Lucene search
K

4199 matches found

NCSC
NCSC
•added 2021/07/21 12:0 a.m.•16 views

Vulnerabilities fixed in Oracle Supply Chain Products Suite

Oracle has fixed vulnerabilities in the following products within the Supply Chain Products Suite: Transportation Management Agile Engineering Data Management Agile PLM Framework An unauthenticated malicious person could potentially exploit them to cause a denial-of-service. In addition the...

7.8CVSS8.3AI score0.87553EPSS
Exploits1
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•17 views

Vulnerabilities fixed in Oracle Fusion Middleware products

Oracle has fixed vulnerabilities in several products in the Oracle Fusion product group. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Remot...

10CVSS7.5AI score0.97116EPSS
Exploits68
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Peoplesoft products

Oracle has fixed vulnerabilities in PeopleSoft Enterprise HCM Candidate Gateway, PeopleSoft Enterprise PT PeopleTools, PeopleSoft Enterprise CS Campus Community and PeopleSoft Enterprise HCM Shared Components. The vulnerabilities potentially enable a malicious party to able to perform attacks tha...

9.8CVSS7.5AI score0.32362EPSS
Exploits6
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•2 views

Vulnerability fixed in Linux kernel

A vulnerability has been fixed in the Linux kernel. The Qualys researchers have dubbed this vulnerability "Sequoia." A local malicious party can, by exploiting this vulnerability cause a local denial-of-service or they can acquire root privileges on the vulnerable system. For Qualys' research...

7.8CVSS7.4AI score0.09729EPSS
Exploits6
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•9 views

Vulnerabilities fixed in Oracle Siebel Suite

Oracle has fixed vulnerabilities in Siebel CRM and Siebel Apps. The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Acce...

8.1CVSS8.6AI score0.73654EPSS
Exploits2
NCSC
NCSC
•added 2021/07/21 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in the following Oracle MySQL products: MySQL Connectors MySQL Server MySQL Enterprise Monitor The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that result in t...

8.1CVSS8.9AI score0.60122EPSS
Exploits4
NCSC
NCSC
•added 2021/07/20 12:0 a.m.•5 views

Vulnerability fixed in FortiNet products

A vulnerability has been fixed in Fortinet FortiManager and FortiAnalyzer. A malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code under root privileges. To do this, a malicious party must send a specially prepared network packet to...

9.8CVSS7.7AI score0.08703EPSS
Exploits0
NCSC
NCSC
•added 2021/07/20 12:0 a.m.•6 views

Fixed vulnerabilities in the Lexmark Universal Printer Driver

Lexmark has fixed vulnerabilities in the Universal Printer Driver. A local malicious person with rights to install/activate new printers could install/activate, could exploit the vulnerabilities to execute arbitrary code with SYSTEM privileges. Lexmark has released updates to fix the...

7.8CVSS7.3AI score0.01413EPSS
Exploits3
NCSC
NCSC
•added 2021/07/20 12:0 a.m.•6 views

Vulnerability fixed in Juniper Junos OS

Two vulnerabilities have been fixed in Juniper JunOS. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To do this, an attacker needs to send valid network traffic in a specific sequence to the device. The traffic should be destined for the Junip...

7.8CVSS7.1AI score0.00993EPSS
Exploits0
NCSC
NCSC
•added 2021/07/20 12:0 a.m.•4 views

Vulnerabilities fixed in Aruba AOS-CX switches

Vulnerabilities have been fixed in Aruba AOS-CX switches. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Bypassing authentication Remote code execution Administrator/Root privileges The...

9CVSS8.8AI score0.06692EPSS
Exploits1
NCSC
NCSC
•added 2021/07/20 12:0 a.m.•8 views

Vulnerabilities fixed in Typo3

The developers of Typo3 have fixed vulnerabilities in Typo3 Core. The vulnerabilities allow a malicious party to perform Perform cross-site scripting XSS attacks. Such attacks can lead to the execution of arbitrary script code in the context of the victim's browser. In order to perform such an...

6.5CVSS6.2AI score0.00829EPSS
Exploits0
NCSC
NCSC
•added 2021/07/19 12:0 a.m.•35 views

Vulnerabilities fixed in Citrix ADC, Gateway and SDWAN WAN-OP

Citrix has fixed vulnerabilities in Citrix ADC formerly NetScaler ADC, Gateway formerly NetScaler Gateway and SDWAN WAN-OP. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data by taking over sessions. To cause a Denial-of-Service, the...

8.1CVSS7AI score0.0094EPSS
Exploits0
NCSC
NCSC
•added 2021/07/19 12:0 a.m.•2 views

Vulnerabilities fixed in IBM Tivoli Monitoring

Vulnerabilities have been fixed in the IBM WebSphere Application Server as part of IBM Tivoli Monitoring. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data Access to system data IB...

8.2CVSS8.4AI score0.19312EPSS
Exploits5
NCSC
NCSC
•added 2021/07/16 12:0 a.m.•9 views

Vulnerability found in Microsoft Printer Spooler service

Microsoft has found a vulnerability in the Printer Spooler service. A local malicious person with the ability to execute code under user privileges to execute code could potentially exploit it to execute arbitrary code under SYSTEM privileges. It is as yet unknown in which versions of Windows the...

9.8CVSS7.5AI score0.99759EPSS
Exploits76
NCSC
NCSC
•added 2021/07/16 12:0 a.m.•7 views

Vulnerability fixed in Cisco ASA

Cisco has fixed a vulnerability in Cisco ASA. A authenticated remote malicious party can exploit the vulnerability exploit the vulnerability to cause a denial-of-service on the system. To do this, the malicious party must send specially prepared network traffic to the vulnerable system. Cisco has...

7.7CVSS6.9AI score0.01188EPSS
Exploits0
NCSC
NCSC
•added 2021/07/16 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. A unauthenticated remote malicious person can exploit the vulnerabilities potentially exploit them to execute arbitrary code under permissions of the application. As usual, few substantive details about the vulnerabilities disclosed. Google...

8.8CVSS7.8AI score0.21623EPSS
Exploits2
NCSC
NCSC
•added 2021/07/16 12:0 a.m.•10 views

Vulnerabilities fixed in Icinga Web

Vulnerabilities have been fixed in Icinga Web. A malicious person could exploit the vulnerabilities to gain access to sensitive data, including login credentials to underlying systems such as Databases. Also, a malicious party could potentially cause a Denial-of-Service cause. Icinga has released...

8.8CVSS6.7AI score0.06975EPSS
Exploits5
NCSC
NCSC
•added 2021/07/15 12:0 a.m.•5 views

Vulnerability fixed in NetBSD

The developers of NetBSD have fixed a vulnerability in kernfs. The vulnerability allows an authenticated malicious person to able to read any files on the file system, including files both system and userspace for which the malicious party is not originally authorized. No CVE ID has been disclose...

6.3AI score
Exploits0
NCSC
NCSC
•added 2021/07/15 12:0 a.m.•8 views

Vulnerabilities fixed in Linux kernel

Vulnerabilities have been fixed in the Linux kernel. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Increased use...

7.8CVSS7.2AI score0.03537EPSS
Exploits8
NCSC
NCSC
•added 2021/07/15 12:0 a.m.•6 views

Vulnerabilities fixed in Juniper products

Juniper has fixed vulnerabilities in Junos OS, Junos OS Evolved and PTX, QTX, MX, EX9200 and SRX4600 devices. The vulnerabilities potentially enable a malicious party to launch attacks leading to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote...

8.8CVSS7.8AI score0.05726EPSS
Exploits2
NCSC
NCSC
•added 2021/07/14 12:0 a.m.•4 views

Vulnerabilities fixed in Adobe Bridge

Adobe has fixed vulnerabilities in Bridge. A malicious person could potentially exploit the vulnerabilities to execute arbitrary code under a user's privileges or to gain access to files on the vulnerable system. Adobe has released updates to fix the vulnerabilities in Bridge 11.1. For more...

9.3CVSS7.3AI score0.05343EPSS
Exploits0
NCSC
NCSC
•added 2021/07/14 12:0 a.m.•6 views

Vulnerability fixed in Citrix Virtual Apps and Desktops

Citrix has fixed a vulnerability in Virtual Apps and Desktops, XenApp and XenDesktop. A local malicious party could by exploiting this vulnerability within a Windows VDA acquire elevated privileges. The vulnerability resides only in systems using Citrix Profile Management or the Citrix Profile...

7.8CVSS6.7AI score0.00248EPSS
Exploits0
NCSC
NCSC
•added 2021/07/14 12:0 a.m.•6 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Illustrator. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code under a user's privileges or to gain access to files on the vulnerable system. Adobe has released updates to fix the vulnerabilities in Illustrator 25.3. For...

7.8CVSS7.7AI score0.0194EPSS
Exploits0
NCSC
NCSC
•added 2021/07/14 12:0 a.m.•6 views

Vulnerability fixed in Adobe Framemaker

Adobe has fixed a vulnerability in Framemaker. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. Adobe has released updates to fix the vulnerability in Framemaker 2019 Update 8 and 2020 Update 2. For more information, see:...

9.3CVSS7.4AI score0.02323EPSS
Exploits0
NCSC
NCSC
•added 2021/07/14 12:0 a.m.•6 views

Vulnerabilities fixed in Adobe Acrobat

Adobe has fixed vulnerabilities in Acrobat, Acrobat DC and Acrobat Reader. The vulnerabilities potentially enable a malicious person able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Increase...

9.3CVSS7.6AI score0.66052EPSS
Exploits1
NCSC
NCSC
•added 2021/07/14 12:0 a.m.•53 views

Vulnerabilities fixed in VMware ESXi

VMware has fixed two vulnerabilities in ESXi. The vulnerability with reference CVE-2021-21994 is located in the Small Footprint CIM Broker SFCB and allows a remote malicious person to bypass authentication. This requires rogue network traffic be sent to port 5989 of the ESXi server. The...

9.8CVSS7AI score0.01158EPSS
Exploits0
NCSC
NCSC
•added 2021/07/14 12:0 a.m.•4 views

Vulnerabilities fixed in QEMU

Vulnerabilities have been fixed in QEMU. The vulnerabilities allow a malicious party potentially capable of carrying out attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution with privileges of the QEMU process Access to sensitive data Access to...

8.2CVSS7.7AI score0.05447EPSS
Exploits3
NCSC
NCSC
•added 2021/07/14 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Thunderbird

Mozilla has fixed vulnerabilities in Thunderbird. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User...

8.8CVSS7.8AI score0.03582EPSS
Exploits1
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Identity Services Engine ISE. An authenticated malicious person could exploit the vulnerabilities on the management interface to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser us...

4.8CVSS6.5AI score0.00594EPSS
Exploits0
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•4 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Dynamics Business Central Control. A malicious party could potentially exploit it to execute arbitrary code under the privileges of the application on the underlying operating system. Microsoft has made updates available that fix the described vulnerability...

8CVSS7.4AI score0.01858EPSS
Exploits0
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•7 views

Vulnerability fixed in Microsoft Power BI

A vulnerability has been fixed in the Microsoft Power BI application. A malicious party could potentially abuse it to execute arbitrary code with elevated privileges. Microsoft has made updates available that fix the described vulnerability described. We recommend that you install these updates...

8.8CVSS7.5AI score0.018EPSS
Exploits0
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•42 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Acces...

9.8CVSS7.3AI score0.03158EPSS
Exploits2
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•81 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service Circumvention of security measure Executing arbitrary code Accessing...

9.9CVSS6.8AI score0.99759EPSS
Exploits42
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Exchange

Vulnerabilities have been fixed in Microsoft Exchange. Microsoft indicates that the vulnerabilities with reference CVE-2021-34523 and CVE-2021-34473 were already fixed in the April updates but this has been now being administered. Below is a summary of the various vulnerabilities described for ea...

10CVSS6.6AI score0.99999EPSS
Exploits20
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•6 views

Vulnerabilities Fixed in Microsoft Malware Protection Engine

Microsoft has fixed vulnerabilities in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. A local malicious agent could vulnerabilities potentially exploit them to execute code under elevated privileges execute code. Windows...

9.3CVSS6.7AI score0.02856EPSS
Exploits0
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•6 views

Vulnerability fixed in Siemens SIMIT

Siemens has fixed a vulnerability in SIMIT. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or to gain access to data stored in system memory. For this vulnerability, Proof-of-Concept code is publicly available. Siemens has released updates to fix the...

9.1CVSS7.1AI score0.33304EPSS
Exploits1
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•26 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Spoofing Accessing sensitive data Microsoft Offic...

8.8CVSS7.1AI score0.53178EPSS
Exploits0
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Actively exploited vulnerability fixed in ForgeRock AM

ForgeRock has fixed a vulnerability in ForgeRock Access Manager AM. An unauthenticated remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code under the application's permissions. To do this, malicious network traffic should be sent to a...

10CVSS7.4AI score0.99999EPSS
Exploits8
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•4 views

Vulnerabilities fixed in Siemens Scalance and Ruggedcom

Siemens has fixed vulnerabilities in Scalance and Ruggedcom products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Access to sensitive data Siemens has...

7.5CVSS7.4AI score0.9166EPSS
Exploits3
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•9 views

Vulnerabilities fixed in Siemens SIMATIC

Siemens has fixed vulnerabilities in Simatic products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

10CVSS7.1AI score0.9166EPSS
Exploits25
NCSC
NCSC
•added 2021/07/13 12:0 a.m.•5 views

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed vulnerabilities in Firefox. The vulnerabilities potentially allow an unauthenticated remote malicious person to able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Mozilla has...

9.8CVSS7.2AI score0.03582EPSS
Exploits3
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•5 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. The vulnerability allows a malicious party in a Man-in-the-Middle position to be able to bypass certificate-based authentication. To do so the malicious party must generate its own server certificate containing containing the hostname as it appears in th...

7.4CVSS6.9AI score0.00972EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•7 views

Vulnerabilities fixed in Esri ArcGIS Server

Esri has fixed vulnerabilities in ArcGIS Server. A malicious party could exploit the vulnerabilities to perform of a Same-Site Request Forgery SSRF or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application visite...

7.3AI score
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus

IBM has fixed vulnerabilities in the web interface of Tivoli Netcool/OMNIbus. An authenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visi...

6.4CVSS6.7AI score0.00495EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•6 views

Vulnerability fixed in NetIQ Advanced Authentication

Micro Focus has fixed a vulnerability in NetIQ Advanced Authentication. The vulnerability allows a malicious party to bypass bypass multi-factor authentication. No substantive details about this vulnerability made publicly available. Micro Focus has released updates to fix the vulnerability fix i...

6.5CVSS6.9AI score0.00685EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•8 views

Vulnerability fixed in GitLab

A vulnerability has been fixed in GitLab. A malicious party could exploit the vulnerability to obtain sensitive information with the application's permissions through the uploading a prepared "design" file. To do this, "Large File Support" LFS must be enabled for the GitLab server or the specific...

7.2CVSS6.8AI score0.00998EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•3 views

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js and npm. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service in the npm client or within a service that uses node.js. Also, by exploiting the vulnerability with CVE attribute CVE-2021-22921 SYSTEM privileges gain...

7.8CVSS7.1AI score0.23132EPSS
Exploits4
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•8 views

Vulnerability fixed in SonicWall network switches

SonicWall has fixed a vulnerability in several network switches. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause or read system memory. The vulnerability resides in the way LLDP network traffic is processed...

8.1CVSS6.8AI score0.00635EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•8 views

Vulnerabilities fixed in Kaseya Virtual System Administrator (VSA)

Vulnerabilities have been fixed in Kaseya VSA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights SQL Injection Access to sensitive data...

10CVSS7.5AI score0.85619EPSS
Exploits10
NCSC
NCSC
•added 2021/07/09 12:0 a.m.•63 views

Vulnerabilities fixed in FortiMail

Fortinet has fixed vulnerabilities in FortiMail. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution Access to sensitive data Increased user privileges Fortinet ha...

9.8CVSS7.1AI score0.0143EPSS
Exploits0
Total number of security vulnerabilities4199