Lucene search
K

4207 matches found

NCSC
NCSC
•added 2021/07/12 12:0 a.m.•7 views

Vulnerabilities fixed in Esri ArcGIS Server

Esri has fixed vulnerabilities in ArcGIS Server. A malicious party could exploit the vulnerabilities to perform of a Same-Site Request Forgery SSRF or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application visite...

7.3AI score
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus

IBM has fixed vulnerabilities in the web interface of Tivoli Netcool/OMNIbus. An authenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visi...

6.4CVSS6.7AI score0.00495EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•6 views

Vulnerability fixed in NetIQ Advanced Authentication

Micro Focus has fixed a vulnerability in NetIQ Advanced Authentication. The vulnerability allows a malicious party to bypass bypass multi-factor authentication. No substantive details about this vulnerability made publicly available. Micro Focus has released updates to fix the vulnerability fix i...

6.5CVSS6.9AI score0.00685EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•8 views

Vulnerability fixed in GitLab

A vulnerability has been fixed in GitLab. A malicious party could exploit the vulnerability to obtain sensitive information with the application's permissions through the uploading a prepared "design" file. To do this, "Large File Support" LFS must be enabled for the GitLab server or the specific...

7.2CVSS6.8AI score0.00998EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•3 views

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js and npm. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service in the npm client or within a service that uses node.js. Also, by exploiting the vulnerability with CVE attribute CVE-2021-22921 SYSTEM privileges gain...

7.8CVSS7.1AI score0.23132EPSS
Exploits4
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•8 views

Vulnerability fixed in SonicWall network switches

SonicWall has fixed a vulnerability in several network switches. An unauthenticated malicious party could potentially exploit the vulnerability potentially exploit it to cause a denial-of-service cause or read system memory. The vulnerability resides in the way LLDP network traffic is processed...

8.1CVSS6.8AI score0.00635EPSS
Exploits0
NCSC
NCSC
•added 2021/07/12 12:0 a.m.•8 views

Vulnerabilities fixed in Kaseya Virtual System Administrator (VSA)

Vulnerabilities have been fixed in Kaseya VSA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights SQL Injection Access to sensitive data...

10CVSS7.5AI score0.85619EPSS
Exploits10
NCSC
NCSC
•added 2021/07/09 12:0 a.m.•63 views

Vulnerabilities fixed in FortiMail

Fortinet has fixed vulnerabilities in FortiMail. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution Access to sensitive data Increased user privileges Fortinet ha...

9.8CVSS7.1AI score0.0143EPSS
Exploits0
NCSC
NCSC
•added 2021/07/08 12:0 a.m.•6 views

Vulnerability fixed in Cisco IP Phone

A vulnerability has been fixed in Cisco IP Phone. The vulnerability allows a malicious person with physical access to the device to execute arbitrary code with elevated permissions. Cisco has released updates to fix the vulnerability. More information can be found on the page below:...

6.8CVSS7.2AI score0.00304EPSS
Exploits0
NCSC
NCSC
•added 2021/07/08 12:0 a.m.•9 views

Vulnerability fixed in Cisco Adaptive Security Device Manager

Cisco has fixed a vulnerability in Adaptive Security Device Manager ASDM. A malicious party could potentially exploit it to execute arbitrary code under privileges of ASDM or to gain access to files. For successful misuse, a Man-in-the-Middle position is required. Few substantive details have bee...

9.3CVSS7.7AI score0.19958EPSS
Exploits2
NCSC
NCSC
•added 2021/07/08 12:0 a.m.•3 views

Vulnerabilities fixed in Fedora kernel

Vulnerabilities have been fixed in the Fedora Linux kernel. The vulnerabilities allow a local malicious person to obtain elevated privileges. Fedora has released updates to fix the vulnerabilities. More information can be found on the pages below: Fedora 33:...

8.7CVSS8.4AI score0.0066EPSS
Exploits2
NCSC
NCSC
•added 2021/07/08 12:0 a.m.•8 views

Vulnerabilities fixed in Android

Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased user privileges As usual, Google has disclosed...

8CVSS7.3AI score0.01393EPSS
Exploits0
NCSC
NCSC
•added 2021/07/08 12:0 a.m.•2 views

Vulnerabilities fixed in Ruby

Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to system data Ruby developers have released updates to address t...

7.4CVSS8.8AI score0.0305EPSS
Exploits2
NCSC
NCSC
•added 2021/07/07 12:0 a.m.•6 views

Vulnerabilities fixed in Dell Wyse Management Suite

Dell has fixed vulnerabilities in Dell Wyse Management Suite. An authenticated remote malicious person could potentially potentially exploit them to perform a path traversal attack. This could gain read access to arbitrary files on the system. Dell has released updates to fix the vulnerabilities ...

8.1CVSS6.8AI score0.04038EPSS
Exploits0
NCSC
NCSC
•added 2021/07/07 12:0 a.m.•6 views

Vulnerability fixed in PRTG Network Monitor

A vulnerability has been fixed in PRTG Network Monitor. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Paessler has released updat...

5.4CVSS6.2AI score0.00609EPSS
Exploits1
NCSC
NCSC
•added 2021/07/07 12:0 a.m.•10 views

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code...

9.8CVSS6.9AI score0.01498EPSS
Exploits7
NCSC
NCSC
•added 2021/07/07 12:0 a.m.•5 views

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights released updates to addre...

7.5CVSS7.1AI score0.01439EPSS
Exploits0
NCSC
NCSC
•added 2021/07/06 12:0 a.m.•8 views

Vulnerability fixed in MISP

A vulnerability has been fixed in MISP. An unauthenticated remote malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers have...

9.8CVSS6.3AI score0.01087EPSS
Exploits0
NCSC
NCSC
•added 2021/07/06 12:0 a.m.•3 views

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Not every vulnerability h...

6.1CVSS6.8AI score0.01631EPSS
Exploits0
NCSC
NCSC
•added 2021/07/05 12:0 a.m.•6 views

Vulnerabilities fixed in OpenVPN

Vulnerabilities have been fixed in the Windows versions of OpenVPN and OpenVPN Connect. A local malicious party could potentially exploit them to execute arbitrary code under the rights of the OpenVPN process. To do this, the malicious party must modify the OpenVPN configuration file such that th...

7.8CVSS7.6AI score0.00568EPSS
Exploits0
NCSC
NCSC
•added 2021/07/05 12:0 a.m.•4 views

Vulnerability discovered in TLS implementations

Researchers have discovered a vulnerability in the way TLS traffic is processed. The vulnerability has been named ALPACA and is caused by the fact that IP addresses and port numbers are not authenticated by TLS. A malicious party with a Man-in-the-Middle position can therefore encrypt network...

7.4CVSS6AI score0.02037EPSS
Exploits0
NCSC
NCSC
•added 2021/07/02 12:0 a.m.•7 views

Vulnerability fixed in XWiki

Advanced Open Source Enterprise Wiki has fixed a vulnerability fixed in XWiki. The vulnerability allows an unauthenticated malicious person able to reset a counter that tracks the number of failed login attempts to zero. This makes it possible to launch a brute-force attack. Updates have been...

5.5CVSS6.7AI score0.00499EPSS
Exploits0
NCSC
NCSC
•added 2021/07/02 12:0 a.m.•13 views

Vulnerability found in Microsoft Windows

There is a vulnerability in the Printer Spooler service from Microsoft. The vulnerability allows an authenticated malicious person able to execute arbitrary code and obtain elevated privileges. obtain. By exploiting the vulnerability, it is possible to take over a Domain Controller. Earlier this...

10CVSS7.3AI score0.99759EPSS
Exploits77
NCSC
NCSC
•added 2021/07/02 12:0 a.m.•5 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution Use...

6.1CVSS7AI score0.00949EPSS
Exploits0
NCSC
NCSC
•added 2021/07/02 12:0 a.m.•3 views

Vulnerability fixed in Ansible

A vulnerability has been fixed in Ansible. The vulnerability allows a malicious person to inject commands. With this vulnerability makes it possible to obtain sensitive data and possibly execute arbitrary code as well. The researcher who reported the vulnerability to Ansible has published an...

7.1CVSS9.5AI score0.00854EPSS
Exploits0
NCSC
NCSC
•added 2021/07/02 12:0 a.m.•3 views

Vulnerabilities fixed in PHP7

PHP developers have fixed two vulnerabilities. The vulnerabilities allow a malicious party to cause a denial-of-service and to bypass a security measure. circumvention. PHP developers have made little information regarding these vulnerabilities publicly. PHP's developers have released updates to...

5.9CVSS6.9AI score0.01945EPSS
Exploits2
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in OpenShift Container Platform. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...

8.1CVSS8.7AI score0.7795EPSS
Exploits1
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•9 views

Vulnerability fixed in Veeam Backup & Replication

A vulnerability has been fixed in Veeam Backup & Replication. The vulnerability potentially allows a malicious party to execute arbitrary code to execute arbitrary code because the Veeam application was vulnerable to a flaw in the deseralization logic of .NET remoting. Veeam's developers have mad...

9.8CVSS7.5AI score0.01239EPSS
Exploits0
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•6 views

Vulnerabilities fixed in Dell iDRAC

Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under the user's privileges by performing a cross-site scripting attack and allow a user to be to a different page or show other injected content display. Dell has release...

6.5CVSS6.7AI score0.00945EPSS
Exploits0
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•15 views

Vulnerability fixed in Broadcom ProxySG

Broadcom has fixed a vulnerability in ProxySG. The vulnerability allows an unauthenticated malicious person to access the system's management interface. It is good practice to place management interfaces of such devices on a separate management network. Broadcom has released updates to fix the...

9.8CVSS6.7AI score0.01447EPSS
Exploits0
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•3 views

Vulnerabilities fixed in OpenSUSE kernel

Vulnerabilities have been fixed in the openSUSE kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Accessing system data -=...

7.8CVSS8.4AI score0.01476EPSS
Exploits1
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•4 views

Vulnerabilities fixed in QEMU

Vulnerabilities have been fixed in QEMU. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data -= SUSE =- SUSE has made updates available to fix the...

8.2CVSS7.8AI score0.00463EPSS
Exploits0
NCSC
NCSC
•added 2021/07/01 12:0 a.m.•9 views

Vulnerabilities fixed in Jenkins

Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution User Rights Spoofing Increased user rights Jenkins...

7.5CVSS7.3AI score0.42521EPSS
Exploits0
NCSC
NCSC
•added 2021/06/30 12:0 a.m.•11 views

Vulnerabilities fixed in AVEVA System Platform

AVEVA has fixed vulnerabilities in System Platform. The vulnerabilities allow a remote malicious person to gain gain unauthenticated access to the system and to cause a denial-of-service. AVEVA has released updates to fix the vulnerabilities. More information can be found on the page below:...

9.8CVSS6.9AI score0.01109EPSS
Exploits0
NCSC
NCSC
•added 2021/06/30 12:0 a.m.•5 views

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in Zimbra. The vulnerabilities allow a remote malicious person to launch a so-called cross-site scripting, and open-redirect attack. To do this, the attacker must trick the victim into following a rogue link to follow. Zimbra has released patches to fix the...

9.8CVSS6.7AI score0.0327EPSS
Exploits2
NCSC
NCSC
•added 2021/06/30 12:0 a.m.•9 views

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Vulnerabilities have been fixed in Aruba ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication. Remote code execution Administrator/Root rights...

9CVSS8.6AI score0.99295EPSS
Exploits82
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•4 views

Vulnerability fixed in Umbraco CMS

A vulnerability has been fixed in Umbraco CMS. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website. send. Umbraco has released updates to fix the vulnerability. More information can be found on the page below:...

6.1CVSS6.5AI score0.0071EPSS
Exploits0
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•4 views

Vulnerability fixed in Infoblox NIOS

A vulnerability has been fixed in Infoblox Network Identity Operating System NIOS. The vulnerability allows a malicious person with elevated privileges to cause a denial-of-service. Infoblox has released updates to fix the vulnerability. More information can be found on the page below:...

6.5CVSS6.6AI score0.00857EPSS
Exploits0
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•23 views

Vulnerabilities fixed in Nessus

Vulnerabilities have been fixed in Nessus. The vulnerabilities allow a locally authenticated malicious person with administrator privileges to obtain elevated privileges. The malicious party can use these privileges to execute specific Windows commands execute as the Nessus Agent host. Tenable ha...

6.7CVSS6.8AI score0.00348EPSS
Exploits0
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•23 views

Vulnerabilities fixed in RabbitMQ

Vulnerabilities have been fixed in RabbitMQ. The vulnerabilities allow a malicious person to execute arbitrary code under the user's privileges. RabbitMQ categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 3.1. RabbitMQ has released updates to address the...

5.4CVSS7.2AI score0.01437EPSS
Exploits2
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•8 views

InjectaBLE vulnerability discovered in Bluetooth Low Energy (BLE)

Researchers at the LAAS-CNRS laboratory have demonstrated the ability to obtain a be able to obtain full man-in-the-middle status from two Bluetooth Low Energy BLE devices that have an unencrypted connection have. The man-in-the-middle attack does not work on encrypted connections. However, it is...

5.3CVSS6.7AI score0.00402EPSS
Exploits0
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•11 views

Vulnerabilities fixed in Red Hat Openshift Container Platform

Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Increased...

9.8CVSS8.8AI score0.7795EPSS
Exploits5
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus

Vulnerabilities have been fixed in IBM Tivoli Netcool/OMNIbus. The vulnerabilities allow a malicious person to conduct attacks execute attacks that result in the following categories of damage: Server-Side Request Forgery SSRF. Cross-Site Scripting XSS. Denial-of-Service DoS Remote code execution...

9.8CVSS8.1AI score0.10608EPSS
Exploits4
NCSC
NCSC
•added 2021/06/29 12:0 a.m.•9 views

Vulnerabilities fixed in Red Hat JBoss Web Server

Vulnerabilities have been fixed in Red Hat JBoss Web Server. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive data obtain. Red Hat has released updates to fix the vulnerabilities. More information can be found on the page below:...

7.5CVSS8.3AI score0.18114EPSS
Exploits16
NCSC
NCSC
•added 2021/06/28 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Edge

Vulnerabilities have been fixed in Microsoft Edge. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or bypass a security measure. Microsoft has disclosed little information about the vulnerability with attribute CVE 2021-34475. Microsoft has released updates to...

6.1CVSS6.6AI score0.02068EPSS
Exploits0
NCSC
NCSC
•added 2021/06/25 12:0 a.m.•3 views

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. An authenticated malicious party could potentially exploit the vulnerability to execute arbitrary code under application privileges. To do this, a rogue XML file needs to be presented to the application presented. The developers have released updates to...

8.8CVSS8.7AI score0.77735EPSS
Exploits1
NCSC
NCSC
•added 2021/06/25 12:0 a.m.•4 views

Vulnerability fixed in libgcrypt

The developers of GnuPG have fixed a vulnerability in libgcrypt. The vulnerability is caused by an insecure implementation of ElGamal cryptography. A malicious person could potentially exploit the vulnerability to perform a side-channel attack against data encrypted using ElGamal. Few substantive...

7.5CVSS9.1AI score0.02342EPSS
Exploits0
NCSC
NCSC
•added 2021/06/24 12:0 a.m.•9 views

Vulnerabilities fixed in IBM DB2

Vulnerabilities have been fixed in IBM DB2. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data IBM has released updates to fix the vulnerabilities. More...

8.1CVSS6.4AI score0.0111EPSS
Exploits0
NCSC
NCSC
•added 2021/06/24 12:0 a.m.•5 views

Fixed vulnerabilities in Dell boot functionality.

Eclypsium has discovered vulnerabilities in Dell SupportAssist for Windows. The vulnerabilities allow an unauthenticated remote malicious person able to execute arbitrary code in the BIOS before the operating system is booted. The malicious must perform a man-in-the-middle attack to do so and...

7.5CVSS7.8AI score0.00626EPSS
Exploits0
NCSC
NCSC
•added 2021/06/24 12:0 a.m.•6 views

Vulnerability fixed in MediaWiki

A vulnerability has been fixed in MediaWiki. The vulnerability allows an authenticated remote malicious person to delete delete pages while the account is locked. MediaWiki has released new versions to fix the vulnerability. fix. More information can be found on the page below:...

7.5CVSS6.5AI score0.01943EPSS
Exploits1
Total number of security vulnerabilities4207