Lucene search
K

4197 matches found

NCSC
NCSC
•added 2020/12/21 12:0 a.m.•6 views

Vulnerabilities fixed in WebKitGTK

Vulnerabilities have been fixed in WebKitGTK. The vulnerabilities allow a malicious person to execute arbitrary code execute under the user's privileges. The malicious party must victim to open a rogue page to exploit these vulnerabilities to be exploited. The developers of WebKitGTK have release...

8.8CVSS7.2AI score0.04446EPSS
Exploits2
NCSC
NCSC
•added 2020/12/21 12:0 a.m.•6 views

Vulnerabilities fixed in Treck TCP/IP

Vulnerabilities have been fixed in the low-level TCP/IP stack of fabriant Treck Inc. The vulnerabilities allow a malicious person to able to perform attacks that potentially lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Acces...

10CVSS7.5AI score0.03348EPSS
Exploits0
NCSC
NCSC
•added 2020/12/18 12:0 a.m.•6 views

Vulnerabilities fixed in MediaWiki

The developers of MediaWiki have fixed a number of vulnerabilities fixed in the latest software update. A malicious party could potentially exploit the vulnerabilities potentially exploit them to gain access to sensitive data, because in certain circumstances user data may end up in accessible...

7.5CVSS7AI score0.01573EPSS
Exploits4
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•7 views

Vulnerabilities fixed in XStream

Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Manipulation of data Access to sensitive data The vulnerabilities are exploitable only when using the defau...

7.7CVSS6.7AI score0.82392EPSS
Exploits7
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•6 views

Vulnerability fixed in Dell iDRAC

Dell has fixed a vulnerability in iDrac. A malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. iDRAC is a management environment. I...

6.1CVSS6.6AI score0.00991EPSS
Exploits0
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•9 views

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data F5 has released updates...

7.8CVSS6.5AI score0.01423EPSS
Exploits0
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•7 views

Vulnerabilities fixed in LogRhythm SIEM

Vulnerabilities have been fixed in LogRhythm SIEM. The vulnerabilities allow a malicious person to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Circumvention of security measure. Remote code execution Administrator/Root...

10CVSS7.6AI score0.03112EPSS
Exploits1
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•7 views

Vulnerabilities fixed in Arista EOS

Arista has fixed several vulnerabilities in EOS. The vulnerabilities marked CVE-2020-15897, CVE-2020-15898, CVE-2020-24360 and CVE-2020-26569 allow a malicious person to cause cause a denial-of-service DoS. To do this, rogue network traffic to the device. The vulnerability with reference...

7.5CVSS8.6AI score0.01261EPSS
Exploits4
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•5 views

Vulnerability fixed in HPE Systems Insight Manager

A vulnerability has been fixed in HPE Systems Insight Manager. A malicious party could potentially exploit the vulnerability to execute arbitrary code under elevated privileges. The vulnerability is located in optional features called "Federated Search" and "Federated CMS Configuration." The...

9.8CVSS7.3AI score0.8189EPSS
Exploits4
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•6 views

Vulnerabilities fixed in Brocade Fabric OS

Broadcom has released updates to fix vulnerabilities in Brocade Fabric OS. An authenticated malicious person without the proper LDAP group memberships could log into a switch as a regular user. The switch is only vulnerable to this to this when it is active in "Virtual Fabric" mode. Also, a local...

6.7CVSS7.3AI score0.00869EPSS
Exploits0
NCSC
NCSC
•added 2020/12/17 12:0 a.m.•9 views

Vulnerabilities fixed in Red Hat Openshift Container

Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerability with reference CVE-2020-8559 allows an authenticated malicious person with root privileges on a node to be able to gain elevated privileges on other nodes running in the same cluster running. With these...

6.8CVSS9.2AI score0.061EPSS
Exploits5
NCSC
NCSC
•added 2020/12/16 12:0 a.m.•4 views

Vulnerability fixed in IBM Tivoli Netcool Impact

A vulnerability has been fixed in IBM Tivoli Netcool Impact. A malicious party can exploit the vulnerability to circumvent bypass security measures and obtain sensitive data via phishing. sensitive data. IBM has released updates to fix the vulnerability in Tivoli Netcool Impact 7.1.0.20. For more...

6.1CVSS6.6AI score0.00805EPSS
Exploits0
NCSC
NCSC
•added 2020/12/16 12:0 a.m.•31 views

Vulnerability fixed in Cloudforms

RedHat has fixed a vulnerability in CloudForms Management Engine. Due to a flaw in Role Based authorizations, an authorized malicious person is able to execute commands with administrator privileges, or gain access to sensitive data. This vulnerability was previously reported as the vulnerability...

8.3CVSS7AI score0.01EPSS
Exploits0
NCSC
NCSC
•added 2020/12/16 12:0 a.m.•5 views

Vulnerabilities fixed in Mozilla Firefox

Mozilla has fixed several vulnerabilities in Firefox. A malicious party can exploit the vulnerabilities to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing sensitive data T...

9.8CVSS8.9AI score0.01876EPSS
Exploits2
NCSC
NCSC
•added 2020/12/16 12:0 a.m.•7 views

Vulnerabilities fixed in Citrix Hypervisor

Citrix has fixed vulnerabilities in Hypervisor. The vulnerabilities allow a malicious person with the right to execute code execute code in the guest be able to obtain system data, appropriate assign privileges on the host or cause a denial-of-service cause a Denial-of-Service on the host. Citrix...

8.8CVSS8.1AI score0.01428EPSS
Exploits0
NCSC
NCSC
•added 2020/12/16 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service Manipulation of data Access to sensitive data Red Hat has released updates to address the...

9.8CVSS6.4AI score0.06253EPSS
Exploits1
NCSC
NCSC
•added 2020/12/15 12:0 a.m.•3 views

Vulnerability fixed in Apple Safari

A vulnerability has been fixed in Apple Safari. The vulnerability potentially allows a remote malicious person to execute arbitrary execute arbitrary code in the context of the browser if he manages to get the user to visit a rogue page. Apple has released updates to fix the vulnerability. More...

8.8CVSS7AI score0.01705EPSS
Exploits0
NCSC
NCSC
•added 2020/12/15 12:0 a.m.•6 views

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to cause a Denial-of-Service cause and perform a Cross-site scripting attack. F5 has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-5948:...

9.6CVSS6.8AI score0.01261EPSS
Exploits0
NCSC
NCSC
•added 2020/12/15 12:0 a.m.•4 views

Vulnerabilities fixed in Apple iOS and iPadOS

Vulnerabilities have been fixed in Apple iOS and iPadOS. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data App...

8.8CVSS7AI score0.01705EPSS
Exploits0
NCSC
NCSC
•added 2020/12/15 12:0 a.m.•4 views

Vulnerability fixed in Apple MacOS Server

A vulnerability has been fixed in Apple MacOS Server. The vulnerability potentially allows a remote malicious party to perform execute a cross-site scripting attack or the ability to exploit an open-redirect vulnerability to be exploited. Apple has released updates to fix the vulnerability. More...

6.1CVSS5.9AI score0.0059EPSS
Exploits0
NCSC
NCSC
•added 2020/12/15 12:0 a.m.•2 views

Vulnerabilities fixed in X11 server

Vulnerabilities have been fixed in X11 server. The vulnerabilities potentially allow a malicious party to access system data and to gain elevated privileges gain. -= Oracle =- Oracle has made updates available for Oracle Linux 7. You can install these updates using the command 'yum'. More...

7.8CVSS7AI score0.00393EPSS
Exploits0
NCSC
NCSC
•added 2020/12/14 12:0 a.m.•4 views

Actively exploited vulnerabilities fixed in SolarWinds Orion

SolarWinds reports active misuse of SolarWinds Orion. Through a still unknown method, a version of Orion was distributed between March and June 2020 distributed, which appears to contain a Trojan. It concerns the versions 2019.4 HF 5 through 2020.2.1. The manipulated versions are abused by...

8.1AI score
Exploits0
NCSC
NCSC
•added 2020/12/11 12:0 a.m.•5 views

Vulnerability fixed in NetApp

Netapp Snap Creator Framework includes Apache Tomcat. Apache Tomcat versions 8.5.1 through 8.5.59, 9.0.0.M5 through 9.0.39, and 10.0.0-M1 through 10.0.0-M9 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information. Netapp has release...

7.5CVSS8.4AI score0.24622EPSS
Exploits0
NCSC
NCSC
•added 2020/12/11 12:0 a.m.•5 views

Vulnerabilities fixed in Cisco Jabber Desktop and Mobile Client

Vulnerabilities have been fixed in Cisco Jabber Desktop and Mobile Client. The vulnerabilities allow a remote malicious person to able to perform attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to sensitive dat...

9.9CVSS7.5AI score0.02517EPSS
Exploits0
NCSC
NCSC
•added 2020/12/11 12:0 a.m.•6 views

Vulnerabilities fixed in ArubaOS

Hewlett Packard has fixed vulnerabilities in ArubaOS. The vulnerability with reference CVE-2020-24637 was known earlier this year become known as "Boothole" NCSC-2020-0614. This vulnerability allows a malicious person with sufficient access to the system to load a rogue kernel. The remaining...

10CVSS7.6AI score0.049EPSS
Exploits0
NCSC
NCSC
•added 2020/12/10 12:0 a.m.•4 views

Vulnerability fixed in Adobe Acrobat and Reader

Adobe has fixed a vulnerability in Adobe Acrobat and Reader. The vulnerability allows a malicious party to obtain sensitive obtain information from the victim's context. Adobe has released updates to fix the vulnerability. More information can be found on the page below:...

7.1CVSS6.4AI score0.07818EPSS
Exploits0
NCSC
NCSC
•added 2020/12/10 12:0 a.m.•4 views

Vulnerabilities fixed in Foxit Reader and Foxit PhantomPDF

Foxit has fixed vulnerabilities in Foxit Reader and Foxit PhantomPDF. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Foxit has released...

8.8CVSS7.5AI score0.71145EPSS
Exploits5
NCSC
NCSC
•added 2020/12/10 12:0 a.m.•5 views

Vulnerabilities fixed in Schneider Electric equipment

Vulnerabilities have been fixed in Schneider Electric devices. The vulnerabilities allow an unauthorized malicious person at remotely capable of causing a denial-of-service and obtaining obtain sensitive data. Schneider Electric has released updates to fix the vulnerability. fix. More information...

7.5CVSS6.6AI score0.01181EPSS
Exploits0
NCSC
NCSC
•added 2020/12/10 12:0 a.m.•2 views

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing system data GNU has released updates to fix the vulnerabilities. More...

7.5CVSS8.7AI score0.09917EPSS
Exploits3
NCSC
NCSC
•added 2020/12/10 12:0 a.m.•5 views

Multiple vulnerabilities fixed in IBM Aspera

IBM has fixed several vulnerabilities in the Aspera Suite. The vulnerabilities are in the underlying OpenSSL, cURL libcurl and FasterXML jackson databind software. A malicious party could potentially exploit the vulnerabilities to bypassing security measures, accessing sensitive data and from bei...

10CVSS9.2AI score0.14298EPSS
Exploits4
NCSC
NCSC
•added 2020/12/10 12:0 a.m.•5 views

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. When a remote malicious party manages to provide a rogue certificate and a rogue certificate-revocation-list manages to offer them to an ssl server or ssl client, a denial-of-service can be caused by doing so. OpenSSL has released updates to fix the...

5.9CVSS8.5AI score0.06968EPSS
Exploits3
NCSC
NCSC
•added 2020/12/09 12:0 a.m.•6 views

Vulnerability discovered in WildFly

A vulnerability has been discovered in WildFly. The vulnerability allows an unauthenticated remote malicious person to perform a Denial-of-Service to cause. The vulnerability occurs when the application uses the OpenTracing APIs java interceptors. JBoss Community is working on updates...

7.1CVSS7.1AI score0.01109EPSS
Exploits0
NCSC
NCSC
•added 2020/12/09 12:0 a.m.•6 views

Vulnerability fixed in Apache Struts

A vulnerability has been fixed in Apache Struts. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under privileges of the Struts application. To exploit the vulnerability, the OGNL evaluation must be be enabled. Apache has released a new version to fix th...

9.8CVSS8.6AI score0.95922EPSS
Exploits11
NCSC
NCSC
•added 2020/12/09 12:0 a.m.•7 views

Vulnerabilities fixed in Citrix Secure Mail

Citrix has fixed vulnerabilities in Citrix Secure Mail. A malicious party can use a rogue app to gain access to the email data and, to a lesser extent, the calendar data stored in the victim's Citrix Secure Mail. The vulnerability is located in Citrix Secure Mail for Android. Citrix Secure Mail f...

6.5CVSS6.6AI score0.02037EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•2 views

Vulnerabilities fixed in Xerox AltaLink

Vulnerabilities have been fixed in Xerox AltaLink. The vulnerabilities allow a malicious party to perform a Denial-of-Service DoS exploit. Xerox has released updates to fix the vulnerabilities in Xerox AltaLink products and has released installation and update instructions released. For more...

7.5CVSS8.7AI score0.04666EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Azure. The vulnerabilities allow a malicious person to bypass security measures. Azure Sphere: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |. |----------------|------|-------------------------------------| |...

9.1CVSS6.5AI score0.0359EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•3 views

Vulnerability in CakePHP fixed

The makers of CakePHP have fixed a vulnerability with version 4.0.10 fixed. The security fixes fix a vulnerability in the CsrfProtectionMiddleware that allowed parameters for overwrite method CSRF checks without additional POST data bypassed. CakePHP developers have issued updates to fix the...

6.6AI score
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•7 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root rights Spoofing Access to system data...

10CVSS7.8AI score0.04708EPSS
Exploits4
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•30 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. A malicious party could exploit the vulnerabilities to perform Cross-Site Scripting XSS or Remote Code Execution RCE. Such an attack can only be performed by an authenticated user or administrator. Microsoft Dynamics:...

8.8CVSS5.7AI score0.03658EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with user privileges. Vulnerabilities related to Visual Studio can only be be exploited by convincing the user to open rogue files. Visual Studio:...

9.4CVSS7.4AI score0.03552EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Windows

There are several vulnerabilities in Microsoft Windows. The vulnerabilities allow a malicious person to: - execute arbitrary code with user privileges; - grant themselves elevated privileges; - circumvent security measures; - gain access to sensitive data; - construct a DNS cache poisoning attack...

9.9CVSS7.3AI score0.27224EPSS
Exploits4
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•17 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed several vulnerabilities in Microsoft Office and Microsoft SharePoint. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Bypassing security measure; Executing arbitrary code under user privileges; Spoofin...

10CVSS7.6AI score0.04131EPSS
Exploits3
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•52 views

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Google Android. The most serious of these vulnerabilities is a critical security issue in the Media Framework component that allows an external malicious party can execute arbitrary code within the context of an authorized process. Google released update...

10CVSS9.2AI score0.07137EPSS
Exploits1
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•3 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed several vulnerabilities in Microsoft Exchange Server. An authenticated remote malicious person could potentially exploit the vulnerabilities to execute arbitrary code execute arbitrary code or to obtain sensitive information. For each of the vulnerabilities included in this...

9.1CVSS7.2AI score0.8979EPSS
Exploits9
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•29 views

Vulnerabilities fixed in GitLab

Multiple vulnerabilities have been identified in GitLab; an remote attacker could exploit some of these vulnerabilities exploit them to enable cross-site scripting, denial of service condition trigger and release sensitive information about the targeted system. disclosure. The developers have...

6.5CVSS6.7AI score0.01244EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•10 views

Vulnerabilities fixed in Android 11

Vulnerabilities have been fixed in Android 11. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication. Remote code execution User Rights Accessing sensitive data Access to...

9.8CVSS9.4AI score0.04022EPSS
Exploits3
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•8 views

Vulnerabilities in multiple TCP/IP stacks

Researchers at Forescout Research Labs have found 33 vulnerabilities found in four open source TCP/IP stacks. In the research called AMNESIA:33, four vulnerabilities are identified as critical. The highest assigned CVSS score is 9.8. The vulnerabilities allow a malicious party to carry out attack...

9.8CVSS7.5AI score0.58695EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•7 views

Vulnerabilities fixed in openSUSE kernel

Vulnerabilities have been fixed in openSUSE. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Increased user privileges -= OpenSUSE =- The developers of...

7.8CVSS7.2AI score0.06692EPSS
Exploits9
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•3 views

Vulnerabilities fixed in HP-UX PHP

Vulnerabilities have been fixed in HP-UX PHP. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data HP categorizes these vulnerabilities according to the...

9.1CVSS7.1AI score0.08888EPSS
Exploits13
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•8 views

Vulnerabilities fixed in QNAP QTS

Vulnerabilities have been fixed in QNAP-QTS. The vulnerabilities allow a malicious person to perform Cross-Site Scripting XSS attacks. QNAP has released updates to fix the vulnerabilities. More information can be found on the pages below: https://www.qnap.com/en/security-advisories...

10CVSS6.1AI score0.99512EPSS
Exploits75
Total number of security vulnerabilities4197