Lucene search
K

4207 matches found

NCSC
NCSC
•added 2022/01/03 12:0 a.m.•4 views

Availability issue fixed in Microsoft Exchange

Due to a bug in the on-premises Microsoft Exchange Server 2016 and 2019, email may not have been sent out anymore. At this time, there is no reason to believe that incoming email has not been accepted. The accepted emails just could not be delivered. The problem could have occurred because of the...

6.5AI score
Exploits0
NCSC
NCSC
•added 2021/12/29 12:0 a.m.•10 views

Vulnerability fixed in Apache Log4j

A vulnerability has been fixed in Apache Log4j. The vulnerability with reference CVE-2021-44832 allows a malicious person to execute execute arbitrary code. To exploit the vulnerability an attacker must have the ability to modify a configuration file modify a configuration file that the vulnerabl...

10CVSS9.4AI score0.99999EPSS
Exploits356
NCSC
NCSC
•added 2021/12/29 12:0 a.m.•4 views

Vulnerability fixed in Moxa MGate systems

Moxa has fixed a vulnerability in the MGate 5109 and MGate 5101-PBM-MN protocol gateway systems. An unauthenticated malicious party could exploit the vulnerability to cause a denial-of-service attack. Abuse is possible by continuously sending specially prepared network traffic, causing the gatewa...

6.7AI score
Exploits0
NCSC
NCSC
•added 2021/12/27 12:0 a.m.•6 views

Vulnerabilities fixed in NetBSD

Vulnerabilities have been fixed in NetBSD's IP stack. Because the randomizer for IP packet ID is not turned on by default, and the randomizer is not random enough when it is enabled, a malicious party can analyze the IP traffic and possibly gain access to sensitive data via a man-in-the-middle...

7.5CVSS6.9AI score0.00964EPSS
Exploits0
NCSC
NCSC
•added 2021/12/24 12:0 a.m.•40 views

Vulnerability found in Moxa MGate

A vulnerability has been found in Moxa MGate. The vulnerability allows an unauthenticated remote malicious person to obtain obtain sensitive data. The vulnerable Moxa MGate series have vulnerable firmware that makes it possible for an attacker to intercept the traffic and then decrypt the login...

9CVSS6.6AI score0.01666EPSS
Exploits0
NCSC
NCSC
•added 2021/12/23 12:0 a.m.•2 views

Vulnerabilities fixed in PostgreSQL

Vulnerabilities have been fixed in PostgreSQL. An authenticated malicious person could exploit the vulnerabilities to cause a denial-of-service. In addition, an unauthenticated malicious person with a man-in-the-middle position can exploit the vulnerabilities potentially exploit the vulnerabiliti...

8.1CVSS7.8AI score0.01901EPSS
Exploits0
NCSC
NCSC
•added 2021/12/22 12:0 a.m.•7 views

Vulnerability fixed in SonicWall SMA100 series

A vulnerability has been fixed in SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to access some management APIs in order to view meta-data of configurations. SonicWall has released updates to fix the vulnerability. fix. More information can be...

7.5CVSS6.7AI score0.00904EPSS
Exploits0
NCSC
NCSC
•added 2021/12/22 12:0 a.m.•4 views

Vulnerabilities fixed in Emerson DeltaV

Emerson has fixed vulnerabilities in DeltaV products. A unauthenticated malicious person with network access can exploit the exploit the vulnerabilities to cause a denial-of-service. In addition, a local malicious party can exploit the exploit the vulnerabilities to execute with elevated privileg...

8.1CVSS7.1AI score0.00263EPSS
Exploits0
NCSC
NCSC
•added 2021/12/21 12:0 a.m.•5 views

Vulnerabilities fixed in SolarWinds Orion

SolarWinds has fixed vulnerabilities in Orion. The vulnerabilities marked CVE-2021-35234 and CVE-2021-35248 allow an authenticated malicious person to gain access to user data, including hashed passwords and information about salts used. In addition, a malicious person with alert management...

8.8CVSS7.5AI score0.05769EPSS
Exploits0
NCSC
NCSC
•added 2021/12/20 12:0 a.m.•5 views

Vulnerabilities fixed in VMware products

VMware has fixed vulnerabilities in the following products: VMware Cloud Foundation VMware Identity Manager vIDM VMware Workspace ONE Access Access VMware vRealize Automation vRA VMware vRealize Suite Lifecycle Manager A remote malicious party could potentially exploit them to bypass two-factor...

8.8CVSS6.9AI score0.01558EPSS
Exploits0
NCSC
NCSC
•added 2021/12/20 12:0 a.m.•38 views

Vulnerability fixed in Apache Solr for Windows

Apache has fixed vulnerabilities in Solr for Windows. The vulnerability allows a malicious party to access sensitive data, impersonate another user or potentially execute arbitrary code. Apache has released updates to fix the vulnerability in Solr 8.11.1. For more information, see:...

9.8CVSS7.4AI score0.05087EPSS
Exploits0
NCSC
NCSC
•added 2021/12/20 12:0 a.m.•5 views

Vulnerabilities fixed in Apache httpd

Apache has fixed two vulnerabilities in HTTP Server. The vulnerability with attribute CVE-2021-44224 is present when HTTP Server is configured as a forward proxy. The vulnerability allows a remote malicious person to cause a denial-of-service cause or potentially perform a cross-site request...

9.8CVSS8AI score0.97108EPSS
Exploits4
NCSC
NCSC
•added 2021/12/17 12:0 a.m.•8 views

Vulnerability fixed in VMware Workspace ONE UEM

VMware has fixed a vulnerability in Workspace ONE UEM. A unauthenticated malicious person could exploit this vulnerability to perform a same-site request forgery SSRF attack and thereby gain access to sensitive data. For successful exploitation requires network access to the Workspace ONE UEM...

7.5CVSS6.8AI score0.97713EPSS
Exploits1
NCSC
NCSC
•added 2021/12/17 12:0 a.m.•5 views

Vulnerabilities fixed in Dell EMC iDRAC

Dell EMC has fixed vulnerabilities in iDRAC8 and iDRAC9.The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Access to system...

9CVSS7.8AI score0.50445EPSS
Exploits0
NCSC
NCSC
•added 2021/12/16 12:0 a.m.•2 views

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. The vulnerabilities potentially allow a malicious party to view non-public wiki content or modify the content of a wiki. MediaWiki has released updates to address the vulnerabilities. fix. More information can be found on the page below:...

7.5CVSS6.7AI score0.0135EPSS
Exploits0
NCSC
NCSC
•added 2021/12/16 12:0 a.m.•8 views

Vulnerability fixed in DBeaver

A vulnerability has been fixed in DBeaver. The vulnerability allows a local malicious agent to obtain sensitive data. This is possible because the loading of external XML entities is not properly is not properly captured. For this vulnerability Proof-of-Concept code is available. DBeaver's...

9.8CVSS6.5AI score0.00902EPSS
Exploits1
NCSC
NCSC
•added 2021/12/16 12:0 a.m.•8 views

Vulnerabilities fixed in JBoss Enterprise Application Platform

Red Hat has fixed vulnerabilities in JBoss Enterprise Application Platform. A remote malicious person could vulnerabilities potentially exploit them to cause a denial-of-service or to gain access to sensitive data. Red Hat has released updates to fix the vulnerabilities in JBoss Enterprise...

7.8CVSS7.2AI score0.1121EPSS
Exploits0
NCSC
NCSC
•added 2021/12/15 12:0 a.m.•17 views

Vulnerabilities fixed in Red Hat OpenShift Logging

Red Hat has fixed vulnerabilities in OpenShift Logging. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...

10CVSS7.3AI score0.99999EPSS
Exploits391
NCSC
NCSC
•added 2021/12/15 12:0 a.m.•2 views

Vulnerabilities fixed in Apple Safari

Apple has fixed vulnerabilities in Safari. A malicious person at remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code under application privileges. Apple has few substantive details about the vulnerabilities publicly made available. Apple has...

9.3CVSS7.5AI score0.07617EPSS
Exploits1
NCSC
NCSC
•added 2021/12/15 12:0 a.m.•3 views

Vulnerabilities fixed in X.Org X Server

Vulnerabilities have been fixed in X.Org X Server. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code or obtain elevated privileges. When using X Forwarding over SSH, the vulnerabilities may also be remotely exploitable. -=...

7.8CVSS7.8AI score0.00571EPSS
Exploits0
NCSC
NCSC
•added 2021/12/15 12:0 a.m.•56 views

Vulnerabilities fixed in Schneider Electric products

Schneider Electric has fixed vulnerabilities in its PowerLogic and Modicon products. The vulnerabilities allow an unauthenticated malicious person to cause a denial-of-service or gain access to sensitive data. To do so, rogue network traffic must be sent to the vulnerable device be sent. Schneide...

9.8CVSS6.9AI score0.32974EPSS
Exploits0
NCSC
NCSC
•added 2021/12/15 12:0 a.m.•11 views

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in several of its products. The vulnerabilities potentially enable a malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Increased user privileges Adobe...

9.3CVSS7.4AI score0.02328EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•39 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...

9.8CVSS7.4AI score0.11963EPSS
Exploits5
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•5 views

Vulnerability fixed in WIBU Codemeter Runtime

WIBU Systems has fixed a vulnerability in WIBU Codemeter Runtime. A local, authenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause, or manipulate data. The vulnerability can be exploited by creating a symbolic link using...

7.1CVSS6.7AI score0.00289EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•5 views

Vulnerability fixed in SIMATIC eaSie PCS7

Siemens has fixed a vulnerability in SIMATIC eaSie PCS7. A authenticated malicious party can exploit the vulnerability to access arbitrary files via path-traversal on the vulnerable system. The download function in which the vulnerability is not activated by default. Siemens has released updates ...

6.5CVSS7AI score0.0091EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•9 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer tools. A local malicious person could exploit the vulnerabilities to execute arbitrary code, or to impersonate a user other than himself. The tables below list the vulnerabilities that have been fixed by Microsoft. Visual Studio Code:...

10CVSS6.7AI score0.11731EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Edge (Chromium)

Microsoft has fixed vulnerabilities in Edge Chromium-based. An unauthenticated malicious person can remotely exploit the vulnerabilities to remote exploit to execute arbitrary code in the scope of the browser. To do this, the malicious party must entice the victim to open a rogue Web page...

8.8CVSS7.5AI score0.02073EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities potentially allow a malicious person to execute arbitrary code execute under the user's privileges. Google has made few substantive details available about these vulnerabilities. Google has indicated that for the vulnerability...

8.8CVSS7.3AI score0.07836EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Remote code execution Administrator/Root rights...

9.3CVSS7.2AI score0.18024EPSS
Exploits7
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code...

9.3CVSS7.3AI score0.18024EPSS
Exploits7
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•71 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...

9.9CVSS7.5AI score0.82136EPSS
Exploits13
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•6 views

Vulnerabilities fixed in IBM MQ for HPE NonStop Server

Vulnerabilities have been fixed in IBM MQ used in the HPE NonStop Server. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges IBM has released updates to f...

7.8CVSS7.4AI score0.50445EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•25 views

Vulnerabilities fixed in Cisco Small Business 220 Series Switches

Cisco has fixed vulnerabilities in Small Business 220 Series Switches. An unauthenticated malicious person on the local network of the switch could potentially exploit the vulnerabilities to execute arbitrary code or cause a denial-of-service DoS. Only switches on which Link Layer Discovery...

8.8CVSS7.4AI score0.00504EPSS
Exploits0
NCSC
NCSC
•added 2021/12/14 12:0 a.m.•37 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Remote code execution User rights Spoofing Access to sensitive data Increased user privileges The tables...

9.6CVSS7.2AI score0.05098EPSS
Exploits0
NCSC
NCSC
•added 2021/12/13 12:0 a.m.•5 views

Vulnerabilities fixed in IBM i2 Analysts Notebook

IBM has fixed vulnerabilities in i2 Analysts' Notebook. A local malicious party could potentially exploit the vulnerabilities to obtain elevated privileges within the application. IBM has released updates to fix the vulnerabilities in i2 Analysts' Notebook 9.3.1. For more information, see:...

7.8CVSS6.9AI score0.00299EPSS
Exploits0
NCSC
NCSC
•added 2021/12/13 12:0 a.m.•11 views

Vulnerabilities fixed in GitLab Runner

Vulnerabilities have been fixed in GitLab Runner. A authenticated malicious party could potentially exploit them to cause a denial-of-service or to gain access to system data. GitLab developers have released updates to address the vulnerabilities in GitLab Runner 14.3.4, 14.4.2 and 14.5.2. For mo...

7.5CVSS9.2AI score0.01857EPSS
Exploits0
NCSC
NCSC
•added 2021/12/13 12:0 a.m.•4 views

Vulnerability fixed in Cisco Web Security Appliance

A vulnerability has been fixed in Cisco Web Security Appliance. The vulnerability allows an unauthenticated remote malicious person to remotely capable of causing a denial-of-service. The Cisco Web Security Appliance can crash due to a large number of HTTP requests, manual actions may be necessar...

8.6CVSS6.6AI score0.01386EPSS
Exploits0
NCSC
NCSC
•added 2021/12/13 12:0 a.m.•10 views

Vulnerabilities fixed in Grafana

Grafana Labs has fixed two vulnerabilities in Grafana. The vulnerabilities allow an authenticated malicious person to to gain access to sensitive data. This data is limited to arbitrary .md and .csv files. Obtaining unauthorized access to csv files requires it is necessary that the resource...

7.5CVSS8.5AI score0.88849EPSS
Exploits44
NCSC
NCSC
•added 2021/12/13 12:0 a.m.•44 views

Multiple vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed vulnerabilities in Spectrum Protect and software bundled with Spectrum Protect. The bundled software covers previously fixed vulnerabilities in underlying products and libraries such as Golang, DB2, Node.js, PostgreSQL, OpenSSH, OpenSSH and others. Previous security advisories...

9.8CVSS7.2AI score0.98124EPSS
Exploits81
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•24 views

Vulnerabilities fixed in Atlassian Jira Server

Atlassian has fixed two vulnerabilities in Jira Server. A authenticated malicious person could exploit the vulnerabilities to give themselves elevated privileges, gain access to sensitive data and manipulate that data. The vulnerability is in access control, which allows accounts that have been...

7.5CVSS7.1AI score0.00836EPSS
Exploits0
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•6 views

Vulnerability fixed in Dell Powerpath Management Appliance

Dell has fixed a vulnerability in the Powerpath Management Appliance. A locally authenticated malicious person could exploit the vulnerability to give himself admin rights and thereby executing arbitrary code on the vulnerable system. By using a default, hardcoded, password, the malicious party c...

8.2CVSS7.2AI score0.00239EPSS
Exploits0
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•10 views

Vulnerability fixed in Apache Log4j2

A serious vulnerability has been fixed in Apache Log4j, a java log tool used by many Web applications and services. The vulnerability makes it possible for an unauthenticated remote malicious person to execute arbitrary code with the permissions of the Web server. Because Web servers generally ru...

10CVSS7.5AI score0.99999EPSS
Exploits354
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•46 views

Vulnerabilities fixed in Autodesk products

Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities potentially allow a malicious person to execute code under the application's permissions. To exploit requires a malicious party to trick a user into opening a rogue file open. The vulnerabilities are in two modules...

7.8CVSS7.2AI score0.0154EPSS
Exploits0
NCSC
NCSC
•added 2021/12/10 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in software bundled at Spectrum Control. These include previously fixed vulnerabilities in underlying products and libraries such as node.js, OpenSSL and Websphere Liberty. Previous security advisories have been published. A malicious party can exploit the...

9.8CVSS7.5AI score0.50445EPSS
Exploits2
NCSC
NCSC
•added 2021/12/09 12:0 a.m.•6 views

Vulnerabilities fixed in Bentley View and Microstation

Bentley Systems has fixed several vulnerabilities in Bentley View and Microstation. A malicious party could potentially exploit them to cause a denial-of-service, or to execute arbitrary code with the victim's privileges. The malicious party does not need prior authentication, but must entice the...

7.8CVSS7.5AI score0.0205EPSS
Exploits0
NCSC
NCSC
•added 2021/12/09 12:0 a.m.•99 views

Vulnerabilities fixed in Fortinet FortiWeb

Several vulnerabilities have been fixed in Fortinet FortiWeb. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User...

9.8CVSS6.9AI score0.01894EPSS
Exploits0
NCSC
NCSC
•added 2021/12/09 12:0 a.m.•2 views

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. An unauthenticated remote malicious agent could cause a Denial-of-Service exploit. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6524674...

7.5CVSS6.8AI score0.01521EPSS
Exploits0
NCSC
NCSC
•added 2021/12/09 12:0 a.m.•3 views

Vulnerabilities fixed in IBM DB2

Vulnerabilities have been fixed in IBM DB2. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Increased user privileges IBM has released updates to fix the...

7.5CVSS6.4AI score0.01505EPSS
Exploits0
NCSC
NCSC
•added 2021/12/09 12:0 a.m.•37 views

Vulnerabilities fixed in Fortinet FortiClient EMS and FortiClient Windows

Several vulnerabilities have been fixed in Fortinet products. These include Fortinet FortiClient EMS and FortiClient Windows. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of...

9.1CVSS7.5AI score0.00955EPSS
Exploits0
NCSC
NCSC
•added 2021/12/09 12:0 a.m.•5 views

Vulnerability fixed in SonicWall Global VPN Client

A vulnerability has been fixed in SonicWall Global VPN Client. The vulnerability is in the handling of specific DLL files. A local malicious party can exploit the vulnerability to execute arbitrary code. SonicWall has released updates to fix the vulnerability fix in Global VPN Client 4.10.7. More...

7.8CVSS6.5AI score0.00851EPSS
Exploits0
Total number of security vulnerabilities4207