Lucene search
K

4207 matches found

NCSC
NCSC
•added 2021/12/08 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. The vulnerabilities potentially allow a remote malicious person to able to execute arbitrary code with the privileges of the application. Google has made few technical details about the vulnerabilities made publicly available. Google has released...

8.8CVSS7.8AI score0.02073EPSS
Exploits0
NCSC
NCSC
•added 2021/12/08 12:0 a.m.•9 views

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana. The vulnerability with the attribute CVE-2021-43798 concerns a path-traversal vulnerability that allows an unauthenticated remote malicious person to potentially be able to gain access to sensitive data. On Twitter and elsewhere and others, exploits are...

7.5CVSS9.3AI score0.88849EPSS
Exploits44
NCSC
NCSC
•added 2021/12/08 12:0 a.m.•4 views

Vulnerability fixed in Fortinet products

A vulnerability has been fixed in FortiSandbox, FortiWeb, FortiADC and FortiMail. A malicious party in possession of the password store could potentially gain access to encrypted data. Fortinet has released updates to address the vulnerability. fix. For more information, see:...

5.3CVSS6.9AI score0.00902EPSS
Exploits0
NCSC
NCSC
•added 2021/12/08 12:0 a.m.•6 views

Vulnerabilities fixed in SonicWall SMA100 series

Vulnerabilities have been fixed in SonicWall SMA100. The vulnerabilities with the attribute CVE-2021-20038 and CVE-2021-20045 have received a CVSSv3 score of 9.8 and 9.4 and allow an unauthenticated remote malicious person potentially able to execute code execute code on the system. The...

9.8CVSS7.8AI score0.99912EPSS
Exploits8
NCSC
NCSC
•added 2021/12/08 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...

8.8CVSS6.8AI score0.0202EPSS
Exploits0
NCSC
NCSC
•added 2021/12/08 12:0 a.m.•39 views

Vulnerabilities fixed in FortiOS

Vulnerabilities have been fixed in FortiOS and FortiGate. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution User Rights Acces...

9.8CVSS7.3AI score0.01823EPSS
Exploits0
NCSC
NCSC
•added 2021/12/08 12:0 a.m.•4 views

Vulnerability fixed in Huawei CloudEngine

Huawei has fixed a vulnerability in their CloudEngine series of switches. An unauthenticated malicious person on the same network can exploit the vulnerability to cause a denial-of-service cause. Huawei has released updates to fix the vulnerability in CloudEngine. For more information, see:...

7.5CVSS6.8AI score0.00655EPSS
Exploits0
NCSC
NCSC
•added 2021/12/07 12:0 a.m.•36 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab CE/EE. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges Gitlab has made updates available to address the...

8.8CVSS6.7AI score0.35649EPSS
Exploits0
NCSC
NCSC
•added 2021/12/07 12:0 a.m.•6 views

Vulnerability fixed in Dell Wyse Device Agent

A vulnerability has been fixed in Dell Wyse Device Agent version 14.5.4.1 and below. A local authenticated user with low privileges could potentially exploit this security vulnerability and gain access to sensitive information. Dell has released updates to fix the vulnerability in Wyse Device...

5.5CVSS6.4AI score0.00221EPSS
Exploits0
NCSC
NCSC
•added 2021/12/07 12:0 a.m.•5 views

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Increased user privileges The...

10CVSS8.2AI score0.09729EPSS
Exploits6
NCSC
NCSC
•added 2021/12/07 12:0 a.m.•8 views

Vulnerabilities fixed in IBM Cognos Analytics

IBM has fixed a large number of vulnerabilities in underlying software provided with Cognos Analytics. The vulnerabilities were previously fixed and released by the vendors in question previously fixed and released. IBM has in this update bundled the affected vulnerabilities for Cognos. A malicio...

9.8CVSS7.7AI score0.99019EPSS
Exploits27
NCSC
NCSC
•added 2021/12/07 12:0 a.m.•5 views

Vulnerability fixed in Ngnix

F5 has fixed a vulnerability in NGINX. The vulnerability makes it possible to perform a denial-of-service attack by sending corrupt json data. The vulnerability is specifically in the JSON parser of the ModSecurity WAF module of NGINX Plus. F5 has made updates available to fix the vulnerability...

7.5CVSS6.9AI score0.03206EPSS
Exploits2
NCSC
NCSC
•added 2021/12/06 12:0 a.m.•3 views

Vulnerability fixed in Zoho ManageEngine Desktop Central

Zoho has fixed a vulnerability in ManageEngine Desktop Central. Desktop Central is a solution used by administrators to remotely manage devices within an organization. manage. The vulnerability makes it possible for a malicious person to bypass authentication and execute arbitrary code. It is goo...

10CVSS7.3AI score0.99867EPSS
Exploits2
NCSC
NCSC
•added 2021/12/03 12:0 a.m.•3 views

Vulnerability fixed in GNU Mailman

The developers of GNU Mailman have fixed a vulnerability in GNU Mailman. The vulnerability could be exploited by a malicious person abused to perform a Cross-Site Request Forgery XSRF on the administrator page. The developers have released updates to fix the vulnerability fix in GNU Mailman 2.1.3...

8.8CVSS6.6AI score0.0073EPSS
Exploits0
NCSC
NCSC
•added 2021/12/03 12:0 a.m.•3 views

Vulnerability fixed in Zoho ManageEngine ADSelfService Plus

Zoho ManageEngine has fixed a vulnerability in ADSelfService Plus. ADSelfService Plus is a self-service password management and single-sign-on solution. The vulnerability allows a malicious remote user the ability to execute arbitrary code. The FBI, CISA and CGCYBER, have issued a joint security...

9.8CVSS7AI score0.93514EPSS
Exploits6
NCSC
NCSC
•added 2021/12/03 12:0 a.m.•8 views

Vulnerabilities remedied in Dell PowerEdge VRTX and X-Series firmware

Dell has fixed vulnerabilities in VRTX switch module firmware. By exploiting these vulnerabilities, an unauthenticated malicious person remotely retrieve another user's login credentials retrieve another user's login credentials and thereby gain elevated privileges. It is also it is possible to...

9.8CVSS7.2AI score0.01248EPSS
Exploits0
NCSC
NCSC
•added 2021/12/02 12:0 a.m.•5 views

Vulnerability fixed in Cryptshare server

A vulnerability has been fixed in the Web App component of Cryptshare server. This vulnerability allows a malicious user of the system to, via an "HTML injection" attack to redirect the recipient of a "confidential" message to an arbitrary web page. The recipient must open such a message message...

5.4CVSS6.6AI score0.00665EPSS
Exploits1
NCSC
NCSC
•added 2021/12/01 12:0 a.m.•3 views

Vulnerabilities fixed in IBM Integration Bus

IBM has fixed vulnerabilities in Integration Bus. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights IBM has released updates to fix the...

9.8CVSS8.3AI score0.87816EPSS
Exploits3
NCSC
NCSC
•added 2021/12/01 12:0 a.m.•10 views

Vulnerabilities fixed in IBM QRadar

IBM has fixed vulnerabilities in QRadar. The vulnerabilities potentially enable a malicious person to conduct attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data Increased user privileges IBM has made updates available to...

8.8CVSS7.3AI score0.07024EPSS
Exploits2
NCSC
NCSC
•added 2021/11/30 12:0 a.m.•5 views

Vulnerability concealed in FortiClient

A vulnerability has been fixed in FortiClient and FortiClient EMS. An insecure search path could allow an attacker to launch a DLL-Hijack attack. Through the exploitation of this vulnerability, an attacker can obtain elevated privileges on the vulnerable system. Fortinet has released updates to f...

7.8CVSS6.6AI score0.00243EPSS
Exploits0
NCSC
NCSC
•added 2021/11/30 12:0 a.m.•19 views

Vulnerabilities fixed in IBM MQ

IBM has fixed several vulnerabilities in MQ. A malicious person could potentially exploit the vulnerabilities locally to cause a denial-of-service, gain access to sensitive data or execute arbitrary code under the user's privileges. IBM has released updates to fix the vulnerability. More...

8.2CVSS7.8AI score0.00646EPSS
Exploits0
NCSC
NCSC
•added 2021/11/29 12:0 a.m.•6 views

Vulnerabilities fixed in Dell EMC CloudLink

Vulnerabilities have been fixed in Dell EMC CloudLink. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution application rights...

9.8CVSS7.5AI score0.02076EPSS
Exploits0
NCSC
NCSC
•added 2021/11/29 12:0 a.m.•7 views

Vulnerability fixed in Trend Micro Antivirus for Mac

Trend Micro has released updated versions of the Trend Micro Antivirus for macOS. Abuse of this vulnerability may result in increased user privileges as a result. Trend Micro has released updates to address the vulnerabilities. fix. More information can be found on the page below:...

7.8CVSS6.6AI score0.00322EPSS
Exploits0
NCSC
NCSC
•added 2021/11/29 12:0 a.m.•7 views

Vulnerability fixed in Sophos SG UTM

A SQL injection vulnerability has been fixed in the user portal of Sophos SG UTM. An authenticated user could potentially execute arbitrary code. Sophos has released updates to fix the vulnerabilities. For more information, see: https://www.sophos.com/en-us/security-advisories...

8.8CVSS8.2AI score0.0145EPSS
Exploits0
NCSC
NCSC
•added 2021/11/26 12:0 a.m.•3 views

Vulnerabilities fixed in OpenBSD

Two vulnerabilities have been fixed in OpenBSD. The vulnerabilities apply to the kernel and libcrypto. The kernel vulnerability allows a local authorized user able to establish a denial of service on the system. This vulnerability is present in OpenBSD 6.9 and 7.0. The second vulnerability is in...

7.2AI score
Exploits0
NCSC
NCSC
•added 2021/11/25 12:0 a.m.•5 views

Vulnerabilities fixed in Zoom products

Two vulnerabilities have been fixed in various Zoom products, including the Zoom Client for Meetings. A malicious party could vulnerabilities potentially exploit them to carry out attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights...

9.8CVSS7.8AI score0.03207EPSS
Exploits2
NCSC
NCSC
•added 2021/11/25 12:0 a.m.•5 views

Vulnerability fixed in VxWorks

A vulnerability has been fixed in Wind River VxWorks 6.9 and 7. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by sending a specially prepared network packet to the IKE service. Wind River has released updates to fix the vulnerability fix in VxWorks. Fo...

6.5CVSS6.8AI score0.00848EPSS
Exploits0
NCSC
NCSC
•added 2021/11/24 12:0 a.m.•7 views

Vulnerabilities fixed in VMware vCenter

VMware has fixed vulnerabilities in vCenter server. A malicious party on the local network, with access to port 443 could exploit the vulnerabilities to gain access to sensitive data. VMware did not release further details. VMWare has released updates to fix the vulnerabilities in vCenter server...

9.8CVSS7AI score0.04601EPSS
Exploits2
NCSC
NCSC
•added 2021/11/24 12:0 a.m.•2 views

Vulnerabilities fixed in Roundcube Webmail

Roundcube has fixed vulnerabilities in Webmail and Webmail LTS. The vulnerabilities allow a malicious party to launch a cross-site scripting attack, or to perform an SQL injection execute and thus gain access to the data in the underlying database. Roundcube has released updates to address the...

9.8CVSS7.5AI score0.42751EPSS
Exploits1
NCSC
NCSC
•added 2021/11/24 12:0 a.m.•7 views

Vulnerabilities fixed in Xen

Xen has released updates to fix vulnerabilities in its hypervisor. Under specific circumstances, a virtualized system "guest" exploit the vulnerabilities to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased...

8.8CVSS6.6AI score0.0206EPSS
Exploits0
NCSC
NCSC
•added 2021/11/22 12:0 a.m.•4 views

Vulnerabilities fixed in Red Hat Virtualization

Vulnerabilities have been fixed in Red Hat Virtualization for Red Hat Enterprise Linux 8. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges The...

9.8CVSS6.6AI score0.5758EPSS
Exploits3
NCSC
NCSC
•added 2021/11/22 12:0 a.m.•6 views

Vulnerabilities fixed in Dell Wyse Management Suite

Dell has fixed two vulnerabilities in Wyse Management Suite. An unauthenticated malicious person could exploit them to execute arbitrary code on the vulnerable system. Also, through a man-in-the-middle attack to gain access to sensitive data. This update also includes previously fixed...

9.8CVSS8.9AI score0.87816EPSS
Exploits2
NCSC
NCSC
•added 2021/11/22 12:0 a.m.•23 views

Vulnerabilities fixed in Wind River Linux

Vulnerabilities have been fixed in Wind River Linux. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote co...

9.8CVSS7.2AI score0.58373EPSS
Exploits46
NCSC
NCSC
•added 2021/11/18 12:0 a.m.•5 views

Vulnerabilities fixed in Drupal

Drupal developers have fixed two vulnerabilities in Drupal core. The vulnerabilities are in CKEditor, a library used by Drupal to provide the WYSIWYG editor. An unauthenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attac...

8.2CVSS6.8AI score0.0147EPSS
Exploits0
NCSC
NCSC
•added 2021/11/18 12:0 a.m.•5 views

Vulnerabilities fixed in IBM Security SiteProtector System

IBM has fixed two vulnerabilities in SiteProtector. A malicious party can exploit the vulnerabilities to execute arbitrary execute arbitrary JavaScript code in the Web interface to potentially gain access to system data or sensitive data, such as credentials. To do this, the malicious party must...

5.4CVSS7.3AI score0.01075EPSS
Exploits0
NCSC
NCSC
•added 2021/11/18 12:0 a.m.•5 views

Fixed vulnerabilities in the BIOS belonging to Intel processors

Intel has fixed two vulnerabilities in the BIOS code of the Pentium, Celeron, Xeon and Core processors. A malicious person with physical access and the authentication to access the BIOS could potentially exploit the vulnerabilities to grant himself elevated privileges and thus potentially execute...

6.7CVSS8AI score0.03095EPSS
Exploits0
NCSC
NCSC
•added 2021/11/17 12:0 a.m.•4 views

Vulnerability fixed in Ubuntu

Canonical has fixed a vulnerability in Ubuntu. The vulnerability is located in AccountsService. A local malicious party can, by exploiting this vulnerability, gain gain elevated privileges on the vulnerable system. Canonical has made updates available for Ubuntu 20.04 LTS, 21.04 and 21.10 to fix...

7.8CVSS6.6AI score0.00347EPSS
Exploits0
NCSC
NCSC
•added 2021/11/17 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Google has mad...

9.6CVSS7.6AI score0.01362EPSS
Exploits2
NCSC
NCSC
•added 2021/11/16 12:0 a.m.•21 views

Vulnerability fixed in Fortinet Fortimanager

Fortinet has fixed a vulnerability in Fortimanager. A authenticated malicious party could potentially abuse it to manipulate VPN tunnels without having the necessary permissions to do so. Fortinet has released updates to fix the vulnerability in Fortimanager 6.4.6 & 7.0.0. For more information,...

6.3CVSS6.8AI score0.00496EPSS
Exploits0
NCSC
NCSC
•added 2021/11/16 12:0 a.m.•6 views

Vulnerabilities found in Veritas Enterprise Vault

Vulnerabilities have been found in Veritas Enterprise Vault. A malicious party could potentially exploit the vulnerabilities to run execute arbitrary code on an Enterprise Vault server. To do this, the malicious party must send malicious network traffic to the vulnerable server. To successfully...

7.5AI score
Exploits0
NCSC
NCSC
•added 2021/11/16 12:0 a.m.•6 views

Vulnerabilities fixed in IBM MQ

IBM has fixed vulnerabilities in MQ. The vulnerabilities allow a malicious person potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data The vulnerability with attribute CVE-2021-28165 ha...

7.8CVSS7.6AI score0.53861EPSS
Exploits2
NCSC
NCSC
•added 2021/11/16 12:0 a.m.•3 views

Vulnerability Fixed in Intel Processors

Intel has fixed a vulnerability in processors from the Pentium, Celeron and Atom families. A malicious person with physical access to the system could exploit the vulnerability to gain access under elevated privileges to gain access to potentially sensitive data and to execute arbitrary code. The...

6.8CVSS7.6AI score0.00407EPSS
Exploits0
NCSC
NCSC
•added 2021/11/15 12:0 a.m.•3 views

Vulnerabilities fixed in GNU Mailman

The developers of GNU Mailman have fixed two vulnerabilities fixed in GNU Mailman. The vulnerabilities could be exploited by a malicious person to gain access to the administrator password, or to use a cross-site scripting attack to execute code in the scope of the affected browser. To gain acces...

6.5CVSS6.7AI score0.01284EPSS
Exploits0
NCSC
NCSC
•added 2021/11/15 12:0 a.m.•5 views

Vulnerabilities fixed in Zoom

Zoom has fixed several vulnerabilities in the Zoom client and connector. A malicious party could potentially exploit them to cause a denial-of-service, to execute arbitrary code with user privileges, or to gain access to sensitive data. The most serious vulnerability is in the windows client, in...

9CVSS7.7AI score0.01338EPSS
Exploits0
NCSC
NCSC
•added 2021/11/12 12:0 a.m.•35 views

Vulnerabilities fixed in Siemens Mendix

Siemens fixed vulnerabilities in Mendix. Successful misuse of these vulnerabilities could allow a malicious person to manipulate the manipulate the contents of specific objects. Siemens has released updates to fix the vulnerabilities. More information can be found on the pages below:...

6.8CVSS6.6AI score0.00565EPSS
Exploits0
NCSC
NCSC
•added 2021/11/11 12:0 a.m.•6 views

Vulnerabilities fixed in Palo Alto PAN-OS and GlobalProtect

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges...

10CVSS8AI score0.33875EPSS
Exploits2
NCSC
NCSC
•added 2021/11/11 12:0 a.m.•22 views

Vulnerabilities fixed in Kibana

Vulnerabilities have been fixed in Kibana. The vulnerabilities allow a malicious person the opportunity to gain access to system data. Updates have been released to fix the vulnerabilities in Kibana 7.15.2 For more information, see: https://discuss.elastic.co/t/kibana-7-15-2-security-update/28892...

4.3CVSS7.2AI score0.00697EPSS
Exploits0
NCSC
NCSC
•added 2021/11/11 12:0 a.m.•22 views

Vulnerability fixed in VMware vCenter and Cloud Foundation

VMware has fixed a vulnerability in vCenter Server and Cloud Foundation. An authenticated malicious party could, by exploiting this vulnerability obtain elevated privileges on the vulnerable system. The vulnerability is located in the Integrated Windows Authentication IWA authentication mechanism...

8.8CVSS7AI score0.09976EPSS
Exploits0
NCSC
NCSC
•added 2021/11/10 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe products

Vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Adobe has released updates to fix the...

9.3CVSS7.5AI score0.39401EPSS
Exploits0
NCSC
NCSC
•added 2021/11/10 12:0 a.m.•2 views

Vulnerabilities fixed in Samba

Vulnerabilities have been fixed in Samba. A malicious party could vulnerabilities potentially exploit them to cause a limited denial-of-service or to obtain elevated permissions. The latter could result in the malicious party gaining administrator privileges within a domain to obtain administrato...

9CVSS7AI score0.01984EPSS
Exploits0
Total number of security vulnerabilities4207