Lucene search
K

4197 matches found

NCSC
NCSC
•added 2021/04/01 12:0 a.m.•5 views

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed several vulnerabilities in Jira. The vulnerabilities potentially enable a remote malicious person to able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure Accessing sensitive data Accessing...

7.2CVSS6.9AI score0.02508EPSS
Exploits0
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•3 views

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab Community Edition CE and Enterprise Edition EE. The vulnerabilities allow a remote unauthenticated malicious person potentially able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF Cross-Site...

6.7AI score
Exploits0
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•5 views

Vulnerability fixed in netmask

Netmask is a widely used component in various open source projects. This component contains a vulnerability. By incorrectly processing ipv4 addresses, attacks such as server-side request forgery SSRF, remote file inclusion RFI and local file inclusion LFI are made possible. The makers of Netmask...

9.1CVSS6.8AI score0.16356EPSS
Exploits1
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•6 views

Vulnerabilities fixed in Citrix Hypervisor (Xen)

Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a local malicious person with elevated permissions on a guest system able to cause the host system to crash. Citrix has released updates to fix the vulnerabilities. More information can be found on the page below:...

6.5CVSS6.7AI score0.00708EPSS
Exploits0
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•18 views

Vulnerabilities fixed in Oracle Linux

Oracle has fixed multiple vulnerabilities in the Unbreakable Enterprise kernel for Oracle Enterprise Linux. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code executi...

8.8CVSS8.1AI score0.06563EPSS
Exploits6
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•5 views

Vulnerabilities fixed in LDB

Several vulnerabilities have been fixed in LDB. LDB is an embedded database in line with LDAP and is used among other things by SAMBA. An unauthenticated remote malicious party could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service on LDB cause. This...

7.5CVSS7.1AI score0.04328EPSS
Exploits0
NCSC
NCSC
•added 2021/04/01 12:0 a.m.•4 views

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL.The vulnerabilities allow a remote malicious person the ability to obtain sensitive information obtain. To do so, the malicious party must induce the victim to visit a server under the control of the malicious party. -= Debian =- Debian has made updates to...

5.3CVSS6.9AI score0.05301EPSS
Exploits2
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•17 views

Vulnerability fixed in Foxit products

A vulnerability has been fixed in Foxit products. The vulnerability allows an unauthenticated remote malicious person able to cause a denial-of-service with potentially the execution of arbitrary code under privileges of the victim. To do this, the malicious party must induce the victim to open a...

7.8CVSS7.4AI score0.02692EPSS
Exploits0
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•6 views

Vulnerabilities fixed in Zabbix

SUSE has fixed vulnerabilities in its Zabbix packages. The vulnerabilities relate to an incorrectly implemented mechanism that protects against cross-site request forgery CSRF attacks and on insecure password hashing. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE...

8.8CVSS7.2AI score0.01472EPSS
Exploits0
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•5 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to cause a denial-of-service or to obtain system data obtain. To do so, the malicious party must induce the victim to to visit a rogue website. Google has released updates to fix the vulnerabilities...

8.8CVSS6.7AI score0.01793EPSS
Exploits0
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•5 views

Vulnerabilities fixed in Esri ArcGIS Server

Esri has fixed several vulnerabilities in ArcGIS Server. A authenticated remote malicious party can exploit the vulnerabilities potentially exploit them to execute arbitrary code under privileges of the service account. Esri has released updates to fix the vulnerabilities. For more information,...

6.8CVSS8AI score0.01002EPSS
Exploits0
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•8 views

Vulnerabilities fixed in Samsung products

Vulnerabilities have been fixed in several Samsung products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing system data Samsun...

9.8CVSS6.6AI score0.02831EPSS
Exploits0
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•3 views

Vulnerabilities fixed in VMware vRealize Operations

VMware has fixed two vulnerabilities in vRealize Operations, vRealize Suite Lifecycle Manager and Cloud Foundation. A unauthenticated malicious party can exploit the vulnerability with attribute CVE-2021-21975 to gain access to authentication credentials of administrators. The vulnerability with...

8.5CVSS7.2AI score0.7829EPSS
Exploits12
NCSC
NCSC
•added 2021/03/31 12:0 a.m.•4 views

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in Zimbra. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root privileges Access to system data Zimbra has released updates to...

9.8CVSS7.8AI score0.65005EPSS
Exploits11
NCSC
NCSC
•added 2021/03/30 12:0 a.m.•3 views

Vulnerability fixed in OpenAM

A vulnerability has been fixed in OpenAM. The vulnerability allows an unauthenticated remote malicious person to use of an LDAP injection attack to obtain sensitive information. Updates have been released to fix the vulnerability. More information can be found on the page below:...

7.5CVSS7.2AI score0.76385EPSS
Exploits5
NCSC
NCSC
•added 2021/03/30 12:0 a.m.•55 views

Vulnerabilities fixed in Esri ArcReader

Esri has fixed multiple vulnerabilities in ArcReader, ArcGIS Desktop, ArcGIS Engine and ArcGIS Pro. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code execute arbitrary code under application privileges. To do so, the malicious party needs to induce an...

7.8CVSS7.9AI score0.02412EPSS
Exploits0
NCSC
NCSC
•added 2021/03/30 12:0 a.m.•7 views

Vulnerability fixed in Mitel MiContact Center

Mitel has fixed a vulnerability in MiContact Center. The vulnerability allows an authenticated malicious party with access to the Enterprise License Manager portal is able to obtain system data obtain. Mitel has released updates to fix the vulnerability. More information can be found on the page...

9.8CVSS6.5AI score0.02516EPSS
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•4 views

Vulnerability fixed in Apple iOS and iPadOS

A vulnerability has been fixed in Apple iOS and Apple iPadOS. The vulnerability is located in the WebKit component and is referred to as Universal Cross-site Scripting UXSS. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under browser privileges. The...

6.1CVSS6.5AI score0.07082EPSS
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•7 views

Vulnerability found in Keycloak

A vulnerability has been found in Keycloak. The vulnerability allows a malicious person to use the new-account console to execute to execute arbitrary code. Red Hat reports that the vulnerability in version 13 of Keycloak has been fixed. At Keycloak itself, this information cannot be found found...

7.5CVSS6.9AI score0.0119EPSS
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•6 views

Vulnerabilities fixed in FreeBSD

Several vulnerabilities have been fixed in FreeBSD. The vulnerabilities allow a malicious person, potentially unauthenticated remote, be able to carry out attacks resulting in the following categories of damage: Bypassing authentication Bypassing security measure Accessing sensitive data Access t...

8.7CVSS6.7AI score0.02315EPSS
Exploits2
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•4 views

Vulnerability fixed in SpamAssassin

The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...

10CVSS7.7AI score0.06132EPSS
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•5 views

Vulnerabilities fixed in SolarWinds Orion

SolarWinds has fixed multiple vulnerabilities in the Orion Platform. An authenticated remote malicious party could potentially exploit the vulnerabilities potentially exploit them to execute execute arbitrary code. In addition, vulnerabilities have been fixed that allow a Tabnabbing attack and...

4.9CVSS6.7AI score0.0076EPSS
Exploits0
NCSC
NCSC
•added 2021/03/29 12:0 a.m.•6 views

Vulnerabilities fixed in McAfee ePolicy Orchestrator

McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privilege...

6.5CVSS6.4AI score0.00906EPSS
Exploits0
NCSC
NCSC
•added 2021/03/26 12:0 a.m.•6 views

Vulnerability fixed in Micro Focus products

A vulnerability has been fixed in several Micro Focus products. A malicious party could, by exploiting this vulnerability obtain the permissions with which the Operations Agent is is running on the vulnerable system. For Linux and Windows, these are root and SYSTEM users, respectively. Too little...

9.8CVSS6.9AI score0.01497EPSS
Exploits0
NCSC
NCSC
•added 2021/03/26 12:0 a.m.•12 views

Vulnerabilities fixed in NetApp products

NetApp has fixed multiple vulnerabilities in various Netapp products. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data NetApp ha...

8.3CVSS7AI score0.17611EPSS
Exploits4
NCSC
NCSC
•added 2021/03/26 12:0 a.m.•3 views

Vulnerabilities fixed in XStream

Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights Access to sensitive data The...

9.9CVSS7.4AI score0.82136EPSS
Exploits10
NCSC
NCSC
•added 2021/03/25 12:0 a.m.•55 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Access to sensiti...

9.9CVSS6.8AI score0.3539EPSS
Exploits4
NCSC
NCSC
•added 2021/03/25 12:0 a.m.•7 views

Vulnerabilities fixed in OpenSSL

Two vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerability with reference CVE-2021-3449 potentially exploit it to cause a denial-of-service. To do this requires sending a specially prepared "renegotiation ClientHello" message needs to be sent fro...

7.4CVSS8.6AI score0.62906EPSS
Exploits4
NCSC
NCSC
•added 2021/03/24 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing Accessing...

8.8CVSS7.4AI score0.01404EPSS
Exploits0
NCSC
NCSC
•added 2021/03/23 12:0 a.m.•6 views

Vulnerabilities fixed in Tivoli Netcool/OMNIbus

IBM Tivoli Netcool / OMNIbusGUI is vulnerable to stored cross-site scripting XSS. This security vulnerability CVE-2021-20336 allows users insert arbitrary JavaScript code into the Web interface, thereby altering the intended functionality, potentially lead to the release of login credentials with...

9.8CVSS8.8AI score0.95922EPSS
Exploits11
NCSC
NCSC
•added 2021/03/23 12:0 a.m.•6 views

Vulnerability fixed in Adobe ColdFusion

Adobe has released updates to fix a vulnerability in ColdFusion. A malicious party could potentially exploit it to execute arbitrary code under the privileges of the application. Very limited details are currently available about the vulnerability. Adobe has released updates to fix the...

5.4CVSS7.8AI score0.37095EPSS
Exploits0
NCSC
NCSC
•added 2021/03/23 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat Certificate System

Several vulnerabilities have been fixed in Red Hat Certificate System. A malicious party can exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Red Hat has made...

6.1CVSS6.4AI score0.00961EPSS
Exploits0
NCSC
NCSC
•added 2021/03/22 12:0 a.m.•2 views

Vulnerabilities fixed in Xerox ColorQube systems

Xerox has fixed vulnerabilities in ColorQube systems. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to provide access to the file system. No details have been made available about the latter vulnerability made available, nor has a CVE attribute be...

6.5CVSS7AI score0.01248EPSS
Exploits0
NCSC
NCSC
•added 2021/03/22 12:0 a.m.•30 views

Vulnerabilities fixed in Grafana Enterprise

Several vulnerabilities have been fixed in Grafana Enterprise. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or to obtain elevated privileges obtain elevated privileges within the application. Grafana Labs has released updates to address the...

7.5CVSS7.1AI score0.83042EPSS
Exploits0
NCSC
NCSC
•added 2021/03/22 12:0 a.m.•5 views

Vulnerability found in ProFTPd

A vulnerability has been found in ProFTPd. An unauthenticated malicious party can remotely exploit the vulnerability to cause a denial-of-service attack. No CVE ID issued. ProFTP has not yet released updates to address the vulnerability. fix in ProFTPd...

6.8AI score
Exploits0
NCSC
NCSC
•added 2021/03/18 12:0 a.m.•3 views

Vulnerability fixed in GitLab

GitLab developers have fixed a serious vulnerability fixed in GitLab Community Edition and Enterprise Edition. The vulnerability allows an authenticated malicious person to execute arbitrary code on the server. A CVE ID has been requested for this vulnerability but has not yet been assigned. GitL...

7AI score
Exploits0
NCSC
NCSC
•added 2021/03/17 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat kernel

Vulnerabilities have been fixed in the kernel of Red Hat Enterprise Linux 7. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote code execution User...

8.1CVSS7.3AI score0.06692EPSS
Exploits6
NCSC
NCSC
•added 2021/03/17 12:0 a.m.•8 views

Vulnerabilities fixed in Red Hat JBoss Enterprise Application Platform

Vulnerabilities have been fixed in JBoss Enterprise Application Platform. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing system data Red Hat has made...

8.1CVSS8.7AI score0.0714EPSS
Exploits2
NCSC
NCSC
•added 2021/03/16 12:0 a.m.•83 views

Vulnerabilities fixed in TYPO3

The TYPO3 Association has fixed several vulnerabilities in TYPO3. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data T...

8.6CVSS7.4AI score0.01731EPSS
Exploits0
NCSC
NCSC
•added 2021/03/16 12:0 a.m.•5 views

Vulnerabilities fixed in the Ubuntu kernel

Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights -= Ubuntu =- Canonical...

8.8CVSS8.4AI score0.02417EPSS
Exploits1
NCSC
NCSC
•added 2021/03/15 12:0 a.m.•7 views

Vulnerability fixed in Elasticsearch

Elastic has fixed a vulnerability in Elasticsearch. A remote malicious party could potentially exploit the vulnerability to gain access to sensitive data. The vulnerability is in the way Document or Field permissions are applied. A malicious party can view recently modified documents because they...

4.3CVSS8.5AI score0.01112EPSS
Exploits0
NCSC
NCSC
•added 2021/03/15 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. A malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the privileges of the logged in user. As usual, Google is disclosing little information regarding the details of the...

8.8CVSS7.7AI score0.26525EPSS
Exploits3
NCSC
NCSC
•added 2021/03/12 12:0 a.m.•3 views

Vulnerabilities fixed in NetBSD

The developers of NetBSD have fixed a number of vulnerabilities fixed in NetBSD's IP stack. Because packet IDs are not randomly are not randomly generated by default, a malicious party can predict the IP traffic. predict, allowing the malicious party to launch a man-in-the-middle attack to obtain...

6.8AI score
Exploits0
NCSC
NCSC
•added 2021/03/11 12:0 a.m.•2 views

Vulnerabilities fixed in IBM DB2

IBM has fixed two vulnerabilities in DB2. A local malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the underlying system with root privileges. To do this, however, the malicious party must have local access to the vulnerable system. IBM...

8.4CVSS7.2AI score0.00564EPSS
Exploits0
NCSC
NCSC
•added 2021/03/11 12:0 a.m.•5 views

Vulnerabilities fixed in F5 BIG-IQ

F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...

9.1CVSS7AI score0.00998EPSS
Exploits0
NCSC
NCSC
•added 2021/03/11 12:0 a.m.•6 views

Vulnerabilities fixed in Schneider Electric PowerLogic

Schneider Electric has fixed vulnerabilities in a number of PowerLogic products. An unauthenticated malicious person at remote could potentially exploit the vulnerabilities to cause a denial-of-service or to execute arbitrary code. Schneider Electric has released updates to address the...

9.8CVSS7AI score0.02428EPSS
Exploits0
NCSC
NCSC
•added 2021/03/11 12:0 a.m.•9 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed multiple vulnerabilities in its BIG-IP product line. The vulnerabilities allow a potentially unauthenticated remote malicious person is able to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

10CVSS8.3AI score0.99898EPSS
Exploits22
NCSC
NCSC
•added 2021/03/11 12:0 a.m.•3 views

Vulnerabilities fixed in Red Hat OpenShift Virtualization

Red Hat has released updates to address multiple vulnerabilities fixes in OpenShift Virtualization. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Red Hat has released updates to fix the vulnerabilities in OpenShift Virtualization. For more...

7.5CVSS6.9AI score0.21052EPSS
Exploits6
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•18 views

Vulnerabilities fixed in Adobe Creative Cloud

Adobe has fixed vulnerabilities in Creative Cloud Desktop Application. A malicious party can exploit the vulnerabilities to injecting system commands which are then executed by the application. Also, the vulnerabilities can be exploited to obtain elevated privileges and to overwrite arbitrary...

9.3CVSS8AI score0.02467EPSS
Exploits0
NCSC
NCSC
•added 2021/03/10 12:0 a.m.•3 views

Vulnerability fixed in Squid

Squid's developers have fixed a vulnerability. A authenticated user can exploit the vulnerability via an HTTP-Request Smuggling attack to still gain access gain access to services and websites that should be shielded. Squid has released updates to fix the vulnerability in Squid v 4.14 and 5.0.5...

8.6CVSS7AI score0.08161EPSS
Exploits0
Total number of security vulnerabilities4197