Lucene search
K

4207 matches found

NCSC
NCSC
•added 2022/02/08 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...

9.3CVSS7.2AI score0.53655EPSS
Exploits4
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft SQL Server and Power BI

Microsoft has fixed vulnerabilities in Microsoft SQL Server and Power BI. The vulnerabilities allow a malicious party to obtain elevated user privileges. SQL Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

7.8CVSS7.1AI score0.02567EPSS
Exploits0
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•4 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows an authenticated malicious person to to execute arbitrary code. To exploit the vulnerability exploit the vulnerability, high privileges are required. Microsoft Dynamics:...

7.2CVSS6.9AI score0.02718EPSS
Exploits0
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•7 views

Vulnerabilities fixed in Siemens products

Several vulnerabilities have been fixed in Siemens products. The vulnerabilities potentially allow a malicious party to gain access to sensitive data or cause a denial-of-service cause. To exploit the vulnerabilities, the malicious party must have access to the production environment. It is good...

8.8CVSS8.3AI score0.50445EPSS
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•6 views

Vulnerability fixed in Zimbra

A vulnerability has been fixed in Zimbra. An unauthenticated malicious party could exploit the vulnerability to perform a reflected cross-site scripting attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Within Zimbra,...

6.5AI score
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•4 views

Vulnerability discovered in NetApp Clustered Data ONTAP

NetApp has discovered a vulnerability in Clustered Data ONTAP. The vulnerability is located in the version of the provided tool Expat and allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a Denial-of-Service. NetApp has not released any updates a...

7.5CVSS8.5AI score0.03992EPSS
Exploits0
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•6 views

Vulnerability fixed in XWiki

A vulnerability has been fixed in XWiki. A malicious party can exploit the exploit the vulnerability to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. For the vulnerabilit...

5.4CVSS6.6AI score0.0087EPSS
Exploits1
NCSC
NCSC
•added 2022/02/07 12:0 a.m.•6 views

Vulnerability fixed in F5 BIG-IP

F5 has fixed a vulnerability in BIG-IP. A malicious person with rights to execute regular expressions could exploit the exploit the vulnerability to cause a denial-of-service, or potentially execute arbitrary code on the system. F5 has released updates to fix the vulnerability in BIG-IP 16.1.2,...

8.6CVSS7.8AI score0.04879EPSS
Exploits0
NCSC
NCSC
•added 2022/02/04 12:0 a.m.•7 views

Vulnerability fixed in Kibana

A vulnerability has been fixed in Kibana. The vulnerability allows an authenticated malicious person to perform a Cross-Site Scripting attack on users with higher privileges within the application. Elastic has made version 7.17.0 available for Kibana to fix the vulnerability. For more information...

5.4CVSS6.7AI score0.00527EPSS
Exploits0
NCSC
NCSC
•added 2022/02/04 12:0 a.m.•5 views

Vulnerability fixed in VMware Workstation, Fusion & ESXi

A vulnerability has been fixed in VMware Workstation, Fusion & ESXi. The vulnerability enables a malicious person with access to a virtual machine on which CD-ROM virtualization is enabled to able to execute arbitrary code on the hypervisor. To exploit this vulnerability, a CD image must be...

7.8CVSS7.5AI score0.04681EPSS
Exploits0
NCSC
NCSC
•added 2022/02/04 12:0 a.m.•11 views

Vulnerabilities fixed in Red Hat products

Vulnerabilities have been fixed in Log4j version 1 in several Red Hat products. Log4j v1 has been End-of-Life since 2015 and it is recommended to upgrade to v2. In a number of Red Hat products Log4j v1 is still being used. These vulnerabilities allow a remote malicious person to execute arbitrary...

9.8CVSS9.4AI score0.81147EPSS
Exploits10
NCSC
NCSC
•added 2022/02/04 12:0 a.m.•13 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system...

9.1CVSS6.9AI score0.0112EPSS
Exploits6
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•3 views

Vulnerability fixed in PostgreSQL JDBC Driver

A vulnerability has been fixed in the PostgreSQL JDBC Driver. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code. The developers of the PostgreSQL JDBC Driver have released updates released updates to fix the vulnerability. More information can be...

9.8CVSS7AI score0.0301EPSS
Exploits1
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•7 views

Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform

Vulnerabilities have been fixed in Red Hat JBOSS Enterprise Application Platform. The vulnerabilities allow a remote malicious person to remotely capable of causing a denial-of-service or execute arbitrary code. Red Hat has released updates to fix the vulnerabilities. More information can be foun...

7.5CVSS6.9AI score0.01701EPSS
Exploits0
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•6 views

Vulnerability fixed in Zoho ManageEngine Desktop Central

A vulnerability has been fixed in Zoho ManageEngine Desktop Central. The vulnerability allows a logged-in user to change passwords of other users, including users with elevated privileges. Zoho has released updates to fix the vulnerability. More information can be found on the page below:...

6.5CVSS6.6AI score0.0192EPSS
Exploits1
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco Small Business RV routers

Cisco has fixed vulnerabilities in Small Business RV routers. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...

10CVSS8.3AI score0.80031EPSS
Exploits10
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•4 views

Vulnerability fixed in Cisco Web Security Appliance

A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an authenticated malicious person with access to the management interface is able to obtain sensitive data, such as passwords, by viewing the HTML code returned by the interface. Cisco has released updates to...

6.5CVSS6.2AI score0.00875EPSS
Exploits0
NCSC
NCSC
•added 2022/02/03 12:0 a.m.•6 views

Vulnerability fixed in Arista EOS

A vulnerability has been fixed in Arista EOS. Arista EOS is a Linux-based operating system installed on network equipment from Arista. With eAPI it is possible to remotely manage and configure Arista's network equipment. When authentication is based on certificates, it is possible that eAPI...

9.8CVSS7AI score0.00735EPSS
Exploits0
NCSC
NCSC
•added 2022/02/02 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has made little technical...

9.6CVSS7.4AI score0.00953EPSS
Exploits2
NCSC
NCSC
•added 2022/02/02 12:0 a.m.•8 views

Vulnerability fixed in Fortinet FortiMail

A vulnerability has been fixed in FortiMail. The vulnerability allows an unauthenticated remote malicious party to launch a Cross-Site Scripting attack by sending specially prepared HTTP GET requests to the FortiGuard URI protection service. Fortinet has released updates to fix the vulnerability...

6.1CVSS6.6AI score0.12936EPSS
Exploits5
NCSC
NCSC
•added 2022/02/02 12:0 a.m.•26 views

Vulnerabilities fixed in Fortinet FortiWeb

Vulnerabilities have been fixed in Fortinet FortiWeb. The vulnerabilities marked CVE-2021-36193, CVE-2021-41018 and CVE-2021-43073 allow an authenticated remote malicious person able to execute arbitrary code or commands. The vulnerability with attribute CVE-2021-42753 enables an authenticated...

9CVSS7.5AI score0.03323EPSS
Exploits0
NCSC
NCSC
•added 2022/02/01 12:0 a.m.•5 views

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. A malicious party can inject recursive functions into the application to cause a Denial-of-Service DoS attack. The developers have made an update available for XStream versions lower than 1.4.19 to fix the vulnerability. More information can be found on...

7.5CVSS6.7AI score0.07934EPSS
Exploits1
NCSC
NCSC
•added 2022/02/01 12:0 a.m.•5 views

Vulnerability fixed in Tenable Nessus

A vulnerability has been fixed in Tenable Nessus. Nessus makes uses Underscore.js, a JavaScript library. Developers of Underscore have fixed the vulnerability with reference CVE-2021-23358 fixed. This vulnerability allows an authenticated remote malicious person to execute arbitrary code by...

7.2CVSS7.2AI score0.04087EPSS
Exploits2
NCSC
NCSC
•added 2022/02/01 12:0 a.m.•9 views

Vulnerabilities fixed in IBM Cognos Controller

IBM has fixed vulnerabilities in Cognos Controller. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Use...

9.8CVSS9AI score0.06257EPSS
Exploits0
NCSC
NCSC
•added 2022/02/01 12:0 a.m.•5 views

Vulnerabilities fixed in IBM Spectrum Protect Plus

IBM has fixed vulnerabilities in Spectrum Protect Plus. The vulnerabilities, which include those in the Node.js and PostgreSQL components of the product, allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data...

8.2CVSS7.3AI score0.21514EPSS
Exploits5
NCSC
NCSC
•added 2022/01/31 12:0 a.m.•6 views

Vulnerabilities fixed in Samba

Vulnerabilities have been fixed in Samba. The vulnerabilities allow a malicious person to perform attacks leading to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Spoofing Access to system data The vulnerability with attribute...

9CVSS7.8AI score0.7372EPSS
Exploits1
NCSC
NCSC
•added 2022/01/31 12:0 a.m.•5 views

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.9. For more information, see:...

7.8CVSS9.4AI score0.00353EPSS
Exploits2
NCSC
NCSC
•added 2022/01/31 12:0 a.m.•5 views

Vulnerability fixed in ABB OPC Server

A vulnerability has been fixed in ABB OPC Server for AC 800M. The vulnerability enables an authenticated remote malicious person to able to execute arbitrary code. ABB has released updates to fix the vulnerability. To exploit this vulnerability requires access to the network of the victim's netwo...

8.8CVSS7.2AI score0.00831EPSS
Exploits0
NCSC
NCSC
•added 2022/01/28 12:0 a.m.•6 views

Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor

Vulnerabilities have been fixed in the PDF Reader and PDF Editor from Foxit. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data This...

9.8CVSS7.8AI score0.39318EPSS
Exploits2
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•2 views

Vulnerability fixed in QEMU

A vulnerability has been fixed in QEMU. The vulnerability allows a local malicious person to obtain elevated privileges. The developers of QEMU have released updates to fix the vulnerability. More information can be found at the page below:...

7.8CVSS6.2AI score0.00332EPSS
Exploits0
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•3 views

Vulnerabilities fixed in Apple iOS and iPad OS

Vulnerabilities have been fixed in the operating systems iOS and iPadOS. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

10CVSS7AI score0.11638EPSS
Exploits0
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•2 views

Vulnerabilities fixed in Apple Safari

Vulnerabilities have been fixed in Apple Safari. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute arbitrary code or gain access to sensitive information. Apple has made updates available to fix the vulnerabilities fixes in Safari. For more information, se...

8.8CVSS7.5AI score0.01973EPSS
Exploits0
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•5 views

Vulnerability fixed in Apache Tomcat

A vulnerability has been fixed in Apache Tomcat. The vulnerability potentially allows a local malicious party to obtain the same rights obtain the same rights as the user used by the Tomcat process. used. To exploit this vulnerability, Tomcat must be configured to keep sessions active through the...

7CVSS6.6AI score0.00692EPSS
Exploits16
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•5 views

Vulnerabilities fixed in Apple macOS

Vulnerabilities have been fixed in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

10CVSS7.1AI score0.11638EPSS
Exploits0
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•5 views

Vulnerability found in i915 kernel driver

A researcher has found a vulnerability in the Linux i915 kernel driver. The memory cache of the i915 kernel graphics driver is not properly cleaned up. An attacker exploiting this vulnerability could cause a local denial-of-service DoS cause or gain access to system data or elevated user...

7.8CVSS7.4AI score0.00379EPSS
Exploits0
NCSC
NCSC
•added 2022/01/26 12:0 a.m.•7 views

Vulnerability fixed in Micro Focus Operations Agent

A vulnerability has been fixed in Micro Focus Operational Agent. The vulnerability allows a local malicious agent to access gain access to system data. Micro Focus indicates that mitigating measures are available that eliminate the vulnerability. For more information see:...

3.3CVSS6.4AI score0.00213EPSS
Exploits0
NCSC
NCSC
•added 2022/01/26 12:0 a.m.•5 views

Vulnerabilities fixed in Dell BIOS

Two vulnerabilities have been fixed in Dell products. The vulnerabilities allow a locally authenticated malicious person potentially be able to execute arbitrary code through a System Management Interupt SMI in the System Management RAM SMRAM of the device. This portion of memory is normally only...

7.5CVSS7.8AI score0.00251EPSS
Exploits0
NCSC
NCSC
•added 2022/01/26 12:0 a.m.•9 views

Vulnerability fixed in Polkit

Qualys researchers have found a vulnerability in the pkexec function of polkit. Polkit is a standard component of a large number of Linux distributions and was previously known as Policykit. Polkit controls communication between applications that elevated privileges and applications that do not...

7.8CVSS6.9AI score0.94921EPSS
Exploits152
NCSC
NCSC
•added 2022/01/26 12:0 a.m.•6 views

Vulnerabilities fixed in Autodesk Inventor

Vulnerabilities have been fixed in Autodesk Inventor. The vulnerabilities potentially allow a malicious party to execute code execute code under the application's permissions. The malicious party must entice a victim to open a rogue file to do so. open. Autodesk has released updates to address th...

7.8CVSS7.4AI score0.02885EPSS
Exploits0
NCSC
NCSC
•added 2022/01/25 12:0 a.m.•4 views

Vulnerability found in Xerox printers

A researcher has found a vulnerability in VersaLink printers from Xerox. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. In order to exploit the vulnerability, the attacker must obtain a TIFF document with incomplete image directory...

6.7AI score
Exploits0
NCSC
NCSC
•added 2022/01/25 12:0 a.m.•7 views

Vulnerabilities fixed in Trend Micro Deep Security

Two vulnerabilities have been fixed in Trend Micro Deep Security Agent for Linux. The vulnerability with attribute CVE-2022-23119 can be exploited if access is gained to the Deep Security Manager or on devices on which the agent is not yet not yet activated or configured. The vulnerability with...

7.8CVSS7.6AI score0.2225EPSS
Exploits2
NCSC
NCSC
•added 2022/01/25 12:0 a.m.•2 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in Xen. The vulnerabilities allow a malicious person to perform attacks that could potentially lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges Xen has released updates to address the vulnerabilities...

7.8CVSS6.8AI score0.00352EPSS
Exploits0
NCSC
NCSC
•added 2022/01/24 12:0 a.m.•5 views

Vulnerability fixed in McAfee Data Loss Prevention

A vulnerability has been fixed in McAfee Data Loss Prevention DLP. The vulnerability potentially allows a malicious party to execute code on the ePolicy Orchestrator-sever ePO. The malicious party must have access to the DLP database on the ePO server. Through a blind-SQL injection, it is possibl...

8.4CVSS7.7AI score0.02254EPSS
Exploits0
NCSC
NCSC
•added 2022/01/24 12:0 a.m.•8 views

Vulnerability fixed in IBM FileNet Content Manager

A vulnerability has been fixed in IBM FileNet Content Manager. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6509840...

9CVSS6.7AI score0.01761EPSS
Exploits0
NCSC
NCSC
•added 2022/01/24 12:0 a.m.•5 views

Vulnerabilities fixed in Zabbix

Vulnerabilities have been fixed in Zabbix. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User rights...

9.8CVSS7AI score0.95683EPSS
Exploits10
NCSC
NCSC
•added 2022/01/24 12:0 a.m.•7 views

Vulnerabilities fixed in Lexmark printers

Vulnerabilities have been fixed in Lexmark devices. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Remote code execution User Right...

10CVSS7.7AI score0.07702EPSS
Exploits0
NCSC
NCSC
•added 2022/01/21 12:0 a.m.•5 views

Vulnerabilities fixed in node.js

Vulnerabilities have been fixed in node.js 12, 14 and 16. Due to a flaw in certificate handling, a remote malicious party could remotely could potentially manipulate traffic to an application running on node.js manipulate traffic to gain access to sensitive data. -= Fedora =- Fedora has made...

8.2CVSS7.4AI score0.21514EPSS
Exploits2
NCSC
NCSC
•added 2022/01/21 12:0 a.m.•59 views

Vulnerabilities fixed in F5 products

F5 has fixed multiple vulnerabilities in several F5 products, including BIG-IP and BIG-IQ. Most of the updates are relate to the Traffic Management Microkernel TMM, a component of virtually all BIG-IP modules. The vulnerability with reference CVE-2022-23008 concerns the NGINX Controller API...

9CVSS7.4AI score0.01112EPSS
Exploits0
NCSC
NCSC
•added 2022/01/21 12:0 a.m.•3 views

Vulnerabilities fixed in Drupal core

Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...

6.5CVSS6.9AI score0.42229EPSS
Exploits4
NCSC
NCSC
•added 2022/01/21 12:0 a.m.•5 views

Fixed vulnerability in AIDE (Advanced Indtrusion Detection Environment)

A vulnerability has been fixed in AIDE Advanced Intrusion Detection Environment. Due to a flaw in the way base64 data is is processed, a local malicious agent can cause a denial-of-service cause, or potentially execute arbitrary code under the rights of the application. -= SUSE =- SUSE has made...

7.8CVSS7.4AI score0.00493EPSS
Exploits1
Total number of security vulnerabilities4207