Lucene search
K

4197 matches found

NCSC
NCSC
•added 2021/01/14 12:0 a.m.•5 views

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges SUSE has released updates to fix the...

9.8CVSS6.5AI score0.01672EPSS
Exploits9
NCSC
NCSC
•added 2021/01/14 12:0 a.m.•6 views

Vulnerabilities fixed in Juniper Junos OS

Juniper has fixed vulnerabilities in Junos OS. The vulnerabilities allow a remote malicious person to to bypass a security measure and to cause a denial-of-service cause. Juniper categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 8.8. Juniper has released...

8.8CVSS8.5AI score0.93422EPSS
Exploits6
NCSC
NCSC
•added 2021/01/13 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe products

Adobe has fixed vulnerabilities in several products from Adobe. The vulnerabilities allow a locally authenticated malicious party to execute arbitrary code under permissions of the application or to obtain elevated privileges. Adobe has released updates to fix the vulnerabilities. More informatio...

8.6CVSS7.6AI score0.05614EPSS
Exploits0
NCSC
NCSC
•added 2021/01/13 12:0 a.m.•5 views

Vulnerability fixed in Roundcube

A vulnerability has been found in Roundcube. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. With the exploitation of this...

6.1CVSS6.8AI score0.32823EPSS
Exploits1
NCSC
NCSC
•added 2021/01/13 12:0 a.m.•7 views

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a remote malicious party to launch a Cross-site scripting attack and to obtain system data. Updates have been released to fix the vulnerabilities. More information can be found on the pages below: CVE-2021-23123:...

6.1CVSS7.1AI score0.81167EPSS
Exploits0
NCSC
NCSC
•added 2021/01/13 12:0 a.m.•6 views

Vulnerabilities fixed in Aruba Airwave Glass

Vulnerabilities have been fixed in Aruba Airwave Glass. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root privileges...

10CVSS7.6AI score0.07241EPSS
Exploits0
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•4 views

Vulnerability fixed in Microsoft Malware Protection Engine

Microsoft has fixed a vulnerability in Microsoft System Center Operations Manager. A remote malicious party could potentially exploit the vulnerability potentially exploit it to execute arbitrary code with user privileges or to access gain access to, and manipulate, sensitive information. Microso...

7.8CVSS6.5AI score0.39653EPSS
Exploits0
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•7 views

Vulnerability fixed in Microsoft Azure Active Directory Pod Identity

There is a vulnerability in Azure Active Directory AAD Pod Identity. The vulnerability allows a malicious person to impersonate another user. The AAD pod identity allows users to assign identities to pods in Kubernetes clusters by querying them with regular Azure Instance Metadata Services IMDS...

5.5CVSS6.5AI score0.01133EPSS
Exploits0
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•42 views

Vulnerabilities found in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - cause a denial-of-service, - bypass security measures, - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data. Below is a summary of the...

9.8CVSS7.3AI score0.0938EPSS
Exploits3
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•5 views

Vulnerabilities fixed in Siemens Scalance products

Siemens has fixed vulnerabilities in Scalance products. The vulnerabilities allow a malicious party to perform a denial-of-service and to bypass a security measure. circumvention. Siemens categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 9.1. Siemens has...

9.8CVSS6.8AI score0.01652EPSS
Exploits0
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed several vulnerabilities in Microsoft Office and Microsoft SharePoint. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Increased user privileges...

9.3CVSS7.1AI score0.03614EPSS
Exploits1
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•4 views

Vulnerability fixed in Microsoft SQL server

There is a vulnerability in Microsoft SQL Server. A authenticated malicious party can send data over a network to an affected SQL Server when it is configured to running an Extended Event session. SQL Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact...

8.8CVSS6.8AI score0.06153EPSS
Exploits0
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed several vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with user privileges. Visual Studio: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

7.8CVSS7.3AI score0.04908EPSS
Exploits1
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•88 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Access to system da...

9.9CVSS6.7AI score0.03864EPSS
Exploits4
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Edge

There is a vulnerability in Microsoft Edge. The vulnerability allows a malicious party to execute arbitrary execute arbitrary code with user privileges. The vulnerability arises by improper handling of objects in memory. Microsoft has made updates available that fix the described vulnerabilities...

7.6CVSS7.3AI score0.01916EPSS
Exploits0
NCSC
NCSC
•added 2021/01/12 12:0 a.m.•3 views

Vulnerability fixed in Cacti

A vulnerability has been fixed in Cacti. The vulnerability allows a remote malicious person the ability to launch an SQL-Injection attack execute. Cacti has released updates to fix the vulnerability. More information can be found on the page below: https://github.com/Cacti/cacti/issues/4022...

8.8CVSS6.7AI score0.04599EPSS
Exploits1
NCSC
NCSC
•added 2021/01/11 12:0 a.m.•60 views

Vulnerabilities fixed in NVIDIA GPU Display Driver

Vulnerabilities have been fixed in NVIDIA GPU Display Driver. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to system data Increased user privileges NVIDIA has...

8.4CVSS6.6AI score0.01777EPSS
Exploits0
NCSC
NCSC
•added 2021/01/11 12:0 a.m.•4 views

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious party to access sensitive data gain access to sensitive data and to cause a denial-of-service. One of the vulnerabilities allows a remote attacker to obtain API access tokens. GitLab rates this vulnerability as "high...

7.8CVSS6.3AI score0.01529EPSS
Exploits0
NCSC
NCSC
•added 2021/01/11 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Linux

Vulnerabilities have been fixed in Oracle Linux. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges Oracle has released updates to fix the vulnerabilities. More...

9.8CVSS7.6AI score0.0776EPSS
Exploits8
NCSC
NCSC
•added 2021/01/08 12:0 a.m.•7 views

Vulnerability fixed in RSLinx Classic

A denial-of-service vulnerability exists in the Ethernet / IP server functionality of Rockwell Automation RSLinx Classic. A specially crafted network request can result in a denial of service. Rockwell Automation has released updates to address the vulnerabilities fixes in RSLinx Classic. For mor...

7.5CVSS6.9AI score0.03388EPSS
Exploits1
NCSC
NCSC
•added 2021/01/08 12:0 a.m.•11 views

Vulnerabilities fixed in kernel Oracle Enterprice Linux

Oracle has fixed vulnerabilities in its kernel. The vulnerabilities allow a locally authenticated malicious agent to opportunity to obtain system data and to cause a denial-of-service. -= Oracle =- Oracle has made updates available for Oracle Linux 6 and 7. U can install these updates using the...

6.1CVSS7.8AI score0.00511EPSS
Exploits1
NCSC
NCSC
•added 2021/01/08 12:0 a.m.•4 views

Vulnerabilities fixed in Ghostscript

Vulnerabilities have been fixed in Ghostscript. The vulnerabilities allow a malicious party to cause a denial-of-service cause and to execute arbitrary code under the privileges of the user. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS and 18.04 LTS to fix the...

8.8CVSS7.7AI score0.04932EPSS
Exploits4
NCSC
NCSC
•added 2021/01/08 12:0 a.m.•6 views

Vulnerabilities fixed in IBM MQ

An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated malicious agent to obtain sensitive information and cause the initiation of a denial-of-service DoS IBM has released updates to fix the vulnerability. More information can be found on the page...

4.3CVSS6.5AI score0.04044EPSS
Exploits0
NCSC
NCSC
•added 2021/01/07 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure As usual, Google reveals little information regarding the details of the...

9.6CVSS6.5AI score0.03095EPSS
Exploits0
NCSC
NCSC
•added 2021/01/07 12:0 a.m.•9 views

Vulnerabilities fixed in Jackson databind

A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. These vulnerabilities are only in the 2.9 versions of Jackson databind. If you are using version 2.10 or higher mitigation measures are already included in the software. Faster:XML h...

8.8CVSS8.8AI score0.20929EPSS
Exploits12
NCSC
NCSC
•added 2021/01/07 12:0 a.m.•5 views

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure The vulnerability with attribute CVE-2020-1971 can only be exploited be exploited...

8.1CVSS8.5AI score0.16296EPSS
Exploits6
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•6 views

Vulnerability fixed in FortiGate

A remotely authenticated malicious person is able to view the log entries of SSL VPN events from users in other VDOMs by executing "get vpn ssl monitor" from the command line. The sensitive data includes usernames, user groups and IP addresses. FortiGuard has made updates available to fix the...

5CVSS6.4AI score0.00529EPSS
Exploits0
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•3 views

Vulnerability fixed in ImageMagick

A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges, when using the "convert" program to convert a specially prepared file to convert it to a PDF file. ImageMagick has released updates to fix the vulnerability. fix. For more informatio...

7.8CVSS7.3AI score0.07508EPSS
Exploits1
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•44 views

Vulnerabilities found in Schneider Electric Modicon products

Schneider Electric has identified vulnerabilities in Modicon products. The vulnerabilities allow an authenticated remote malicious party the ability to cause a denial-of-service cause. Schneider Electric has proposed mitigation measures and indicates it will be coming out with updates in the near...

8.8CVSS6.9AI score0.01087EPSS
Exploits0
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•3 views

Serious vulnerability fixed in Mozilla Firefox

A serious vulnerability has been fixed in Mozilla Firefox. A malicious party, by modifying a COOKIE-ECHO chunk in an SCTP package potentially cause a use-after-free. Mozilla indicates that it is likely, with enough effort, that this vulnerability could lead to the execution of arbitrary code...

8.8CVSS6.8AI score0.01304EPSS
Exploits0
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•13 views

Multiple vulnerabilities fixed in F5 BIG-IP products

Multiple vulnerabilities have been identified in F5 BIG-IP, an external malicious person could exploit them to create a denial of service condition, spoofing, execution of external code, data manipulation, cross-site scripting and trigger security restrictions on the targeted system. F5 has...

9.8CVSS7.3AI score0.99019EPSS
Exploits23
NCSC
NCSC
•added 2021/01/06 12:0 a.m.•14 views

Vulnerabilities fixed in Ubuntu kernel

Vulnerabilities have been fixed in the Ubuntu kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Increased user...

8.2CVSS7.3AI score0.06692EPSS
Exploits11
NCSC
NCSC
•added 2021/01/05 12:0 a.m.•4 views

Fixed an issue in Citrix ADC and Citrix Gateway

Citrix has fixed an issue in ADC and Gateway which can lead to denial-of-service attacks. A malicious party could potentially potentially misuse DTLS to cause a Denial-of-Service. Abuse can only occur when DTLS is enabled. Citrix reports that limited scale attacks are currently being reported whi...

6.2AI score
Exploits0
NCSC
NCSC
•added 2021/01/05 12:0 a.m.•8 views

Vulnerabilities fixed in Android

Vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data Increased user privileges As usual,...

10CVSS7AI score0.5063EPSS
Exploits2
NCSC
NCSC
•added 2021/01/05 12:0 a.m.•7 views

Vulnerabilities fixed in Dovecot

A malicious party could exploit the vulnerabilities to cause a denial-of-service and to read e-mail from other users. Dovecot has released updates to fix the vulnerabilities. For more information, see the following pages: CVE-2020-24386:...

7.5CVSS6.9AI score0.0466EPSS
Exploits1
NCSC
NCSC
•added 2020/12/29 12:0 a.m.•5 views

Vulnerabilities fixed in Huawei CloudEngine switches

Huawei has fixed multiple vulnerabilities in several CloudEngine switches. A remote malicious party could potentially exploit these vulnerabilities potentially exploit them to cause a denial-of-service DoS. In addition, a local malicious party that already in possession of elevated privileges can...

7.5CVSS6.9AI score0.00736EPSS
Exploits0
NCSC
NCSC
•added 2020/12/29 12:0 a.m.•5 views

Vulnerability fixed in QNAP QTS

QNAP has fixed a vulnerability in QTS. A malicious party could potentially exploit the vulnerability to inject arbitrary commands into applications. QNAP has released updates to fix the vulnerability in QTS 4.5.1.1495 build 20201123. For more information, see:...

8.8CVSS7AI score0.0255EPSS
Exploits0
NCSC
NCSC
•added 2020/12/29 12:0 a.m.•2 views

Vulnerability fixed in Grafana Enterprise

Several vulnerabilities have been fixed in Grafana. A malicious party could potentially exploit the vulnerabilities to bypassing authentication when Security Assertion Markup Language SAML is used as the authentication method. In addition the vulnerabilities could potentially be exploited for oth...

10CVSS7.2AI score0.04872EPSS
Exploits1
NCSC
NCSC
•added 2020/12/28 12:0 a.m.•5 views

Vulnerability fixed in Zyxel products

Due to the lack of input string cleanup in the CGI program "chgexppwd", a malicious party can inject commands inject. Zyxel has released updates to fix the vulnerability. For more information see: https://www.zyxel.com/support /Zyxel-security-advisory-for-command-injection-vulnerability-of-f...

9CVSS6.7AI score0.02344EPSS
Exploits0
NCSC
NCSC
•added 2020/12/28 12:0 a.m.•7 views

Actively exploited vulnerability fixed in SolarWinds Orion

SolarWinds has fixed a vulnerability in the Orion Platform. A malicious party could exploit this vulnerability to bypass authentication within the Orion API. Subsequently, the API can be used to compromise the Orion installation or underlying operating system. The vulnerability is actively...

9.8CVSS7.2AI score0.9198EPSS
Exploits3
NCSC
NCSC
•added 2020/12/24 12:0 a.m.•7 views

Vulnerabilities fixed in Veritas products

Vulnerabilities have been fixed in Veritas Backup Exec and Veritas NetBackup. The vulnerabilities allow a local attacker to to obtain elevated privileges. The vulnerability makes it possible for the attacker to execute arbitrary code under SYSTEM or administrator. The vulnerabilities rated by...

7.8CVSS7.8AI score0.00931EPSS
Exploits1
NCSC
NCSC
•added 2020/12/24 12:0 a.m.•6 views

Vulnerability fixed in Zimbra

Synacor has fixed a vulnerability in Zimbra in the way in which XML entities are processed in zm-saml-consumer-store. This vulnerability makes it possible for a malicious person to perform a Denial-of-Service attack. Attacks carried out via this vulnerability are also known as "billion laughs"...

6.5CVSS6.7AI score0.01481EPSS
Exploits0
NCSC
NCSC
•added 2020/12/23 12:0 a.m.•8 views

Serious vulnerability fixed in Zyxel products

A vulnerability has been fixed in Zyxel products. A researcher found an undocumented user whose both the username and password could be found in plaintext were in firmware. This undocumented account has admin rights. Zyxel has released updates to fix the vulnerability. Zyxel indicated that for AP...

10CVSS6.8AI score0.90049EPSS
Exploits2
NCSC
NCSC
•added 2020/12/23 12:0 a.m.•3 views

Vulnerabilities fixed in Asterisk

New versions of Asterisk have been released, in which two vulnerabilities have been fixed. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Asterisk has released updates to address the vulnerabilities. fixes. For more information, see:...

6.9AI score
Exploits0
NCSC
NCSC
•added 2020/12/22 12:0 a.m.•6 views

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ. The vulnerability allows a remote malicious person to cause a denial-of-service cause. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6386466...

7.5CVSS6.6AI score0.01695EPSS
Exploits0
NCSC
NCSC
•added 2020/12/22 12:0 a.m.•7 views

Vulnerabilities fixed in HCL Lotus Notes

HCL has fixed two vulnerabilities in Lotus Notes. A malicious party could exploit the vulnerabilities for a Cross-Site-Scripting XSS attack, potentially running arbitrary execute arbitrary scripts in the victim's browser, or for the perform a denial-of-service DoS on the service. HCL has released...

10CVSS6.8AI score0.02226EPSS
Exploits0
NCSC
NCSC
•added 2020/12/22 12:0 a.m.•7 views

Vulnerability fixed in IBM Filenet Content Manager

IBM has fixed a vulnerability in Filenet Content Manager and Content Navigator. An authenticated malicious party could exploit the exploit the vulnerability for a cross-site scripting XSS attack and thus potentially obtain the login credentials of other users find out. IBM has released updates to...

6.4CVSS5.7AI score0.01277EPSS
Exploits1
NCSC
NCSC
•added 2020/12/22 12:0 a.m.•3 views

Vulnerability found in Kubernetes

A vulnerability has been found in Kubernetes that allows a malicious person capable of performing a man-in-the-middle attack on the traffic within a cluster. By advertising an external IP address or by claiming a load balancer IP, traffic can be redirected to the attacker. However, the malicious...

6.3CVSS8.3AI score0.09274EPSS
Exploits3
NCSC
NCSC
•added 2020/12/22 12:0 a.m.•20 views

Serious vulnerabilities fixed in Dell Wyse ThinOS

Vulnerabilities have been fixed in Dell Wyse ThinOS. A malicious person with access to a local FTP server could exploit the vulnerabilities to obtain sensitive information. The malicious party, by accessing this information and the ability to modify configuration files, the entire system. Dell ha...

10CVSS6.6AI score0.01848EPSS
Exploits0
NCSC
NCSC
•added 2020/12/21 12:0 a.m.•6 views

Vulnerability fixed in Atlassian Crucible

A vulnerability has been fixed in Atlassian Crucible. The vulnerability allows a malicious party to perform a denial-of-service attack. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below: https://jira.atlassian.com/browse...

4.3CVSS6.6AI score0.00991EPSS
Exploits0
Total number of security vulnerabilities4197