Vulnerabilities fixed in pfSense

Netgate has fixed vulnerabilities in pfSense. The vulnerabilities marked CVE-2022-26019, CVE-2021-41282 and CVE-2022-24299 allow a malicious party to execute arbitrary code or cause a denial-of-service. To exploit these vulnerabilities requires administrator privileges on the vulnerable device...

9CVSS7.8AI score0.87113EPSS
Exploits4
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•2 views

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a local malicious agent to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data The vulnerabilities have been fix...

7.8CVSS8AI score0.00432EPSS
Exploits0
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•5 views

Vulnerabilities fixed in Yokogawa CENTUM VP

Vulnerabilities have been fixed in Yokogawa CENTUM VP. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...

9.8CVSS7.5AI score0.01042EPSS
Exploits0
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•18 views

Vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed vulnerabilities in IBM Spectrum Protect and IBM Spectrum Protect Plus. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Bypassing authenticatio...

9.8CVSS7.4AI score0.99295EPSS
Exploits243
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•25 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Backup & Replication. A malicious party could exploit the vulnerabilities to execute of arbitrary code. To do so, the malicious party must access an internal API of the Veeam Distribution Service. For this no authentication is required. Veeam has released update...

10CVSS7.3AI score0.05942EPSS
Exploits0
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•17 views

Vulnerabilities fixed in Red Hat Openshift Container Platform

Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing authentication Circumvention of...

9.8CVSS7.1AI score0.99888EPSS
Exploits34
NCSC
NCSC
•added 2022/03/14 12:0 a.m.•3 views

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities allow an unauthenticated remote malicious person to remote user to cause a denial-of-service or potentially execute arbitrary code. The vulnerability with attribute CVE-2022-22720 additionally enables an HTTP request...

9.8CVSS7.4AI score0.69803EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•2 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in Xen Hypervisor. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Xen has released updates to address the...

7CVSS7.5AI score0.00359EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•6 views

Vulnerabilities fixed in Sophos SG UTM

Vulnerabilities have been fixed in Sophos SG UTM. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data Sophos has fixed the vulnerabilities in SG UTM version 9.710. More...

8.8CVSS9.6AI score0.11296EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•5 views

Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of several Dell products. The vulnerabilities make it possible for a local malicious person with elevated privileges to execute code while the system is active in System Management Mode SMM. Dell has made updates available to fix the vulnerabilities fix...

8.2CVSS7AI score0.00281EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•5 views

Vulnerability fixed in F-Secure products

A vulnerability has been fixed in the F-Secure Support tool, which is is used in Business Suite and consumer products. A authenticated malicious person could potentially exploit it to execute arbitrary code under higher privileges. F-Secure has made available an update that fixes the described...

8.5CVSS7.7AI score0.00714EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•6 views

Vulnerability fixed in ARM, AMD and Intel processors

Researchers at VU Amsterdam have found a new variant of the Spectre vulnerability. The researchers have dubbed the attack Branch History Injection. Previous mitigation for Spectre v2 is not sufficient to fully fix the vulnerability, according to the researchers. According to the researchers, this...

6.8CVSS5.8AI score0.00508EPSS
Exploits0
NCSC
NCSC
•added 2022/03/10 12:0 a.m.•8 views

Vulnerabilities fixed in Schneider Electric Ecostruxure Control Expert

Vulnerabilities have been fixed in the Schneider Electric Ecostruxure Control Expert. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service cause. To exploit these vulnerabilities, a malicious party must be able to intercept specific Modbus data and...

5.9CVSS6.7AI score0.00847EPSS
Exploits0
NCSC
NCSC
•added 2022/03/10 12:0 a.m.•6 views

Vulnerability fixed in PAN-OS

A vulnerability has been fixed in PAN-OS. The vulnerability with reference CVE-2022-0022 allows a malicious person with access to the system's password hashes, to crack the hashes to crack and thus gain access to the passwords. This vulnerability arose because PAN-OS uses a weak cryptographic...

4.6CVSS6.8AI score0.00125EPSS
Exploits0
NCSC
NCSC
•added 2022/03/10 12:0 a.m.•9 views

Vulnerabilities fixed in mariadb

Vulnerabilities have been fixed in mariadb 10.2.43. Due to an error in the handling and validation of database queries, a local attacker is able to crash the application or increase the user privileges to service account privileges. -= SUSE =- SUSE has made updates available to address the...

7.8CVSS9.3AI score0.00689EPSS
Exploits8
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•3 views

Vulnerabilities fixed in APC UPS systems

Vulnerabilities have been fixed in Uninterruptible Power Supply UPS systems from APC. APC is part of Schneider Electric. These UPS systems are widely used in situations where up-time is very important. The vulnerabilities with reference CVE-2022-22805 and CVE-2022-22806 allow a remote malicious...

9.8CVSS7.9AI score0.12256EPSS
Exploits0
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•43 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication. Remote code execution...

10CVSS8.4AI score0.99999EPSS
Exploits375
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•4 views

Vulnerability fixed in Mitel MiCollab and MiVoice Business Express

A vulnerability has been fixed in Mitel MiCollab and MiVoice Business Express. The vulnerability allows an unauthenticated remote malicious party to perform attacks that lead to the following categories of damage Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Th...

9.8CVSS7.4AI score0.87565EPSS
Exploits1
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•8 views

Vulnerabilities fixed in Icinga Web 2

Several vulnerabilities have been fixed in Icinga Web 2. The vulnerability with the attribute CVE-2022-24716 allows an unauthenticated malicious party to use a path-traversal to obtain to obtain files that may contain database credentials. The vulnerabilities with attributes CVE-2022-24714 and...

8.8CVSS6.8AI score0.89378EPSS
Exploits13
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•2 views

Vulnerabilities fixed in Zabbix

Vulnerabilities have been fixed in Zabbix. An authenticated malicious party could exploit the vulnerabilities to launch a cross-site scripting attack. Zabbix has made updates available to fix the vulnerabilities. fixes. For more information, see: https://support.zabbix.com/browse/ZBX-20680...

4.6CVSS7AI score0.01203EPSS
Exploits0
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•5 views

Vulnerability fixed in AMD processors

AMD has fixed a vulnerability with reference CVE-2021-26401 for the Ryzen and Athlon processors. This vulnerability has the same cause as the vulnerability known as Spectre, with attribute CVE-2017-5717. This vulnerability allows a malicious party to obtain sensitive data from the memory of a loc...

7.8CVSS6.4AI score0.01445EPSS
Exploits1
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•6 views

Vulnerabilities fixed in Intel processors

Intel has fixed vulnerabilities in processors from the Atom, Core, Celeron and Atom families. A malicious person with physical access to the system could exploit the vulnerability to, among other things access sensitive data and potentially gain elevated privileges, among other things. obtain...

6.8CVSS5.5AI score0.00508EPSS
Exploits0
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in Photoshop, Illustrator and After Effects. The vulnerabilities allow a malicious person to to execute arbitrary code within the context of the user, or gain access to sensitive data. To exploit the vulnerabilities, an attacker must entice a user to open a rogue...

9.3CVSS7.8AI score0.04306EPSS
Exploits0
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Defender

Microsoft has fixed vulnerabilities in Defender. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, be able to impersonate another user and execute arbitrary code in the context of a user. In order to exploit the vulnerabilities, the malicious party nee...

8.8CVSS7.2AI score0.02737EPSS
Exploits0
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Developer Tools products. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing In order to exploit these vulnerabilities, a...

7.5CVSS7.7AI score0.03306EPSS
Exploits0
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User...

9CVSS7.6AI score0.56376EPSS
Exploits0
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•12 views

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges The vulnerability with attribute...

10CVSS8.9AI score0.01156EPSS
Exploits3
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•20 views

Vulnerabilities fixed in the Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Increased user privileges The...

9CVSS6.2AI score0.89063EPSS
Exploits106
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•9 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Exchange Server. A malicious party could potentially exploit the vulnerabilities to access gain access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. Exploitation of both vulnerabilities requires...

8.8CVSS7.2AI score0.40789EPSS
Exploits3
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•3 views

Vulnerabilities fixed in Firefox

Vulnerabilities have been fixed in Firefox. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Mozilla has released updates to fix the...

9.6CVSS7.4AI score0.00931EPSS
Exploits6
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•11 views

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication...

9.8CVSS8AI score0.87816EPSS
Exploits44
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•9 views

Vulnerabilities fixed in Microsoft Azure Site Recovery

Vulnerabilities have been fixed in Microsoft Azure Site Recovery. The vulnerabilities allow a malicious party to obtain elevated rights or to execute arbitrary code. With the exception of CVE-2022-24469, an attacker already needs need elevated privileges to one or more of the components that are...

9CVSS7.1AI score0.02698EPSS
Exploits0
NCSC
NCSC
•added 2022/03/08 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Office

Vulnerabilities have been fixed in Microsoft Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Circumvention of security measure Remote code execution User rights Access to...

7.8CVSS7AI score0.0287EPSS
Exploits0
Total number of security vulnerabilities4207