Lucene search
K

4199 matches found

NCSC
NCSC
•added 2021/06/21 12:0 a.m.•6 views

Vulnerabilities discovered in Moxa hardware

Vulnerabilities have been discovered in Moxa protocol gateways. The vulnerabilities allow an unauthenticated malicious person to conduct opportunity to launch a denial-of-service attack on the management interface execute. For both vulnerabilities, the researcher has published a Proof-of-Concept ...

7.5CVSS7AI score0.02227EPSS
Exploits2
NCSC
NCSC
•added 2021/06/21 12:0 a.m.•4 views

Vulnerability fixed in Xterm

The developers of Xterm have fixed a vulnerability. The vulnerability can be exploited by an unauthenticated malicious person at a remote user to cause a Denial-of-Service, or possibly executing arbitrary code with the privileges of the process. -= SUSE =- SUSE has made updates available to fix t...

9.8CVSS7.3AI score0.07541EPSS
Exploits1
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•5 views

Vulnerabilities fixed in Synology DiskStation Manager

Vulnerabilities have been fixed in Synology DiskStation Manager. An authenticated malicious person can exploit the vulnerabilities to obtain sensitive information and system data, as well as to execute arbitrary code under the privileges of the user. Synology has released updates to fix the...

9.9CVSS7.4AI score0.01935EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•7 views

Vulnerability fixed in Pulse Connect Secure

A vulnerability has been fixed in Pulse Connect Secure. A authenticated malicious person could potentially abuse it to execute arbitrary code under root privileges. To do this, however, the user must have the rights to view a Samba SMB share via the "Windows File Share Browser" functionality. Sin...

9CVSS7.4AI score0.69377EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•5 views

Vulnerability fixed in Fortinet FortiClient for macOS

A vulnerability has been fixed in Fortinet FortiClient for macOS. By exploiting this vulnerability to gain root privileges on the vulnerable system. See also the page below from the discoverers of this vulnerability, for more information: https://www.zerodayinitiative.com/advisories/ZDI-21-693/...

7.8CVSS7.1AI score0.00426EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•8 views

Vulnerability fixed in Sonatype Nexus

Sonatype has fixed a vulnerability in Nexus Repository 3. An authenticated malicious person could exploit the vulnerability to gain access to sensitive information. Sonatype has released updates to fix the vulnerability in Nexus Repository 3.31.0. For more information, see:...

4.3CVSS6.7AI score0.03675EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•5 views

Vulnerability fixed in VMware Tools for Windows

A vulnerability has been fixed in VMware Tools for Windows. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service by exploiting a race condition in the VM3DMP driver. VMware has released updates to fix the vulnerability. For more information, see:...

5.5CVSS6.8AI score0.00479EPSS
Exploits0
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•7 views

Vulnerability fixed in MantisBT

A vulnerability has been fixed in MantisBT. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. MantisBT has released updates to fix...

6.1CVSS6.7AI score0.01825EPSS
Exploits1
NCSC
NCSC
•added 2021/06/18 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or execute arbitrary code with the application's permissions. Google indicates that for the vulnerability with attribute...

8.8CVSS7.6AI score0.11747EPSS
Exploits0
NCSC
NCSC
•added 2021/06/17 12:0 a.m.•12 views

Vulnerabilities fixed in Cisco Jabber for Windows

Vulnerabilities have been fixed in Cisco Jabber for Windows. A malicious party could exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service to the recipient of a specially prepared XMPP message. Cisco has released updates to fix the vulnerabilities. For more...

6.5CVSS6.8AI score0.00796EPSS
Exploits0
NCSC
NCSC
•added 2021/06/17 12:0 a.m.•4 views

Vulnerability fixed in Cisco Email Security Appliance and Web Security Appliance

Cisco has fixed a vulnerability in the integration of Advanced Malware Protection AMP for Endpoints in Cisco Email Security Appliance and Cisco Web Security Appliance. The vulnerability involves improper validation of TLS certificates. A malicious party could, as a result, via a Man-in-the-Middle...

7.4CVSS6.8AI score0.0067EPSS
Exploits0
NCSC
NCSC
•added 2021/06/17 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Small Business switches

Vulnerabilities have been fixed in Cisco Small Business 220 Series Smart Switches. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights...

9.3CVSS7.2AI score0.09721EPSS
Exploits0
NCSC
NCSC
•added 2021/06/17 12:0 a.m.•4 views

Vulnerability fixed in Cisco AnyConnect Secure Mobility Client

Cisco has fixed a vulnerability in AnyConnect Secure Mobility Client. A local malicious agent could potentially exploit it to execute arbitrary code under SYSTEM privileges. Only clients on which the VPN Posture HostScan Module is installed are vulnerable. Cisco has released updates to fix the...

7CVSS7.6AI score0.00178EPSS
Exploits0
NCSC
NCSC
•added 2021/06/17 12:0 a.m.•7 views

Vulnerability fixed in Cisco Meeting Server

A vulnerability has been fixed in Cisco Meeting Server. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service causing all connected users to lose their connection. Cisco has released updates to fix the vulnerability. For more information, see:...

6.5CVSS6.8AI score0.01101EPSS
Exploits0
NCSC
NCSC
•added 2021/06/16 12:0 a.m.•3 views

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service exploit. To do this, a rogue SELECT statement must be executed on the database. IBM has released updates to fix the vulnerability in Db2 11.1.4FP6 and...

7.5CVSS6.6AI score0.01884EPSS
Exploits0
NCSC
NCSC
•added 2021/06/16 12:0 a.m.•6 views

Vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed vulnerabilities in IBM Spectrum Protect Backup Archive Client and IBM Spectrum Protect for Space Management. A local malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to execute under elevated privileges execute arbitrary code. IBM has...

8.4CVSS7.2AI score0.00345EPSS
Exploits0
NCSC
NCSC
•added 2021/06/16 12:0 a.m.•4 views

Vulnerability fixed in VMware Workspace ONE UEM

VMware has fixed a vulnerability in Workspace ONE UEM console. An unauthenticated remote malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack could result in the execution of arbitrary script code in the browser used to visit the...

6.1CVSS6.8AI score0.00796EPSS
Exploits1
NCSC
NCSC
•added 2021/06/16 12:0 a.m.•6 views

Vulnerabilities fixed in Ubuntu

Vulnerabilities have been fixed in Ubuntu, specifically in the Apport package. The vulnerabilities allow a malicious party to access to system data and potentially obtain elevated permissions. -= Ubuntu =- Canonical has made updates available for Ubuntu 18.04 LTS, 20.04 LTS, 20.10 and 21.04 to fi...

7.3CVSS6.8AI score0.00295EPSS
Exploits0
NCSC
NCSC
•added 2021/06/16 12:0 a.m.•5 views

Vulnerability fixed in VMware vRealize Business for Cloud

VMware has fixed a vulnerability in virtual appliances of vRealize Business for Cloud. An unauthenticated remote malicious agent could remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code. To do so, the malicious party must maliciously send network...

9.8CVSS7.5AI score0.01981EPSS
Exploits0
NCSC
NCSC
•added 2021/06/16 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat OpenShift

Red Hat has fixed vulnerabilities in OpenShift Container Platform. A malicious party could potentially exploit them to obtain elevated privileges on the vulnerable system or to cause a denial-of-service. -= Red Hat =- Red Hat has made updates available for Red Hat Enterprise Linux 8. You can...

8.6CVSS8.5AI score0.03478EPSS
Exploits1
NCSC
NCSC
•added 2021/06/15 12:0 a.m.•3 views

Vulnerability fixed in SonicOS

SonicWall has fixed a vulnerability in SonicOS as used by several SonicWall products. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause a denial-of-service. To do this, a rogue HTTP request to the management interface of the SonicOS device needs to be ...

7.5CVSS6.8AI score0.01291EPSS
Exploits0
NCSC
NCSC
•added 2021/06/15 12:0 a.m.•5 views

Vulnerability fixed in OTRS

A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to send a rogue email message that must then be sent by the OTRS application to process. OTRS has released...

6.5CVSS6.7AI score0.00976EPSS
Exploits0
NCSC
NCSC
•added 2021/06/15 12:0 a.m.•3 views

Vulnerabilities fixed in IBM Spectrum Protect Client

Vulnerabilities have been fixed in IBM Spectrum Protect Client. A malicious party could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code with the application's permissions. IBM has released updates to fix the vulnerabilities. For more information, see:...

9.8CVSS9.1AI score0.0586EPSS
Exploits5
NCSC
NCSC
•added 2021/06/15 12:0 a.m.•3 views

Vulnerabilities fixed in Nagios XI

Vulnerabilities have been fixed in Nagios XI. A malicious party can exploit the vulnerability to perform an SQL injection or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Few substantive...

7.2AI score
Exploits0
NCSC
NCSC
•added 2021/06/14 12:0 a.m.•4 views

Vulnerability fixed in IBM Integration Bus

A vulnerability has been fixed in IBM Integration Bus. A malicious party could potentially exploit the vulnerability in the Javascript lodash module potentially exploit it to execute arbitrary commands on the underlying system. IBM has released updates to fix the vulnerability. For more...

7.2CVSS7.4AI score0.2241EPSS
Exploits3
NCSC
NCSC
•added 2021/06/14 12:0 a.m.•2 views

Vulnerabilities fixed in Docker

Vulnerabilities have been fixed in Docker. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges Successful misuse requires the...

8.5CVSS9.7AI score0.06604EPSS
Exploits4
NCSC
NCSC
•added 2021/06/11 12:0 a.m.•4 views

Vulnerability fixed in Rockwell Automation FactoryTalk

A vulnerability has been fixed in Rockwell Automation FactoryTalk Services Platform. The vulnerability allows an authenticated remote malicious person able to assume the same rights as a locally logged on user. Rockwell Automation has released updates and mitigating measures released to address t...

8.8CVSS6.8AI score0.02339EPSS
Exploits0
NCSC
NCSC
•added 2021/06/11 12:0 a.m.•4 views

Vulnerability fixed in polkit

A vulnerability has been fixed in polkit, an integral part of several Linux distributions. A local malicious person could gain root privileges by exploiting this vulnerability on the vulnerable system. GitHub has published more information about this vulnerability. For more information see:...

7.8CVSS6.5AI score0.22193EPSS
Exploits37
NCSC
NCSC
•added 2021/06/11 12:0 a.m.•27 views

Vulnerabilities fixed in McAfee Agent for Windows

Vulnerabilities have been fixed in McAfee Agent for Windows. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-31840 potentially exploit it to execute arbitrary code with elevated privileges via a "DLL preloading" attack. The vulnerability with CVE attribut...

7.3CVSS7.9AI score0.00348EPSS
Exploits0
NCSC
NCSC
•added 2021/06/11 12:0 a.m.•3 views

Vulnerability fixed in RabbitMQ

A vulnerability has been fixed in RabbitMQ. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause by sending a rogue AMQP message to the RabbitMQ server that can receive AMQP 1.0 messages. VMware Tanzu has released updates to fix the vulnerability fix in...

7.5CVSS6.8AI score0.01387EPSS
Exploits0
NCSC
NCSC
•added 2021/06/11 12:0 a.m.•3 views

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. A remote malicious party could, by exploiting this vulnerability to gain elevated privileges within the application server. This vulnerability is only exploitable when using SAML Web Inbound Trust Association Interceptor TAI. IBM...

8.8CVSS7AI score0.00744EPSS
Exploits0
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Spectrum Protect Server

Vulnerabilities have been fixed in IBM DB2 as used in IBM Spectrum Protect. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to system data T...

8.4CVSS7.6AI score0.02019EPSS
Exploits0
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•7 views

Vulnerabilities fixed in Bosch IP Cameras

Bosch has fixed vulnerabilities in IP cameras CPP4, CPP6, CPP7, CPP13 and AVIOTEC. An unauthenticated malicious person at remote can exploit the vulnerabilities to cause a denial-of-service, obtaining sensitive information, manipulating manipulate camera settings or perform a cross-site scripting...

9.8CVSS6.7AI score0.01433EPSS
Exploits0
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Finesse

Cisco has fixed two vulnerabilities in Finesse. A unauthenticated remote malicious person could exploit the vulnerability with reference CVE-2021-1245 to perform a cross-site scripting XSS attack. Such an attack can lead to the execution of arbitrary code in the context of the browser of the...

6.5CVSS7AI score0.01428EPSS
Exploits0
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights To do this, the malicious party must induce the victim to...

8.8CVSS7.6AI score0.64701EPSS
Exploits1
NCSC
NCSC
•added 2021/06/10 12:0 a.m.•12 views

Vulnerabilities fixed in RSA NetWitness

Vulnerabilities have been fixed in RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of authentication. Remote code execution...

10CVSS7.2AI score0.99512EPSS
Exploits113
NCSC
NCSC
•added 2021/06/09 12:0 a.m.•7 views

Vulnerability fixed in Schneider Electric Modicon

A vulnerability has been found in the firmware of Schneider Electric Modicon X80 devices. A malicious party can exploit the exploit the vulnerability to obtain configuration data from the device. To do this, a malicious person must make a rogue request towards the web server of the system. It is...

5.3CVSS6.7AI score0.00925EPSS
Exploits0
NCSC
NCSC
•added 2021/06/09 12:0 a.m.•5 views

Vulnerability fixed in Citrix Cloud Connector

Citrix has discovered a vulnerability in the Cloud Connector client application. When the client is installed using command line parameters, these parameters are stored in readable text in the installation log file. These parameters may contain sensitive data, which a malicious person with access...

7.5CVSS6.8AI score0.01064EPSS
Exploits0
NCSC
NCSC
•added 2021/06/09 12:0 a.m.•3 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in Xen. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges The vulnerabilities with CVE core core CVE-2021-0089 and CVE-2021-28692...

7.8CVSS8.7AI score0.01019EPSS
Exploits0
NCSC
NCSC
•added 2021/06/09 12:0 a.m.•8 views

Vulnerabilities fixed in Adobe products

Several vulnerabilities have been fixed in several Adobe products. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges The exact damage varies by...

9.3CVSS7.7AI score0.46031EPSS
Exploits0
NCSC
NCSC
•added 2021/06/09 12:0 a.m.•4 views

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Spoofing Increased user privileges -= SUSE =- SUSE has made updates available to address the...

8.8CVSS7.6AI score0.07604EPSS
Exploits6
NCSC
NCSC
•added 2021/06/09 12:0 a.m.•57 views

Fixed vulnerabilities in various Intel processors, chipsets, firmware, drivers and tools

Intel has fixed a sizable number of vulnerabilities in a range of processors, chipsets, firmware, drivers and tools. Many of the named chipsets are integrated and mostly present in systems built with Intel hardware. The associated tooling is generally included and installed by default. A maliciou...

8.8CVSS7.3AI score0.00887EPSS
Exploits3
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•7 views

Vulnerabilities fixed in Citrix ADC and Citrix Gateway

Two vulnerabilities have been fixed in Citrix ADC and Citrix Gateway. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2020-8299 potentially exploit it to cause a denial-of-service from the same local network segment. The vulnerability with CVE attribute...

6.5CVSS6.7AI score0.0301EPSS
Exploits1
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•5 views

Vulnerability fixed in Xerox AltaLink systems

Xerox has fixed a vulnerability in AltaLink systems. A remote malicious person could exploit the vulnerability to conduct execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to access the system. No CVE vulnerability h...

6.4AI score
Exploits0
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•10 views

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed vulnerabilities in Jira Server. A remote malicious party could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. Atlassian has released updates to addre...

6.1CVSS6.5AI score0.04049EPSS
Exploits4
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•6 views

Vulnerabilities Fixed in Microsoft Malware Protection Engine

Microsoft has fixed vulnerabilities in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. A local malicious agent could vulnerabilities potentially exploit them to cause a denial-of-service cause or to execute code under elevated...

8.8CVSS6.8AI score0.07764EPSS
Exploits0
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•28 views

Vulnerabilities fixed in Microsoft Office products

Microsoft has fixed vulnerabilities in several Office products. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Executing arbitrary code User privileges. Impersonating another user Accessing sensitive data Below is a summary of the...

8.8CVSS7AI score0.13337EPSS
Exploits5
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•11 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Bypassing authentication Circumvention of security measure Remote cod...

9.8CVSS6.8AI score0.86132EPSS
Exploits72
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•6 views

Vulnerability fixed in ESRI ArcGIS Server

A vulnerability has been fixed in Esri ArcGIS Server. The vulnerability allows a remote malicious person to perform a SQL-Injection attack. Esri has released updates to fix the vulnerabilities. For more information, see: https://www.esri.com/arcgis-blog/products/arcgis-enterprise...

5.3CVSS6.9AI score0.00633EPSS
Exploits0
NCSC
NCSC
•added 2021/06/08 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft applications

Microsoft has fixed vulnerabilities in 3D Viewer, Paint 3D and Intune Management Extension. A malicious party could potentially exploit the vulnerabilities in 3D Viewer and Paint 3D potentially exploit them to gain access to sensitive data or to execute arbitrary code. To do this, the malicious...

9.8CVSS7AI score0.02938EPSS
Exploits0
Total number of security vulnerabilities4199