Lucene search
K

4197 matches found

NCSC
NCSC
•added 2021/04/16 12:0 a.m.•5 views

Vulnerabilities fixed in McAfee Endpoint Security

Due to cleartext transfer of sensitive information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers that use DNS use, a remote attacker can view ENS requests and responses from GTI via DNS. McAfee has released...

6.5CVSS6.6AI score0.00509EPSS
Exploits0
NCSC
NCSC
•added 2021/04/16 12:0 a.m.•5 views

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform an XML External Entity XXE attack. This vulnerability is located in the way uploaded MP3 files are processed ...

6.9AI score
Exploits0
NCSC
NCSC
•added 2021/04/16 12:0 a.m.•6 views

Vulnerability fixed in Cisco IOS XR

Due to a vulnerability in the CLI of Cisco IOS XR 64-bit software allows an authenticated, local attacker to inject arbitrary commands inject arbitrary commands executed with root privileges on the underlying Linux operating system OS of an affected device. Cisco has released updates to fix the...

7.8CVSS6.9AI score0.00322EPSS
Exploits0
NCSC
NCSC
•added 2021/04/16 12:0 a.m.•19 views

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed several vulnerabilities in Jira. A unauthenticated remote malicious person can exploit the vulnerabilities exploit them to gain access to information about the system or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code...

6.1CVSS6.8AI score0.0161EPSS
Exploits0
NCSC
NCSC
•added 2021/04/16 12:0 a.m.•5 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed several vulnerabilities in BIG-IP. A unauthenticated malicious party could potentially exploit them to cause a denial-of-service. F5 has released updates to fix the vulnerabilities. For more information, see: CVE-2021-22975: https://support.f5.com/csp/article/K21971977 CVE-2021-22977...

7.5CVSS7.1AI score0.0102EPSS
Exploits0
NCSC
NCSC
•added 2021/04/16 12:0 a.m.•30 views

Vulnerabilities fixed in Juniper JunOS

A Race Condition vulnerability in the firewall process dfwd of Juniper Networks Junos OS allows an attacker to bypass the firewall rulesets to bypass CVE-2021-0247. A vulnerability in the forwarding of TCPv6 transit packets received on the Ethernet management interface of Juniper Networks Junos O...

7.1CVSS6.6AI score0.00647EPSS
Exploits0
NCSC
NCSC
•added 2021/04/16 12:0 a.m.•11 views

Vulnerabilities fixed in SUSE Linux Enterprise kernel

SUSE developers have fixed several vulnerabilities in the Linux kernel as used in SUSE Linux Enterprise. The vulnerabilities potentially enable a local malicious person to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution...

8.8CVSS5.7AI score0.03259EPSS
Exploits9
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•7 views

Vulnerabilities fixed in PAN-OS

A security vulnerability exists regarding log files in Palo Alto Networks PAN-OS software, in which the connection details for a scheduled configuration export are recorded recorded in system logs. PAN-OS developers have issued updates to PAN-OS to address the vulnerabilities. More information...

4.4CVSS6.8AI score0.00253EPSS
Exploits1
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•4 views

Vulnerability fixed in DELL PowerEdge and X-series

DELL has fixed a vulnerability in the firmware of their PowerEdge and X-series systems. Weak encryption allowed an unauthenticated malicious person to obtain the login credentials of another user and thereby gain elevated privileges. DELL has released updates to fix the vulnerability in PowerEdge...

9.8CVSS7AI score0.0054EPSS
Exploits0
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•4 views

Vulnerability fixed in Cisco AnyConnect Secure Mobility Client

A vulnerability in the IPC channel of Cisco AnyConnect Secure Mobility Client, an authenticated, local attacker can cause a Denial-of-Service DoS exploit on an affected device. To exploit this security vulnerability, the attacker must have have valid login credentials on the device. Cisco has...

5.5CVSS6.7AI score0.00223EPSS
Exploits0
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•5 views

Vulnerabilities fixed in GitLab CE and EE

GitLab has fixed two vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities could be exploited by a malicious person with rights to upload files could be exploited to execute arbitrary code with permissions from the GitLab Service. A CVE ID is not yet known for on...

7.5CVSS7.6AI score0.05061EPSS
Exploits0
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•3 views

Vulnerability fixed in NetApp products

Several NetApp products include Lodash. Lodash versions up to and including 4.17.15 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information, the addition or modification of data, or Denial of Service DoS. NetApp has released update...

7.4CVSS8AI score0.05213EPSS
Exploits1
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the permissions of the application or gain access to sensitive data in the context of the application. To do so, the malicious party...

9.6CVSS7.9AI score0.34466EPSS
Exploits0
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•6 views

Vulnerability fixed in Mendix

The latest updates to Mendix fix a vulnerability that allows malicious authorized users can increase their privileges increase their privileges. Remove the authority to manage user roles for non-administrator roles to mitigate this security vulnerability for non-administrator users as a mitigatin...

8.8CVSS6.6AI score0.00804EPSS
Exploits0
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•8 views

Vulnerabilities fixed in Juniper Junos OS

Juniper has fixed vulnerabilities in Junos OS. The vulnerabilities allow a remote malicious person to to bypass a security measure and to cause a denial-of-service cause Juniper has released updates to fix the vulnerabilities. More information can be found on the pages below:...

7.5CVSS6.8AI score0.05545EPSS
Exploits0
NCSC
NCSC
•added 2021/04/15 12:0 a.m.•12 views

Vulnerability fixed in Tomcat

Two vulnerabilities have been discovered in the Tomcat servlet and the JSP engine, which could lead to information disclosure or denial of service. -= Debian =- Debian has made updates to tomcat9 available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages ...

7.5CVSS6.7AI score0.18114EPSS
Exploits15
NCSC
NCSC
•added 2021/04/14 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in the Chrome browser. A unauthenticated remote malicious person could potentially exploit them to execute arbitrary code under the rights of the application. To do this, the malicious party needs to victim to visit a rogue Web page. Google has indicated that for...

8.8CVSS7.9AI score0.70435EPSS
Exploits6
NCSC
NCSC
•added 2021/04/13 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Exchange Server

Vulnerabilities have been fixed in Microsoft Exchange Server. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code on the system. |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

10CVSS7.1AI score0.83337EPSS
Exploits4
NCSC
NCSC
•added 2021/04/13 12:0 a.m.•18 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Accessing sensitive data. Execution of arbitrary code User Rights Denial-of-Service Below is a summary of the...

7.8CVSS7AI score0.04068EPSS
Exploits1
NCSC
NCSC
•added 2021/04/13 12:0 a.m.•81 views

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Impersonating another user Access to sensitive data Increased use...

7.8CVSS7.1AI score0.63034EPSS
Exploits3
NCSC
NCSC
•added 2021/04/13 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Azure products

Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities allow an unauthenticated remote malicious person to remote user to execute arbitrary code and obtain elevated permissions. Open Source Software: |----------------|------|-------------------------------------| | CVE ID | CV...

8.1CVSS7.6AI score0.01956EPSS
Exploits0
NCSC
NCSC
•added 2021/04/13 12:0 a.m.•6 views

Vulnerabilities fixed in SAP Netweaver products

Several vulnerabilities have been fixed in SAP Netweaver products. By exploiting the vulnerabilities, a malicious party within the local network to bypass authentication, view sensitive information or cause cross-site scripting and Denial-of-Service. SAP has made updates available to address the...

8.3CVSS6.2AI score0.02162EPSS
Exploits2
NCSC
NCSC
•added 2021/04/13 12:0 a.m.•10 views

Vulnerabilities fixed in Microsoft Windows

Vulnerabilities have been fixed in Windows. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Impersonating another user Access to sensitive...

9.8CVSS7.5AI score0.61648EPSS
Exploits4
NCSC
NCSC
•added 2021/04/13 12:0 a.m.•12 views

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in Siemens products. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution Administrator/Root right...

9.8CVSS7.7AI score0.98745EPSS
Exploits9
NCSC
NCSC
•added 2021/04/12 12:0 a.m.•3 views

Vulnerabilities fixed in SonicWall Email Security

Vulnerabilities have been fixed in SonicWall Email Security. The vulnerabilities allow a local malicious person to obtain elevated permissions and to execute arbitrary code under the user's privileges. SonicWall has released updates to address the vulnerabilities. fixes. More information can be...

9.8CVSS7.3AI score0.83425EPSS
Exploits0
NCSC
NCSC
•added 2021/04/09 12:0 a.m.•6 views

Vulnerability fixed in Tableau Server

A vulnerability has been fixed in Tableau Server. The vulnerability allows a malicious person to use an Open Redirect attack to send the visitor with a custom link to a malicious website redirect when sharing a "view." Salesforce has released updates to fix the vulnerability fix in Tableau Server...

6.1CVSS6.8AI score0.01338EPSS
Exploits2
NCSC
NCSC
•added 2021/04/09 12:0 a.m.•6 views

Vulnerability fixed in Forcepoint Web Security

A vulnerability has been fixed in Forcepoint Web Security. A malicious party can exploit the vulnerability to launch an XML External Entity Injection XXE attack when processing of XML data. An external attacker could exploit it to obtain sensitive information. Forcepoint has released updates to...

7.5CVSS7.1AI score0.01046EPSS
Exploits0
NCSC
NCSC
•added 2021/04/09 12:0 a.m.•3 views

Vulnerability fixed in WebSphere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6441433...

7.5CVSS6.8AI score0.03026EPSS
Exploits3
NCSC
NCSC
•added 2021/04/09 12:0 a.m.•2 views

Vulnerability fixed in dnsmasq

A vulnerability has been fixed in dnsmasq.The vulnerability allows a malicious party the ability to perform a DNS Cache Poisoning attack execute on a dnsmasq server. dnsmasq has released updates to fix the vulnerability. For more information, see:...

4.3CVSS6.9AI score0.01988EPSS
Exploits1
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•2 views

Vulnerability fixed in WebSphere Application Server

IBM has fixed a vulnerability in WebSphere Application Server. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6441063...

6.5CVSS6.8AI score0.01298EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•6 views

Vulnerability fixed in FreeBSD

A vulnerability has been fixed in FreeBSD. The vulnerability allows a locally authenticated malicious person to obtain to obtain system credentials. -= FreeBSD =- FreeBSD has made updates available to fix the vulnerability fix in kernel. More information about these updates can be found at:...

5.5CVSS6.4AI score0.00336EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•2 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 12 and 15. fixes in SUSE...

6.5CVSS7.1AI score0.00417EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•2 views

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in SUSE kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Live...

7.8CVSS8.5AI score0.02433EPSS
Exploits5
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•6 views

Vulnerabilities concealment in Oracle Linux

Vulnerabilities have been fixed in Oracle Linux. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Increased user rights -= Oracle =- Oracle has made updates...

8.1CVSS8.3AI score0.06563EPSS
Exploits6
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•6 views

Vulnerabilities fixed in ClamAV

Vulnerabilities have been fixed in ClamAV. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the permissions with which the service is running. By exploiting the vulnerability with CVE attribute CVE-2021-1386, a...

7.8CVSS8AI score0.03155EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•34 views

Vulnerabilities fixed in Jenkins

Vulnerabilities have been fixed in Jenkins. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to system data Software in the...

6.5CVSS6.2AI score0.04977EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•6 views

Vulnerabilities found in Cisco Unified Communications Manager

Vulnerabilities have been found in Cisco Unified Communications Manager. The vulnerabilities allow a malicious party to manipulate data and obtain sensitive information. Cisco has not yet released updates to address the vulnerabilities. fix. More information can be found on the pages below:...

4.9CVSS6.6AI score0.01081EPSS
Exploits0
NCSC
NCSC
•added 2021/04/08 12:0 a.m.•4 views

Vulnerability fixed in Cisco IOS XR

A vulnerability has been fixed in Cisco IOS XR. A authenticated malicious party could potentially exploit it to execute arbitrary commands with root privileges on the underlying operating system. Cisco has released updates to fix the vulnerability in IOS XR. For more information, see:...

4.3CVSS7.5AI score0.00745EPSS
Exploits0
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•26 views

Vulnerability fixed in FortiWeb

A vulnerability has been fixed in FortiWeb. An authenticated malicious party could exploit the vulnerability to obtain plaintext passwords for systems configured via a Web Vulnerability Scan profile. FortiNet has released updates to fix the vulnerability in FortiWeb. For more information, see:...

6.5CVSS6.8AI score0.00963EPSS
Exploits0
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•3 views

Vulnerabilities fixed in xen

Vulnerabilities have been fixed in xen. The vulnerabilities allow a malicious party the ability to launch a Denial-of-Service on the host system. The malicious party is able to obtain system data. -= SUSE =- SUSE has made updates available to fix the vulnerabilities in SUSE 12 and 15. fixes in SU...

5.5CVSS7.1AI score0.00314EPSS
Exploits0
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat kernel

Vulnerabilities have been fixed in Red Hat kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Increased user privileges -= Red Hat...

8.1CVSS7.8AI score0.06563EPSS
Exploits6
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•8 views

Vulnerabilities fixed in WhatsApp

Vulnerabilities have been fixed in WhatsApp. A malicious party could potentially exploit the vulnerabilities to obtain sensitive information or to cause a denial-of-service. The vulnerability with CVE attribute CVE-2021-24027 only applies to applicable to WhatsApp for Android and WhatsApp Busines...

10CVSS6.9AI score0.03805EPSS
Exploits1
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•4 views

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. One vulnerability makes it impossible for a blocked user to reset the security token reset. This is problematic when the security token falls into wrong hands. The other two vulnerabilities involve a so-called Cross-Site Scripting XSS. MediaWiki has...

6.1CVSS6AI score0.0173EPSS
Exploits3
NCSC
NCSC
•added 2021/04/07 12:0 a.m.•5 views

Vulnerability fixed in Huawei CloudEngine switches

A vulnerability has been fixed in Huawei CloudEngine switches. A malicious party could potentially exploit the vulnerability to cause a denial-of-service attack. Huawei has released updates to fix the vulnerability in CloudEngine 5800, 6800, 7800 and 12800 switches. For more information, see:...

7.5CVSS6.8AI score0.00677EPSS
Exploits0
NCSC
NCSC
•added 2021/04/06 12:0 a.m.•8 views

Vulnerabilities fixed in Samsung products

Vulnerabilities have been fixed in several Samsung products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS7.2AI score0.00725EPSS
Exploits1
NCSC
NCSC
•added 2021/04/06 12:0 a.m.•4 views

Vulnerabilities fixed in Red Hat OpenShift container platform

Red Hat has released version 4.7.5 of its OpenShift Container Platform. A malicious party could potentially exploit them to cause a denial-of-service or execute arbitrary execute arbitrary code with root privileges. -= Red Hat =- Red Hat has made updates available for OpenShift Container Platform...

8.6CVSS7.6AI score0.03478EPSS
Exploits0
NCSC
NCSC
•added 2021/04/06 12:0 a.m.•79 views

Vulnerability fixed in Android

Vulnerabilities have been fixed in Android Operating System. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution User rights. Access to system data Increased user privileges The vulnerabilities...

10CVSS8.6AI score0.06692EPSS
Exploits2
NCSC
NCSC
•added 2021/04/06 12:0 a.m.•6 views

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to obtain sensitive data. This security advisory addresses two OpenSSL vulnerabilities that also appear in security advisory NCSC-2021-0259. For this reason, they are not included in the probability damage...

7.4CVSS6.1AI score0.62906EPSS
Exploits4
NCSC
NCSC
•added 2021/04/02 12:0 a.m.•4 views

Vulnerability discovered in Ansible

A vulnerability has been found in Ansible. The vulnerability allows a locally authenticated malicious person to obtain sensitive information. Certain information such as private keys is displayed in log files even when the system is so configured that this should not be possible. Ansible has not...

5.5CVSS8.7AI score0.00333EPSS
Exploits0
NCSC
NCSC
•added 2021/04/02 12:0 a.m.•7 views

Vulnerability fixed in HP Integrated Lights Out Amplifier Pack

HP has fixed a vulnerability in Integrated Lights Out Amplifier Pack. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the...

6.1CVSS6.8AI score0.00621EPSS
Exploits0
Total number of security vulnerabilities4197