Lucene search
K

4197 matches found

NCSC
NCSC
•added 2021/02/09 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed two vulnerabilities in Exchange Server. A malicious party can exploit the vulnerabilities to impersonate impersonate another user. Microsoft Exchange Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

6.5CVSS6.4AI score0.04627EPSS
Exploits7
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•47 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS SQL Injection Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data Bypassing...

9.9CVSS7.1AI score0.29847EPSS
Exploits3
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerability fixed in Apache ActiveMQ

A vulnerability has been found in Apache ActiveMQ. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Apache has released updates to f...

6.1CVSS6.1AI score0.78972EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•39 views

Fixed vulnerabilities in Windows Defender and System Center Operations Manager

Microsoft has fixed vulnerabilities in Windows Defender and Microsoft System Center Operations Manager. A malicious party could vulnerabilities potentially exploit them to gain higher privileges. Windows Defender: |----------------|------|-------------------------------------| | CVE ID | CVSS |...

8.8CVSS6.6AI score0.01825EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, obtain sensitive data, impersonate another user, and/or execute arbitrary code with user privileges. Below is a summary of the various vulnerabilities describe...

8.8CVSS6.4AI score0.05904EPSS
Exploits1
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•13 views

Vulnerabilities fixed in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - cause a denial-of-service, - bypass security measures, - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data. Below is a summary of the...

9.8CVSS7.3AI score0.78376EPSS
Exploits29
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•6 views

Vulnerability fixed in Siemens TIA Portal

Siemens has fixed a vulnerability in TIA Portal. A local malicious party could potentially exploit the vulnerability to obtain elevated privileges and thus execute arbitrary code execute code with SYSTEM privileges. To exploit the vulnerability, the malicious party must have physical access to th...

7.8CVSS7.5AI score0.00862EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Linux

Vulnerabilities have been fixed in the Oracle Linux kernel. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data Oracle has released updates t...

8.8CVSS8.1AI score0.02209EPSS
Exploits1
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•4 views

Vulnerabilities fixed in QEMU

Several vulnerabilities have been fixed in QEMU. A malicious person within a QEMU VM could potentially exploit the vulnerabilities to gaining access to sensitive data or to cause a denial-of-service. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS and...

7.5CVSS6.7AI score0.00654EPSS
Exploits2
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerability fixed in PEAR

A vulnerability has been fixed in PEAR ArchiveTar. A malicious party could potentially exploit the vulnerability to run execute arbitrary PHP code under the privileges of the application. To do this, the malicious party must create a rogue .tar-, .tar.gz, .bz2, or .tlz file to be processed by the...

7.5CVSS7.1AI score0.70595EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed two vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to impersonate as another user and potentially gain access to sensitive data. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

6.5CVSS6.4AI score0.02806EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•5 views

Vulnerability fixed in Roundcube Webmail

A vulnerability has been fixed in Roundcube Webmail. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. To do this, the malicious...

5.4CVSS6.3AI score0.01006EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•5 views

Vulnerability fixed in Simatic WinCC and PCS7

Siemens has fixed a vulnerability in Simatic WinCC Graphics Designer Tool and PCS7. a local malicious person could exploit it to gain access to a user, even any password-protected ones. To exploit the vulnerability, the malicious party needs physical access to the system where the vulnerable...

5.5CVSS6.8AI score0.00336EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•43 views

Vulnerabilities fixed in Siemens Scalance products

Siemens has fixed several vulnerabilities in SCALANCE switches. A malicious party could exploit the vulnerabilities to cause a denial-of-service, for obtaining sensitive data or to perform management actions under the privileges of the affected user. To cause a denial-of-service, or perform...

8.6CVSS7AI score0.01361EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•4 views

Vulnerabilities fixed in NetApp Active IQ

NetApp has fixed several vulnerabilities in Active IQ. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data NetApp has...

9.8CVSS8.6AI score0.18671EPSS
Exploits1
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Red Hat has fixed multiple vulnerabilities in OpenShift Container Platform. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to...

9.8CVSS9.7AI score0.95707EPSS
Exploits7
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•4 views

Vulnerabilities fixed in Siemens Ruggedcom ROX

Siemens has fixed vulnerabilities in several Ruggedcom ROX products. A malicious party could exploit the vulnerabilities to causing a denial-of-service of the vulnerable systems, or for obtaining sensitive data. The malicious party must have access to the production environment. It is good practi...

10CVSS6.9AI score0.44398EPSS
Exploits2
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•32 views

Large number of vulnerabilities fixed in Xerox FreeFlow Print Server

Xerox has fixed a large number of vulnerabilities in Xerox FreeFlow Print Server. The vulnerabilities are in the following underlying components: Microsoft Windows 10 Java 8 Firefox Xerox has released updates to fix the vulnerabilities in Freeflow print server. For more information, see the...

9.8CVSS8.6AI score0.5063EPSS
Exploits14
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•3 views

Vulnerabilities fixed in Docker

Vulnerabilities have been fixed in Docker. A local malicious person can, by exploiting the vulnerability with attribute CVE-2021-21284, gain root privileges from the container on the vulnerable system. To exploit this vulnerability, the Docker daemon must be configured with the --userns-remap...

6.8CVSS8.9AI score0.03287EPSS
Exploits0
NCSC
NCSC
•added 2021/02/09 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code and for a denial-of-service attack. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...

9.8CVSS7.5AI score0.30315EPSS
Exploits2
NCSC
NCSC
•added 2021/02/08 12:0 a.m.•3 views

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox and Firefox ESR. A remote malicious party could potentially exploit it to cause a denial-of-service or execute arbitrary execute arbitrary code with the application's permissions. For now, there are few substantive details about the vulnerability...

7.5AI score
Exploits0
NCSC
NCSC
•added 2021/02/08 12:0 a.m.•28 views

Vulnerability fixed in VxWorks

In Wind River VxWorks, the memory allocator has a possible overflow when calculating the size of the memory block that should be allocated by calloc. The result is that the actual allocated memory is smaller than the buffer size specified by the arguments, leading to memory corruption. The...

7.5CVSS8.5AI score0.01475EPSS
Exploits0
NCSC
NCSC
•added 2021/02/08 12:0 a.m.•2 views

Vulnerabilities fixed in OpenSUSE Linux kernel

Several vulnerabilities have been fixed in the Linux kernel as used by openSUSE. The vulnerabilities allow a local, authenticated malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution at the kernel level Access to sensiti...

8.8CVSS8.2AI score0.01377EPSS
Exploits2
NCSC
NCSC
•added 2021/02/05 12:0 a.m.•2 views

Vulnerability fixed in IBM Integration Bus

IBM has fixed a vulnerability in the node.js component of Integration Bus. An unauthenticated malicious person could exploit the exploit the vulnerability to cause a denial-of-service. IBM has released updates to fix the vulnerability in Integration Bus V10.0.0.23. For more information, see:...

7.5CVSS6.7AI score0.0344EPSS
Exploits1
NCSC
NCSC
•added 2021/02/05 12:0 a.m.•4 views

Vulnerabilities fixed in OpenLDAP

Vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated remote malicious person to cause a denial-of-service. The developers of OpenLDAP have released updates to fix the vulnerabilities. More information can be found on the pages below:...

7.5CVSS7AI score0.84224EPSS
Exploits0
NCSC
NCSC
•added 2021/02/05 12:0 a.m.•4 views

Vulnerability fixed in PHP

A vulnerability has been fixed in PHP. The vulnerability allows an authenticated remote malicious party capable of causing a denial-of-service attack. PHP developers have released updates to fix the vulnerability. More information can be found at the page below:...

7.5CVSS6.7AI score0.03179EPSS
Exploits0
NCSC
NCSC
•added 2021/02/04 12:0 a.m.•7 views

Vulnerability fixed in Webex Meetings and Meetings Server

A vulnerability has been fixed in Cisco Webex Meetings and Cisco Webex Meetings Server. The vulnerability allows an authenticated remote malicious party to add a rogue URL to the username field within a Webex invitation. Cisco has released updates to fix the vulnerability. More information can be...

4.1CVSS6.6AI score0.0103EPSS
Exploits0
NCSC
NCSC
•added 2021/02/04 12:0 a.m.•29 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed several vulnerabilities in IOS XR. A unauthenticated malicious person could remotely exploit them to cause a denial-of-service, circumvent bypassing security measures or obtaining system information. The vulnerabilities marked CVE-2021-1288 and CVE-2021-1313 involve a...

8.6CVSS6.9AI score0.01952EPSS
Exploits0
NCSC
NCSC
•added 2021/02/04 12:0 a.m.•3 views

Serious vulnerability fixed in SonicWall SMA100 Series

A vulnerability has been fixed in the SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to obtain login credentials to the system by executing an SQL injection. SonicWall has released updates to fix the vulnerability. fix. More information can be...

7.4AI score
Exploits0
NCSC
NCSC
•added 2021/02/04 12:0 a.m.•5 views

Vulnerability found in Adobe ColdFusion

A vulnerability has been found in Adobe ColdFusion. Due to an error in the permissions structure, a local malicious agent can place a specially prepared DLL file to execute arbitrary code under SYSTEM privileges. For more information, see the page below: https://www.kb.cert.org/vuls/id/125331 At...

7.8CVSS7AI score0.00501EPSS
Exploits0
NCSC
NCSC
•added 2021/02/03 12:0 a.m.•6 views

Vulnerabilities fixed in GitLab Community and Enterprise Edition

GitLab has fixed a number of vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data...

4.3CVSS6.4AI score0.01023EPSS
Exploits1
NCSC
NCSC
•added 2021/02/03 12:0 a.m.•5 views

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to execute arbitrary code. execute. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6408626...

10CVSS7.2AI score0.0769EPSS
Exploits0
NCSC
NCSC
•added 2021/02/03 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

9.6CVSS7.3AI score0.01116EPSS
Exploits0
NCSC
NCSC
•added 2021/02/03 12:0 a.m.•5 views

Large number of vulnerabilities fixed in Xerox FreeFlow Print Server

Xerox has fixed a large number of vulnerabilities in Xerox FreeFlow Print Server. The vulnerabilities are in the following underlying components: Microsoft Windows 7 Java 8 Firefox Misuse of the vulnerabilities allow unauthenticated remote malicious actors to launch attacks that can result in the...

9.3CVSS7.5AI score0.86863EPSS
Exploits38
NCSC
NCSC
•added 2021/02/03 12:0 a.m.•8 views

Serious vulnerabilities fixed in SolarWinds Orion

Vulnerabilities have been fixed in SolarWinds Orion. The vulnerability with reference CVE-2021-25274 allows an unauthenticated remote malicious person to execute arbitrary code with SYSTEM privileges. The vulnerability with attribute CVE-2021-25275 allows a local malicious person to access...

10CVSS7AI score0.36426EPSS
Exploits2
NCSC
NCSC
•added 2021/02/03 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat AMQ

Vulnerabilities have been fixed in Red Hat AMQ. The vulnerability with reference CVE-2020-27216 allows a local malicious person to to obtain elevated privileges. The vulnerability with attribute CVE-2020-27218 allows a remote malicious person to gain access to system data. Red Hat has released...

7CVSS8.4AI score0.08113EPSS
Exploits1
NCSC
NCSC
•added 2021/02/02 12:0 a.m.•6 views

Vulnerabilities fixed in Clustered Data ONTAP

NetApp has fixed two vulnerabilities. An unauthorized malicious party can use the vulnerabilities to discover the presence of data, which is stored outside his authorizations. stored. NetApp has released updates to fix the vulnerabilities in Clustered Data ONTAP. For more information, see:...

3.5CVSS7.1AI score0.00548EPSS
Exploits0
NCSC
NCSC
•added 2021/02/02 12:0 a.m.•5 views

Vulnerabilities fixed in the Debian kernel

Vulnerabilities have been fixed in Debian's kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data Increased user privileges Debian has released...

8.8CVSS7.8AI score0.06563EPSS
Exploits5
NCSC
NCSC
•added 2021/02/02 12:0 a.m.•9 views

Vulnerabilities fixed in Android

Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges As usual,...

10CVSS7.7AI score0.04707EPSS
Exploits2
NCSC
NCSC
•added 2021/02/02 12:0 a.m.•8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed a large number of vulnerabilities in Apple iOS and iPadOS 14.4. A malicious party can exploit the vulnerabilities to cause the following types of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple =- Apple has made updates available ...

9.8CVSS7.4AI score0.14542EPSS
Exploits1
NCSC
NCSC
•added 2021/02/02 12:0 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed a large number of vulnerabilities in Apple MacOS Big Sur 11, Catalina 10.15 and Mojave 10.14. A malicious person can exploit the vulnerabilities to cause the following types of damage cause: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data -= Apple...

9.8CVSS8AI score0.14542EPSS
Exploits3
NCSC
NCSC
•added 2021/02/01 12:0 a.m.•3 views

Vulnerability fixed in Libgcrypt

A vulnerability has been fixed in Libgcrypt. The vulnerability allows a remote malicious person to execute arbitrary code execute under the user's privileges. The developers of GnuPG have released updates to fix the vulnerability. More information can be found at the page below:...

7AI score
Exploits0
NCSC
NCSC
•added 2021/01/28 12:0 a.m.•14 views

Vulnerability fixed in Atlassian Bamboo

A vulnerability has been fixed in Atlassian Bamboo. A unauthenticated malicious person could exploit the vulnerability to obtain system data. Atlassian has released updates to fix the vulnerability in Bamboo. For more information, see: https://confluence.atlassian.com/bamboo...

5.3CVSS6.8AI score0.0111EPSS
Exploits0
NCSC
NCSC
•added 2021/01/28 12:0 a.m.•6 views

Vulnerabilities fixed in Apache ActiveMQ

Vulnerabilities have been fixed in Apache ActiveMQ. The vulnerabilities allow a malicious party to bypass authentication bypassing. Bypassing authentication is only possible when the optional LDAP login module is used. Apache has released updates to fix the vulnerability. More information can be...

7.5CVSS6.9AI score0.11239EPSS
Exploits0
NCSC
NCSC
•added 2021/01/28 12:0 a.m.•31 views

Vulnerability fixed in WinSCP

A vulnerability has been fixed in WinSCP. A malicious party could potentially exploit the vulnerability to execute arbitrary code execute arbitrary code under a user's privileges. To do so, the user to visit a rogue URI that will open in WinSCP. WinSCP has released updates to fix the vulnerabilit...

10CVSS7.7AI score0.07408EPSS
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•6 views

Vulnerability fixed in Apple XCode

Apple has fixed a vulnerability in XCode. A malicious could potentially exploit the vulnerability to gain access to arbitrary files and thus sensitive data. The malicious party must entice the victim to install a malicious application. -= Apple =- Apple has made updates available for XCode to fix...

5.5CVSS6.7AI score0.00642EPSS
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•7 views

Vulnerabilities fixed in Xerox WorkCentre

Xerox has fixed a number of vulnerabilities in Xerox WorkCentre multifunction printers. Passwords, which are stored on the multifunctional are better encrypted, system accounts have been made visible and manageable, and the ability to use the included McAfee Embedded Control has been removed. One...

7.5CVSS6.6AI score0.00805EPSS
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•5 views

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows a malicious party to obtain sensitive information and to potentially cause a denial-of-service cause. The attack on this vulnerability is known as an External Entity Injection XXE attack in which rogue co...

8.2CVSS7.2AI score0.04754EPSS
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•2 views

Vulnerability fixed in Jenkins

A vulnerability has been fixed in Jenkins. A malicious party can exploit the vulnerability to obtain information from the system, potentially bypassing existing security measures. bypassing existing security measures. This vulnerability arose in the most recent version of Jenkins when the...

6.5CVSS6.7AI score0.02226EPSS
Exploits0
NCSC
NCSC
•added 2021/01/27 12:0 a.m.•6 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious person, possibly remotely, can exploit the vulnerabilities exploit them to execute arbitrary code or to obtain elevated privileges on the vulnerable system. Apple has made few substantive details publicly available, but...

9.8CVSS7.8AI score0.07921EPSS
Exploits1
Total number of security vulnerabilities4197