Lucene search
K

4197 matches found

NCSC
NCSC
•added 2020/12/08 12:0 a.m.•29 views

Vulnerabilities fixed in GitLab

Multiple vulnerabilities have been identified in GitLab; an remote attacker could exploit some of these vulnerabilities exploit them to enable cross-site scripting, denial of service condition trigger and release sensitive information about the targeted system. disclosure. The developers have...

6.5CVSS6.7AI score0.01244EPSS
Exploits0
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•15 views

Vulnerabilities fixed in Siemens vulnerabilities

Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution Administrator/Root right...

10CVSS8.1AI score0.98745EPSS
Exploits13
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•4 views

Vulnerability fixed in Nessus

Nessus uses third-party software to provide underlying functionality. One of the third-party components jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Tenable has made updates available for Nessus to fix the vulnerability. More...

6.9CVSS6.9AI score0.99019EPSS
Exploits7
NCSC
NCSC
•added 2020/12/08 12:0 a.m.•7 views

Vulnerabilities fixed in NetApp products

The makers of NetApp products have incorporated new versions of Eclipse Jetty server and Python into their products. With these, the release of sensitive information, the addition or modification of data or denial of service DoS is prevented. Netapp has released updates to fix the vulnerabilities...

9.8CVSS6.8AI score0.08314EPSS
Exploits1
NCSC
NCSC
•added 2020/12/07 12:0 a.m.•7 views

Vulnerability fixed in Kibana

A vulnerability has been fixed in Kibana. The vulnerability allows a malicious party the opportunity to spoof a URL and to cause a Denial-of-Service. Elastic has released bug fixes to address the vulnerability. fix. More information can be found on the pages below: Bug 1898572:...

6.1CVSS6.6AI score0.00643EPSS
Exploits0
NCSC
NCSC
•added 2020/12/07 12:0 a.m.•6 views

Vulnerability fixed in MISP

CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS and thereby potentially execute arbitrary code in the context of the browser. CIRCL has released updates to fix th...

6.1CVSS7.6AI score0.00765EPSS
Exploits0
NCSC
NCSC
•added 2020/12/07 12:0 a.m.•3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights As usual, Google reveals little information...

9.3CVSS7.2AI score0.99595EPSS
Exploits14
NCSC
NCSC
•added 2020/12/04 12:0 a.m.•5 views

WIBU CodeMeter vulnerabilities fixed

Wibu-Systems has fixed vulnerabilities in CodeMeter. Successful exploitation of these vulnerabilities could allow a malicious person to modify and forge a license file, create a denial-of-service condition, potentially execute remote code execute, read heap data, and disrupt the normal operation ...

9.8CVSS7.2AI score0.02031EPSS
Exploits0
NCSC
NCSC
•added 2020/12/03 12:0 a.m.•14 views

Vulnerabilities fixed in Ubuntu kernel

Vulnerabilities have been fixed in Ubuntu kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data -= Ubuntu =- Canonical has made updates...

7.8CVSS7.4AI score0.06692EPSS
Exploits14
NCSC
NCSC
•added 2020/12/03 12:0 a.m.•3 views

Vulnerability fixed in Thunderbird

When reading status codes from the SMTP server, Thunderbird an integer to a position on the stack that is is intended to contain only one byte. Depending on the processor architecture and the stack layout, this leads to corruption of the stack that could potentially be abused. Mozilla has release...

9.3CVSS6.7AI score0.01222EPSS
Exploits0
NCSC
NCSC
•added 2020/12/02 12:0 a.m.•4 views

Vulnerabilities fixed in NetApp products

Several NetApp products contain FasterXML jackson-databind. FasterXML jackson-databind versions 2.x prior to 2.9.10.4 are susceptible to vulnerabilities that, when successfully exploited, can lead to disclosure of sensitive information, addition or modification of data, or denial of service DoS...

8.1CVSS6.6AI score0.05594EPSS
Exploits0
NCSC
NCSC
•added 2020/12/02 12:0 a.m.•3 views

Issues fixed in FortiOS

Fortinet has fixed multiple vulnerabilities in Fortinet products. The vulnerabilities allow a malicious person to execute attacks that potentially lead to: Cross-Site Scripting XSS. Circumvention of security measure Accessing sensitive data FortiNet has released updates to address the...

7.5CVSS6.2AI score0.07709EPSS
Exploits7
NCSC
NCSC
•added 2020/12/01 12:0 a.m.•8 views

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira. The vulnerability allows a remote malicious person to manipulate to manipulate Jira templates. Atlassian has released updates to fix the vulnerability. fix. More information can be found on the page below:...

5.5CVSS6.6AI score0.0077EPSS
Exploits0
NCSC
NCSC
•added 2020/12/01 12:0 a.m.•6 views

Vulnerabilities fixed in Atlassian Crucible

Atlassian has fixed vulnerabilities in Crucible. The vulnerabilities allow a remote malicious person to perform a denial-of-service. Atlassian has released updates to fix the vulnerabilities. fixes. More information can be found on the pages below: CVE-2020-14190:...

7.5CVSS6.8AI score0.01212EPSS
Exploits0
NCSC
NCSC
•added 2020/12/01 12:0 a.m.•3 views

Vulnerabilities fixed in MariaDB

Vulnerabilities have been fixed in MariaDB. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data The vulnerabilities marked CVE-2020-13249 and CVE-2020-15180 have CVSSv3...

9CVSS9.2AI score0.05539EPSS
Exploits0
NCSC
NCSC
•added 2020/11/27 12:0 a.m.•5 views

Vulnerability fixed in DNS implementations

Researchers have discovered a vulnerability in a number of DNS implementations. The researchers have named the vulnerability SAD DNS, an acronymmm for Side-channel AttackeD DNS. This vulnerability has since been given CVE attribute CVE-2020-25705. The vulnerability allows a malicious party to rou...

7.4CVSS8.2AI score0.06692EPSS
Exploits1
NCSC
NCSC
•added 2020/11/27 12:0 a.m.•3 views

Vulnerability fixed in Netapp products

A vulnerability has been fixed in Jackson databind, used by several Netapp products. The vulnerability allows a malicious party to execute arbitrary code under the user's privileges and to obtain sensitive data. The vulnerabilities stem from the failure to adequately validate user input prior to...

9.8CVSS7.4AI score0.0864EPSS
Exploits0
NCSC
NCSC
•added 2020/11/26 12:0 a.m.•4 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. A malicious party could potentially exploit the vulnerability to execute arbitrary PHP code execute under the application's permissions. To do so, the malicious party needs to upload a rogue .tar, .tar.gz, .bz2, or .tlz file uploaded to the Drupal server...

7.8CVSS7.5AI score0.84554EPSS
Exploits5
NCSC
NCSC
•added 2020/11/26 12:0 a.m.•3 views

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in JQuery as used by Zimbra. A malicious party could exploit the vulnerabilities to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Few substantive details...

6.9CVSS6.8AI score0.99019EPSS
Exploits11
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•4 views

Vulnerability fixed in Citrix Hypervisor

A vulnerability has been fixed in Citrix Hypervisor. The vulnerability allows a malicious party capable of running code with elevated privileges on a guest VM able to execute execute arbitrary code with elevated privileges on the host. This vulnerability can only be exploited if a host...

7.3AI score
Exploits0
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•3 views

Vulnerabilities fixed in libexif

Several vulnerabilities have been fixed in libexif. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party must use the vulnerable application to have rogue image da...

9.8CVSS8AI score0.04262EPSS
Exploits0
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•6 views

Vulnerability fixed in JBoss Wildfly

A vulnerability has been fixed in Wildfly. The vulnerability allows a malicious person with access to the log data of the Wildfly instance to be able to obtain clear-text stored passwords. obtain. Red Hat has released updates to fix the vulnerability in Wildfly. More information can be found on t...

5.3CVSS6.4AI score0.01331EPSS
Exploits0
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•7 views

Vulnerability fixed in Xen

A vulnerability has been fixed in Xen. A malicious person who can execute code in a guest VM under elevated privileges can execute code, could vulnerability could potentially exploit it to cause a denial-of-service on the Xen hypervisor. Potentially, the vulnerability could also be exploited to...

8.8CVSS7AI score0.00373EPSS
Exploits0
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•3 views

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Security measure circumvention SQL Injection Accessing sensitive data Accessing system data Joomla! provides...

7.3AI score
Exploits0
NCSC
NCSC
•added 2020/11/25 12:0 a.m.•4 views

Vulnerabilities fixed in PHPMyAdmin

Ubuntu has fixed several vulnerabilities in the phpmyadmin package. The vulnerabilities allow an unauthenticated malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS SQL Injection Access to...

9.8CVSS6.7AI score0.67081EPSS
Exploits10
NCSC
NCSC
•added 2020/11/24 12:0 a.m.•4 views

Vulnerabilities in VMware products

There is a vulnerability in a number of VMware products. The vulnerability allows a malicious person with access to the administrative configurator on port 8443 and valid admin credentials for this remote configurator to execute arbitrary commands with elevated privileges to execute arbitrary...

9.1CVSS7.2AI score0.23771EPSS
Exploits0
NCSC
NCSC
•added 2020/11/24 12:0 a.m.•11 views

Vulnerability fixed in IBM Spectrum Protect Operations Center

IBM has fixed a vulnerability in Spectrum Protect Operations Center. A malicious person with network access to the system could potentially exploit the vulnerability potentially exploit it to obtain information about the system. IBM has released updates to fix the vulnerability in Spectrum Protec...

5.3CVSS6.6AI score0.01546EPSS
Exploits0
NCSC
NCSC
•added 2020/11/24 12:0 a.m.•6 views

Vulnerabilities fixed in MongoDB

Several vulnerabilities have been fixed in different versions of MongoDB. An unauthenticated malicious person with network access to the MongoDB server could potentially exploit the vulnerabilities to cause a denial-of-service. In addition, the vulnerabilities could potentially be exploited by an...

8.1CVSS7.2AI score0.0166EPSS
Exploits0
NCSC
NCSC
•added 2020/11/23 12:0 a.m.•4 views

Vulnerability fixed in Red Hat JBoss Enterprise Application Platform

A vulnerability has been fixed in Red Hat JBoss Enterprise Application Platform. The vulnerability allows a malicious party to able to execute an SQL injection and thereby obtain sensitive data to obtain sensitive data. Red Hat has released updates to fix the vulnerability. More information can b...

7.4CVSS8.8AI score0.02907EPSS
Exploits0
NCSC
NCSC
•added 2020/11/20 12:0 a.m.•5 views

Vulnerabilities fixed in Trend Micro products

Vulnerabilities have been fixed in Trend Micro Internet Security and Anti-Virus+ Security. The vulnerabilities allow a local malicious party potentially able to obtain elevated privileges by inserting rogue DLL files. Trend Micro has released updates to address the vulnerabilities. fixes. More...

7.8CVSS6.8AI score0.00565EPSS
Exploits0
NCSC
NCSC
•added 2020/11/20 12:0 a.m.•5 views

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2, Db2 Connect Server and Db2 Accessories Suite. An authenticated malicious person with access to the system could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. IBM has released updates to fix the vulnerability. For...

7.8CVSS7.2AI score0.0045EPSS
Exploits0
NCSC
NCSC
•added 2020/11/20 12:0 a.m.•5 views

Vulnerabilities fixed in VMware ESXi, Workstation and Fusion

VMWare has fixed two vulnerabilities in VMWare Workstation, ESXi and Fusion. A malicious person with authorization in a virtual environment could exploit the vulnerabilities to break out of the virtual environment and execute arbitrary code with the permissions of the virtualization process on th...

8.2CVSS7.8AI score0.00392EPSS
Exploits0
NCSC
NCSC
•added 2020/11/20 12:0 a.m.•7 views

Vulnerability fixed in MISP

CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS attack, potentially executing arbitrary code in the context of the browser. CIRCL has released updates to fix the...

6.1CVSS7.4AI score0.00802EPSS
Exploits0
NCSC
NCSC
•added 2020/11/19 12:0 a.m.•4 views

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal core. Drupal core does not handle some file names correctly. As a result, it is possible for files to be misinterpreted and executed under the wrong MIME type or executed as PHP. This applies to a number of configurations; which ones these are is not...

8.8CVSS6.7AI score0.04269EPSS
Exploits0
NCSC
NCSC
•added 2020/11/19 12:0 a.m.•4 views

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2 and Db2 Connect Server. A local, authenticated malicious agent could potentially exploit the vulnerability to execute arbitrary code under root or SYSTEM privileges. IBM has released updates to fix the vulnerability. For more information, see:...

8.4CVSS7.6AI score0.00455EPSS
Exploits0
NCSC
NCSC
•added 2020/11/19 12:0 a.m.•5 views

Vulnerabilities fixed in Cisco Webex and Cisco Webex Server

Vulnerabilities have been fixed in Cisco Webex Meetings and Cisco Webex Meetings Server. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Remote code execution User Rights...

9.1CVSS6.9AI score0.01744EPSS
Exploits0
NCSC
NCSC
•added 2020/11/19 12:0 a.m.•5 views

Vulnerability fixed in F5 BIG-IP

F5 Networks has fixed a vulnerability in a limited number of BIG-IP platforms. The vulnerability allows a malicious party with network access to the vulnerable system may be able to retrieve TCP sequence numbers used in previous, independent TCP connections. These sequence numbers can be used by...

4.3CVSS6.7AI score0.00688EPSS
Exploits0
NCSC
NCSC
•added 2020/11/19 12:0 a.m.•5 views

Vulnerability fixed in tcpdump

A vulnerability has been fixed in tcpdump. The vulnerability allows a remote malicious person to cause a denial-of-service cause. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE Linux Enterprise Module for Basesystem 15-SP1 & 15-SP2. You can install these custom...

7.5CVSS6.8AI score0.03071EPSS
Exploits0
NCSC
NCSC
•added 2020/11/19 12:0 a.m.•2 views

Vulnerability fixed in Node.js

A vulnerability has been fixed in Node.js. The vulnerability allows a malicious party potentially capable of causing a denial-of-service cause. To do this, the malicious party must be able to send a DNS request for a rogue domain. Only applications that allow a malicious party to send DNS request...

7.5CVSS8.3AI score0.54164EPSS
Exploits0
NCSC
NCSC
•added 2020/11/18 12:0 a.m.•5 views

Vulnerabilities fixed in Cisco Security Manager

Cisco has fixed multiple vulnerabilities in Cisco Security Manager. An unauthenticated remote malicious person could potentially exploit the vulnerabilities potentially exploit them to execute arbitrary code execute under SYSTEM privileges or to gain access to certain user credentials. For the...

10CVSS7.8AI score0.87719EPSS
Exploits0
NCSC
NCSC
•added 2020/11/18 12:0 a.m.•4 views

Vulnerabilities fixed in Xerox WorkCentre

Vulnerabilities have been fixed in Xerox WorkCentre. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Access to sensitive data No CVE numbers a...

6.2AI score
Exploits0
NCSC
NCSC
•added 2020/11/18 12:0 a.m.•3 views

Vulnerabilities fixed in TYPO3

The TYPO3 Association has fixed several vulnerabilities in TYPO3. A remote malicious party could potentially abuse them to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application visited. The...

8.1CVSS7.5AI score0.01026EPSS
Exploits2
NCSC
NCSC
•added 2020/11/18 12:0 a.m.•4 views

Vulnerabilities fixed in OpenLDAP

Several vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated malicious person with network access to the OpenLDAP server is able to cause a denial-of-service on the OpenLDAP service. Exploit code is publicly available for both vulnerabilities. The operation of...

7.5CVSS9.4AI score0.02858EPSS
Exploits0
NCSC
NCSC
•added 2020/11/18 12:0 a.m.•4 views

Vulnerabilities fixed in Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...

9.6CVSS6.7AI score0.5063EPSS
Exploits3
NCSC
NCSC
•added 2020/11/18 12:0 a.m.•3 views

Legal vulnerabilities fixed in Google Chrome

Google has fixed several vulnerabilities in Chrome. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure. Remote code execution Us...

9.6CVSS7.2AI score0.03011EPSS
Exploits3
NCSC
NCSC
•added 2020/11/17 12:0 a.m.•5 views

Vulnerabilities fixed in Micro Focus ArcSight Logger

Vulnerabilities have been fixed in Micro Focus ArcSight Logger. The vulnerabilities allow a remote malicious person to execute arbitrary code under the user's privileges. Micro Focus has released updates to address the vulnerabilities. fixes. More information can be found on the page below:...

9.8CVSS7.3AI score0.02825EPSS
Exploits1
NCSC
NCSC
•added 2020/11/17 12:0 a.m.•53 views

Vulnerabilities fixed in GitLab

Several vulnerabilities have been fixed in GitLab. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data...

8.7CVSS6.5AI score0.68639EPSS
Exploits0
NCSC
NCSC
•added 2020/11/16 12:0 a.m.•5 views

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing system data...

7.8CVSS6.9AI score0.06692EPSS
Exploits2
NCSC
NCSC
•added 2020/11/16 12:0 a.m.•8 views

Vulnerability fixed in Intel processors

A vulnerability has been fixed in some Intel processors. The vulnerability allows a local malicious person to obtain elevated privileges. Intel has released firmware updates to fix the vulnerability. fix. More information can be found on the page below:...

6.7CVSS6.2AI score0.0033EPSS
Exploits0
NCSC
NCSC
•added 2020/11/16 12:0 a.m.•6 views

Vulnerability fixed in Nagios XI

Nagios has fixed several vulnerabilities in Nagios XI. The vulnerabilities allow a local, authenticated malicious person potentially able to launch attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root privileges Increased us...

9CVSS7.3AI score0.06119EPSS
Exploits2
Total number of security vulnerabilities4197