Lucene search
K

4197 matches found

NCSC
NCSC
•added 2021/04/29 12:0 a.m.•4 views

Vulnerabilities fixed in GitLab CE and EE

GitLab has fixed several vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive da...

7.5CVSS7AI score0.0115EPSS
Exploits0
NCSC
NCSC
•added 2021/04/29 12:0 a.m.•17 views

Vulnerability fixed in Moxa NPort 5110 firmware

Moxa has fixed a vulnerability in the NP5110 firmware. The vulnerability potentially allows a malicious party to use the device to forward IP traffic to network segments that the initially did not have access to because the NPort devices facilitated IP forwarding. Moxa has released updates to fix...

7.5CVSS6.9AI score0.06908EPSS
Exploits0
NCSC
NCSC
•added 2021/04/29 12:0 a.m.•4 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. The vulnerability allows a malicious person to execute arbitrary code in the context of the browser if it manages to get the user to visit a rogue page to visit a vulnerable Drupal site. Drupal has released updates to fix the vulnerability. For more...

6.1CVSS7.6AI score0.00671EPSS
Exploits0
NCSC
NCSC
•added 2021/04/29 12:0 a.m.•61 views

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Circumvention of security measure Remote code execution...

9.8CVSS7.8AI score0.01343EPSS
Exploits0
NCSC
NCSC
•added 2021/04/29 12:0 a.m.•6 views

Vulnerabilities fixed in Cisco ASA and FTD

Vulnerabilities have been fixed in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service or execute arbitrary commands execute in the underlying operating system with the privilege...

8.6CVSS7.4AI score0.85439EPSS
Exploits2
NCSC
NCSC
•added 2021/04/29 12:0 a.m.•3 views

Vulnerabilities fixed in BIND

ISC has fixed vulnerabilities in BIND. The vulnerabilities can be be exploited by a remote malicious person to cause a denial-of-service or, in limited circumstances, executing arbitrary code under the privileges of named. Execution of arbitrary code is not possible with the default configuration...

9.8CVSS9.8AI score0.82367EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•4 views

Vulnerability fixed in DB2

IBM has fixed a vulnerability in DB2 including DB2 Connect Server. Because of incorrect file permissions, a local malicious party is able to manipulate arbitrary files and gain access to system data and sensitive data. IBM has released updates to fix the vulnerability in DB2. For more information...

5.1CVSS6.8AI score0.00339EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•5 views

Vulnerabilities fixed in Apple Safari

Vulnerabilities have been fixed in Apple Safari. The vulnerabilities potentially allow a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to induce the user to visit a rogue page. Also, a malicious party in this way can cause the syst...

6.1CVSS7.5AI score0.01358EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•6 views

Vulnerabilities fixed in NVidia drivers and tools

NVidia has fixed several vulnerabilities in the drivers and tools of GPU video cards. Malicious parties can exploit the vulnerabilities exploit them to cause a denial-of-service, obtain obtain system data, or execute arbitrary code under the GPU's privileges. Because GPU drivers sit very close to...

7.8CVSS7.5AI score0.00498EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•10 views

Vulnerability fixed in Citrix ShareFile

A vulnerability has been fixed in the storage zones controller of Citrix ShareFile. The vulnerability allows an unauthenticated remote malicious party to obtain a sensitive data obtain. It is good practice to place these storage zone controllers in the in-house network with DMZ tooling to protect...

9.8CVSS6.5AI score0.01081EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•4 views

Vulnerabilities fixed in macOS

Apple has fixed a large number of vulnerabilities in Apple macOS Big Sur 11, Catalina 10.15 and Mojave 10.14. A malicious person can exploit the vulnerabilities to cause the following categories of damage cause: Circumvention of security measure. Remote code execution Administrator/Root rights...

10CVSS8.5AI score0.68531EPSS
Exploits9
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

8.8CVSS7.3AI score0.01601EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•4 views

Vulnerabilities fixed in Apple iOS and iPadOS

The vulnerabilities enable a malicious person to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution Administrator/Root rights Remote code execution User rights Spoofing Accessing sensitive data Access to system data...

9.8CVSS7.6AI score0.04528EPSS
Exploits0
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•3 views

Vulnerabilities fixed in the Linux kernel

Fedora has fixed vulnerabilities in the Linux kernel and associated tooling. A malicious person could exploit them to cause a denial-of-service, or gain access to information in kernel memory. -= Fedora =- Fedora has made updates available for Fedora 32 and 33. You can install these updates using...

7CVSS7.6AI score0.01071EPSS
Exploits1
NCSC
NCSC
•added 2021/04/28 12:0 a.m.•7 views

Multiple vulnerabilities fixed in RedHat OpenShift

Red Hat has fixed multiple vulnerabilities in the jackson databind of their OpenShift Container platform for RHEL 8. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data or execute arbitrary code under the privileges of the application. Many of t...

10CVSS9AI score0.62906EPSS
Exploits18
NCSC
NCSC
•added 2021/04/26 12:0 a.m.•4 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. A malicious party could exploit the vulnerability to bypass authentication on an OpenVPN server configured to use "deferred authentication." Also, the malicious party can gain access gain access to information about the VPN settings. See the page below f...

7.5CVSS7.1AI score0.05107EPSS
Exploits0
NCSC
NCSC
•added 2021/04/26 12:0 a.m.•7 views

Update mechanism Passwordstate compromised

Click Studios, the manufacturer of Passwordstate, has announced announced that its automatic update mechanism has been abused to offer malicious files for download. If you meet these criteria: - you are currently using version 9.1 build 9117, - Passwordstate applies updates automatically, - and t...

6.7AI score
Exploits0
NCSC
NCSC
•added 2021/04/26 12:0 a.m.•17 views

Vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed several vulnerabilities in Spectrum Protect and added third-party tools. A malicious party can exploit the exploit vulnerabilities to cause the following types of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Remote code execution User...

9.8CVSS7.8AI score0.99295EPSS
Exploits98
NCSC
NCSC
•added 2021/04/22 12:0 a.m.•3 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. An unauthenticated remote malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. For this vulnerabilit...

6.3AI score
Exploits0
NCSC
NCSC
•added 2021/04/22 12:0 a.m.•3 views

Vulnerability fixed in IBM WebSphere

IBM has fixed a vulnerability in WebSphere Application Server. A remote malicious person could exploit the vulnerability to obtain sensitive information or cause a denial-of-service DoS. To do this, the malicious party must attach a rogue XML file to the WebSphere Application Server. offer. IBM h...

8.2CVSS6.5AI score0.02909EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•4 views

Vulnerability fixed in SonicWall Email Security

SonicWall has fixed a vulnerability in Email Security. A authenticated malicious party can exploit the vulnerability to be able to read arbitrary files on the vulnerable system. SonicWall has released updates to fix the vulnerability in Email Security on Premise and Hosted v10.0.9. For more...

4.9CVSS6.9AI score0.51407EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Supply Chain

Vulnerabilities have been fixed in Oracle Supply Chain Suite. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...

9.8CVSS8.6AI score0.28839EPSS
Exploits1
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•67 views

Vulnerabilities fixed in Oracle Financial Services Applications

Vulnerabilities have been fixed in Oracle Financial Services Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive data...

9.8CVSS8.8AI score0.85001EPSS
Exploits9
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•11 views

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...

9.1CVSS8.2AI score0.92907EPSS
Exploits7
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle VirtualBox

Vulnerabilities have been fixed in Oracle Virtualization. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to sensitive...

8.4CVSS7.2AI score0.0331EPSS
Exploits1
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Solaris

Vulnerabilities have been fixed in Oracle Solaris. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Manipulation of data. Remote code execution User rights Access to sensitive data...

7.8CVSS7.2AI score0.00305EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Increased user...

10CVSS7.8AI score0.74513EPSS
Exploits8
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Java SE

Vulnerabilities have been fixed in Oracle Java. The vulnerabilities allow an unauthenticated remote malicious person to obtain system data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |. |------------------|------|-------------------------------------|...

5.9CVSS9AI score0.03566EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•15 views

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Remote code execution User rights. Access to sensitive data...

8.1CVSS8.6AI score0.88077EPSS
Exploits14
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•5 views

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Aruba has fixed multiple vulnerabilities in ClearPass Policy Manager. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...

9.8CVSS7.5AI score0.0322EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•5 views

Vulnerability fixed in Oracle SQL developer

A vulnerability has been fixed in Oracle SQL Developer. The vulnerability allows an unauthenticated remote malicious person able to access and manipulate sensitive data. data to be manipulated. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...

5.3CVSS8.5AI score0.08665EPSS
Exploits1
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Access to...

9.8CVSS8.8AI score0.42993EPSS
Exploits5
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•8 views

Vulnerabilities fixed in Aruba AirWave Management Platform

Aruba Networks has fixed multiple vulnerabilities in AirWave Management Platform. The vulnerabilities allow a remote malicious remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges SQL...

9CVSS8.2AI score0.12638EPSS
Exploits0
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•11 views

Vulnerabilities fixed in Oracle MySQL

Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Access to sensitive data Access to system da...

9.8CVSS9.4AI score0.95922EPSS
Exploits21
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the rights of the application or cause a denial-of-service. To do this, the malicious party must induce the victim to visit a malicious...

9.6CVSS7.9AI score0.57736EPSS
Exploits1
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•90 views

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS7.3AI score0.99019EPSS
Exploits27
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•9 views

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious person to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...

7.5CVSS6.8AI score0.8383EPSS
Exploits16
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•56 views

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Accessing...

9.8CVSS8.3AI score0.28839EPSS
Exploits6
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•9 views

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS7.2AI score0.99019EPSS
Exploits17
NCSC
NCSC
•added 2021/04/21 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle JD Edwards

Vulnerabilities have been fixed in Oracle JD Edwards. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

8.1CVSS7.2AI score0.99019EPSS
Exploits15
NCSC
NCSC
•added 2021/04/20 12:0 a.m.•4 views

Actively exploited vulnerability found in Pulse Connect Secure

A vulnerability has been found in Pulse Connect Secure. The vulnerability allows an unauthenticated remote malicious person able to bypass authentication and execute arbitrary code execute arbitrary code on the Pulse Connect Secure system. The vulnerability has a CVSS3.1 score of 10. Pulse Secure...

10CVSS7.8AI score0.99999EPSS
Exploits35
NCSC
NCSC
•added 2021/04/20 12:0 a.m.•4 views

Vulnerability fixed in x.org

A vulnerability has been fixed in X.org. A malicious person could exploit the vulnerability to appropriate elevated privileges within the X server and thus potentially execute arbitrary code with application privileges. Under usual circumstances, an X server runs with limited permissions. -= Debi...

7.8CVSS7AI score0.0105EPSS
Exploits0
NCSC
NCSC
•added 2021/04/20 12:0 a.m.•3 views

Vulnerability fixed in IBM WebSphere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. It involves an XML External Entity Injection XXE vulnerability. An unauthenticated remote malicious person could potentially exploit the vulnerability to gain access to sensitive data. In addition, the vulnerability could be exploited...

8.2CVSS7.1AI score0.02563EPSS
Exploits0
NCSC
NCSC
•added 2021/04/20 12:0 a.m.•5 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR and Thunderbird. The vulnerabilities can be exploited by a malicious be exploited to cause a denial-of-service, access gain access to data in the context of the application, or to potentially execute arbitrary code with application...

8.8CVSS7.4AI score0.01764EPSS
Exploits2
NCSC
NCSC
•added 2021/04/20 12:0 a.m.•6 views

Vulnerabilities fixed in Node.js

Several vulnerabilities have been fixed in Node.js. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. In addition, the vulnerabilities could be exploited to perform a prototype pollution attack. Depending on the Node.js application, this could...

9.8CVSS8.8AI score0.69062EPSS
Exploits5
NCSC
NCSC
•added 2021/04/20 12:0 a.m.•4 views

Vulnerabilities fixed in QEMU

Several vulnerabilities have been fixed in QEMU. A malicious person can exploit the vulnerabilities to cause a denial-of-service cause, both in the guest system and the host system. Also a malicious party could potentially access memory that is allocated to guest systems other than his own. -= SU...

7.5CVSS7.1AI score0.05447EPSS
Exploits5
NCSC
NCSC
•added 2021/04/19 12:0 a.m.•6 views

Vulnerability fixed in VMware NSX-T

VMware has fixed a vulnerability in NSX-T. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. VMware has released updates to fix the vulnerability in NSX-T 3.1.2. For more information, see:...

7.8CVSS7.1AI score0.00217EPSS
Exploits0
NCSC
NCSC
•added 2021/04/19 12:0 a.m.•7 views

Vulnerability fixed in LibreOffice

LibreOffice has fixed a vulnerability. A malicious party can bypass the deny-list in the Windows version and execute arbitrary code execute under user privileges by inserting a rogue hyperlink into a document. The Document Foundation has released updates to fix the vulnerability in LibreOffice...

9.3CVSS7.3AI score0.0417EPSS
Exploits1
NCSC
NCSC
•added 2021/04/19 12:0 a.m.•61 views

Vulnerabilities fixed in Juniper Junos OS

Juniper Networks has fixed multiple vulnerabilities in Junos OS and Junos OS Evolved for SRX and NFX series devices, among others. The vulnerabilities potentially enable a malicious party to execute attacks that result in the categories of damage. For each category, the CVE features that are...

10CVSS7.2AI score0.02566EPSS
Exploits2
NCSC
NCSC
•added 2021/04/19 12:0 a.m.•24 views

Vulnerabilities fixed in Juniper Junos Space

Juniper Networks has fixed vulnerabilities in Junos Space. The include vulnerabilities in Junos Space itself as well as vulnerabilities in third-party software. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Si...

10CVSS7.2AI score0.99295EPSS
Exploits400
Total number of security vulnerabilities4197