Lucene search
K

4197 matches found

NCSC
NCSC
•added 2020/11/16 12:0 a.m.•5 views

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in the SUSE kernel. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing system data...

7.8CVSS6.9AI score0.06692EPSS
Exploits2
NCSC
NCSC
•added 2020/11/16 12:0 a.m.•3 views

Vulnerabilities fixed in PostgreSQL

Several vulnerabilities have been fixed in PostgreSQL. A local malicious person with limited privileges within the vulnerable PostgreSQL database, could potentially exploit the vulnerabilities to within the database or on the local system to execute arbitrary code execute arbitrary code with root...

8.8CVSS7.7AI score0.4644EPSS
Exploits0
NCSC
NCSC
•added 2020/11/13 12:0 a.m.•8 views

Vulnerability fixed in EcoStruxure Control Expert

A vulnerability has been fixed that could cause a crash of the PLC simulator in EcoStruxure Control Expert software when a specially crafted request is received via Modbus. Schneider Electric has made available a firmware update that fixes the vulnerability. For more information, see:...

7.5CVSS6.9AI score0.01272EPSS
Exploits0
NCSC
NCSC
•added 2020/11/13 12:0 a.m.•76 views

Vulnerabilities fixed in Schneider Electric products

Schneider Electric has fixed vulnerabilities in several ICS and SCADA products. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Data...

8.8CVSS6.6AI score0.02292EPSS
Exploits0
NCSC
NCSC
•added 2020/11/13 12:0 a.m.•7 views

Several vulnerabilities fixed in Citrix Hypervisor and XenDesktop

Citrix has fixed vulnerabilities in XenDesktop and Hypervisor. The vulnerabilities in XenDesktop allow a malicious party to to gain elevated privileges on a virtual Windows environment and execute code with SYSTEM privileges. The vulnerability in Hypervisor allows a remote malicious person to abl...

9CVSS8.1AI score0.03336EPSS
Exploits0
NCSC
NCSC
•added 2020/11/13 12:0 a.m.•7 views

Vulnerabilities fixed in macOS

Apple has released a new version of macOS. This version 11.01 Big Sur fixes a large number of vulnerabilities. A malicious party can exploit the vulnerabilities to access gain access to sensitive data, execute arbitrary code with user privileges or to cause a denial-of-service. The vulnerabilitie...

9.3CVSS7.5AI score0.22178EPSS
Exploits7
NCSC
NCSC
•added 2020/11/13 12:0 a.m.•7 views

Multiple vulnerabilities fixed in Intel systems

Intel has fixed several vulnerabilities in Converged Security and Manageability Engine CSME, Server Platform Services SPS, Trusted Execution Engine TXE, Dynamic Application Loader DAL, Active Management Technology AMT and Standard Manageability ISM. Malicious parties can exploit the vulnerabiliti...

9.8CVSS7.1AI score0.01675EPSS
Exploits0
NCSC
NCSC
•added 2020/11/12 12:0 a.m.•7 views

Vulnerabilities fixed in McAfee Endpoint

McAfee has fixed vulnerabilities in Endpoint Security for Windows. A malicious party could exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with user privileges through a Cross-Site-Scripting Attack XSS or a Cross-Site-Request-Forgery XSRF. McAfee has released...

8.8CVSS6.9AI score0.00581EPSS
Exploits0
NCSC
NCSC
•added 2020/11/12 12:0 a.m.•5 views

Vulnerabilities in processors fixed

Researchers have found vulnerabilities in several processors. The vulnerabilities marked CVE-2020-8694 and CVE-2020-8695 have been named Platypus, an acronym for Power Leakage Attacks: Targeting Your Protected User Secrets. The vulnerabilities allow a local malicious person to obtain obtain...

5.5CVSS7.4AI score0.00446EPSS
Exploits0
NCSC
NCSC
•added 2020/11/12 12:0 a.m.•5 views

Vulnerabilities fixed in PAN OS

Palo Alto has fixed several vulnerabilities in PAN OS. The most serious vulnerability, with attribute CVE-2020-2050, is rated by Palo Alto rated with a CVSS score of 8.2 and is located in the GlobalProtect SSL VPN component. An unauthenticated malicious party can remotely exploit this vulnerabili...

9CVSS7.5AI score0.03226EPSS
Exploits0
NCSC
NCSC
•added 2020/11/12 12:0 a.m.•5 views

Vulnerabilities fixed in Chrome

Google has released a new version of Chrome that fixes two vulnerabilities are fixed. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code with the victim's privileges. Google reports being aware that the vulnerabilities are in limited extent being exploited ...

9.6CVSS7.1AI score0.02826EPSS
Exploits0
NCSC
NCSC
•added 2020/11/11 12:0 a.m.•5 views

Vulnerabilities fixed in OSIsoft PI Vision

OSIsoft has fixed two vulnerabilities in PI Vision. The vulnerabilities can be exploited by a malicious party to perform a Cross-Site-Scripting XSS attack or to obtain system information. The XSS attack requires the malicious party to have write permissions in PI ProcessBook files. OSIsoft has...

7.7CVSS6.3AI score0.0091EPSS
Exploits0
NCSC
NCSC
•added 2020/11/11 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe Connect

Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...

6.1CVSS6.6AI score0.0148EPSS
Exploits0
NCSC
NCSC
•added 2020/11/11 12:0 a.m.•6 views

Vulnerability fixed in Cisco IOS XR

Due to a vulnerability in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, an unauthenticated remote malicious agent to cause a denial-of-service DoS on an affected device. Cisco has released updates to fix the vulnerability in Cisco IOS XR. For more information, see:...

8.6CVSS6.8AI score0.01878EPSS
Exploits0
NCSC
NCSC
•added 2020/11/11 12:0 a.m.•4 views

Vulnerability fixed in Adobe Reader Mobile

A vulnerability has been fixed in Adobe Reader Mobile for Android. A malicious party could exploit the vulnerability to gain access to sensitive data in the context of the victim. Adobe has released updates to fix the vulnerability in Reader Mobile 20.9.0. For more information, see:...

5.5CVSS6.7AI score0.02257EPSS
Exploits0
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•3 views

Vulnerabilities fixed in Microsoft Browsers

There are several vulnerabilities in Microsoft Browsers. The vulnerabilities allow a malicious person to execute arbitrary execute code with user privileges and elevated privileges. For vulnerabilities CVE-2020-17058, CVE-2020-17052, CVE-2020-17053, CVE-2020-17048, Microsoft has had insight into...

8.1CVSS6.8AI score0.02936EPSS
Exploits0
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•51 views

Vulnerabilities fixed in Microsoft Office products

Microsoft fixes multiple vulnerabilities in Microsoft Office and Sharepoint products. A malicious party could potentially exploit them to execute arbitrary code, to obtain elevated permissions, to gain access to sensitive data gain access to sensitive data, circumvent security measures, or...

9.3CVSS7.3AI score0.03942EPSS
Exploits2
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•3 views

Vulnerabilities fixed in Microsoft Exchange Server

There are multiple vulnerabilities in Microsoft Exchange Server. The vulnerabilities allow a malicious party to execute arbitrary code with user and elevated privileges or to perform a denial-of-service attack. Microsoft indicates that misuse of the vulnerability, whereby arbitrary code can be...

9CVSS7.2AI score0.11981EPSS
Exploits3
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•18 views

Vulnerabilities identified in GNU/Linux subsystem of Siemens SIMATIC S7-1500 CPU

Vulnerabilities have been identified in the GNU/Linux subsystem of Siemens SIMATIC S7-1500 CPU. The vulnerabilities allow a malicious person able to perform attacks leading to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Remote...

10CVSS7.2AI score0.98745EPSS
Exploits76
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixes multiple vulnerabilities in Microsoft Dynamics products. A malicious party could exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such attack can lead to the execution of arbitrary script code in the browser used to visit the application. Microsoft...

5.4CVSS5.9AI score0.01326EPSS
Exploits0
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•36 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with both user privileges as well as elevated privileges or manipulate data. Vulnerabilities related to Visual Studio can only be be exploited by...

9.3CVSS7.4AI score0.03551EPSS
Exploits0
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•58 views

Vulnerabilities fixed in Microsoft Windows

There are several vulnerabilities in Microsoft Windows. The vulnerabilities allow a malicious party to execute arbitrary execute arbitrary code with user and elevated privileges, to potentially obtain sensitive data or launch a denial-of-service attack execute. Microsoft scales the vulnerability...

10CVSS7.8AI score0.25285EPSS
Exploits4
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•5 views

Vulnerabilities identified in Siemens S7 products

Vulnerabilities have been identified in Siemens S7 products. The vulnerabilities enable a remote malicious person to to cause a denial-of-service and to circumvent a security measure circumvention. Siemens categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 5....

7AI score
Exploits0
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•80 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User Rights...

10CVSS6.8AI score0.98376EPSS
Exploits24
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•3 views

Vulnerability fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla has fixed a vulnerability in Firefox and Thunderbird. The vulnerability allows an attacker under specific circumstances able to execute arbitrary code with permissions from the application. The vulnerability was discovered during a hacking contest, making it likely that public exploit cod...

9.3CVSS7.7AI score0.42327EPSS
Exploits4
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•5 views

Vulnerability fixed in Bitdefender update server

A vulnerability in Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools allows an unauthorized malicious party to bypass internal measures and communicate with hosts on the network. Bitdefender has released an update. For more information, see:...

9.1CVSS6.9AI score0.00849EPSS
Exploits0
NCSC
NCSC
•added 2020/11/10 12:0 a.m.•3 views

Vulnerabilities fixed in Citrix Hypervisor

Vulnerabilities have been fixed in Citrix Hypervisor. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under the application's privileges. Citrix has released updates to fix the vulnerabilities in Hypervisor. For more...

7.8CVSS8.6AI score0.0041EPSS
Exploits0
NCSC
NCSC
•added 2020/11/09 12:0 a.m.•2 views

Vulnerability fixed in Kerberos

A vulnerability has been fixed in MIT Kerberos. A malicious person can exploit the vulnerability to cause a denial-of-service cause. The vulnerability is in the way ASN.1 data is is processed, which can create an infinite loop that causes a crash in the Kerberos process. -= Debian =- Debian has...

7.5CVSS8.4AI score0.04365EPSS
Exploits0
NCSC
NCSC
•added 2020/11/06 12:0 a.m.•3 views

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. Exploiting the vulnerabilities allows an unauthenticated malicious person to execute willful code with permissions of the application. To do this, the malicious party must have...

9.8CVSS7.5AI score0.99585EPSS
Exploits5
NCSC
NCSC
•added 2020/11/06 12:0 a.m.•4 views

Vulnerabilities fixed in Apple macOS

Apple has fixed three 0-day vulnerabilities in Mac OS. A malicious party can exploit the vulnerabilities to launch attacks that lead to the execution of arbitrary code. Apple reports that on a very limited scale abuse is being observed of these vulnerabilities. No PoC or exploit code publicly...

9.3CVSS7.1AI score0.22178EPSS
Exploits2
NCSC
NCSC
•added 2020/11/06 12:0 a.m.•7 views

Vulnerabilities fixed in Apple iOS and iPadOS

Vulnerabilities have been fixed in Apple iOS and iPadOS, including three 0-day vulnerabilities. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Increased user...

9.3CVSS7.1AI score0.22178EPSS
Exploits3
NCSC
NCSC
•added 2020/11/05 12:0 a.m.•5 views

Vulnerability fixed in Cisco IP phone

Due to a vulnerability in the TCP packet processing functionality of Cisco IP Phones allows an unauthenticated remote malicious agent to remotely cause the phone to stop responding to incoming calls, disconnects connected calls, or unexpectedly reloads. Cisco has made an update available to fix t...

7.8CVSS6.8AI score0.07935EPSS
Exploits0
NCSC
NCSC
•added 2020/11/05 12:0 a.m.•6 views

Vulnerability fixed in Cisco IOS XR

A vulnerability in the Preboot eXecution Environment PXE bootloader for Cisco IOS XR 64-bit software could allow an unauthenticated, remote malicious agent to execute execute unsigned code during the PXE boot process on an affected device. The PXE bootloader is part of the BIOS and is executed...

9.8CVSS7.1AI score0.02767EPSS
Exploits0
NCSC
NCSC
•added 2020/11/05 12:0 a.m.•8 views

Vulnerabilities fixed in Cisco Unified Communications Manager

Due to a vulnerability in Cisco Unified Communications Manager -software, an authenticated remote malicious party could cause the Cisco XCP Authentication Service on an affected device to be restarted, resulting in a Denial-of-Service DoS. Cisco has released an update to fix the vulnerability. Mo...

6.5CVSS6.6AI score0.0115EPSS
Exploits0
NCSC
NCSC
•added 2020/11/05 12:0 a.m.•4 views

Vulnerabilities fixed in NetApp products

NetApp has fixed vulnerabilities in several products. The vulnerabilities allow an unauthenticated remote malicious person to remotely able to obtain system information and to launch a Cross-Site Scripting attack. NetApp has made updates available for Django. See "Possible Solutions" for more...

6.1CVSS6.7AI score0.0609EPSS
Exploits0
NCSC
NCSC
•added 2020/11/05 12:0 a.m.•2 views

Vulnerabilities fixed in Red Hat kernel

Red Hat has fixed vulnerabilities in its kernel. The vulnerabilities allow a locally authenticated malicious agent to the opportunity to cause a denial-of-service and obtain obtain system data. The vulnerability with attribute CVE-2020-12351 is a regression vulnerability of the vulnerability with...

8.8CVSS8.1AI score0.07693EPSS
Exploits6
NCSC
NCSC
•added 2020/11/05 12:0 a.m.•6 views

Multiple vulnerabilities in Cisco Webex products

Cisco has fixed vulnerabilities. The vulnerabilities allow a malicious party to carry out attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Cisco has made updates available to address the vulnerabilities. fixes. More information...

9.3CVSS7AI score0.02634EPSS
Exploits0
NCSC
NCSC
•added 2020/11/05 12:0 a.m.•4 views

Issues fixed in Cisco Indentiy Services

Cisco has fixed vulnerabilities in Cisco Indentiy Services. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Increased user privileges Cisco has made updates available to address the...

7.2CVSS6.1AI score0.00823EPSS
Exploits0
NCSC
NCSC
•added 2020/11/05 12:0 a.m.•5 views

Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client

Cisco has fixed vulnerabilities in AnyConnect Secure Mobility Client. The vulnerabilities allow a locally authenticated malicious party to execute arbitrary code under the victim's privileges and to obtain sensitive information obtain. For the vulnerability with attribute CVE-2020-5336, Cisco...

7.3CVSS7.2AI score0.00705EPSS
Exploits0
NCSC
NCSC
•added 2020/11/04 12:0 a.m.•3 views

Multiple vulnerabilities fixed in IBM Java SDK for AIX

Several vulnerabilities in IBM SDK Java Technology Edition have been fixed that are used by AIX. The vulnerabilities can lead to attacks with the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges IBM has released updates to fix the...

8.3CVSS8.2AI score0.0435EPSS
Exploits0
NCSC
NCSC
•added 2020/11/04 12:0 a.m.•3 views

Multiple vulnerabilities fixed in Adobe Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. Successful misuse can lead to the execute arbitrary code in the context of the current user. Adobe developers have made updates available for Adobe Reader to fix the vulnerabilities. For more information see:...

9.3CVSS7.6AI score0.51275EPSS
Exploits0
NCSC
NCSC
•added 2020/11/03 12:0 a.m.•4 views

Multiple vulnerabilities fixed in F5 BIG-IP products

F5 has fixed several vulnerabilities in BIG-IP. Malicious remotely can exploit the vulnerabilities to cause a Denial-of-Service or perform Cross-Site-Scripting attacks. Authenticated malicious actors can exploit some of the vulnerabilities exploit them to bypass security measures and gain access...

8.5CVSS7AI score0.01311EPSS
Exploits0
NCSC
NCSC
•added 2020/11/03 12:0 a.m.•7 views

Vulnerability fixed in Foxit Reader

A vulnerability has been fixed in Foxit Reader. Due to the vulnerability makes it possible for a malicious person to execute arbitrary code under the user's privileges. To do this, however, the user must be tricked into opening a rogue file or to perform a specific action within the application...

7.8CVSS7.2AI score0.39433EPSS
Exploits3
NCSC
NCSC
•added 2020/11/03 12:0 a.m.•5 views

Several vulnerabilities fixed in Google Chrome

Google has released a new version of Chrome. This new version fixes a number of vulnerabilities that allow a malicious can launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Increased user privileges Google mentions having...

9.6CVSS6.6AI score0.5063EPSS
Exploits6
NCSC
NCSC
•added 2020/11/03 12:0 a.m.•29 views

Multiple vulnerabilities fixed in NetApp products

NetApp developers have fixed several vulnerabilities that could lead to a denial-of-service DoS attack and the obtaining sensitive information. NetApp developers have released updates to fix the vulnerabilities. More information can be found on the pages below:...

9CVSS7.8AI score0.1786EPSS
Exploits2
NCSC
NCSC
•added 2020/11/03 12:0 a.m.•9 views

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack. Such an attack could lead to the execution of arbitrary script code in the...

9.8CVSS6.5AI score0.16119EPSS
Exploits1
NCSC
NCSC
•added 2020/11/03 12:0 a.m.•5 views

Vulnerability fixed in Fortimail

A vulnerability has been fixed in Fortimail. An unauthenticated remote malicious party could potentially obtain sensitive software version information by reading a JavaScript file to be read. Fortinet has made updates available to fix the vulnerability fix in FortiMail. For more information see:...

5.3CVSS6.7AI score0.00768EPSS
Exploits0
NCSC
NCSC
•added 2020/11/03 12:0 a.m.•8 views

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person remote or otherwise to potentially able to carry out attacks leading to the following categories of damage: Remote code execution User rights Circumvention of security measure Denial-of-Service...

10CVSS7.5AI score0.05142EPSS
Exploits1
NCSC
NCSC
•added 2020/11/02 12:0 a.m.•7 views

Serious vulnerability fixed in Oracle Weblogic Server

Oracle has released an update for Weblogic Server to fix a serious vulnerability. This new vulnerability is related to the Fusion Middleware vulnerability with attribute CVE-2020-14882, for which an update was released in October. This was described by the NCSC in security advisory NCSC-2020-0858...

10CVSS7.7AI score0.99997EPSS
Exploits43
NCSC
NCSC
•added 2020/11/02 12:0 a.m.•4 views

Vulnerability fixed in OpenLDAP

OpenLDAP developers have released an update to fix a vulnerability. The vulnerability allows an unauthenticated remote malicious party to cause a denial-of-service attack. No CVD ID disclosed. OpenLDAP has released updates to fix the vulnerability in v 2.4.55. For more information, see:...

6.8AI score
Exploits0
Total number of security vulnerabilities4197