Lucene search
K

4197 matches found

NCSC
NCSC
•added 2020/09/18 12:0 a.m.•13 views

Vulnerability fixed in Samba

Ubuntu has fixed a vulnerability in Samba. The vulnerability potentially allows a malicious party to obtain domain administrator rights. The vulnerability with reference CVE-2020-1472 in Samba in that case should be exploited in conjunction with a vulnerable Microsoft domain controller to be...

10CVSS6.4AI score0.99512EPSS
Exploits75
NCSC
NCSC
•added 2020/09/17 12:0 a.m.•6 views

Vulnerability fixed in FortiOS

Fortinet has fixed a vulnerability in FortiOS. The vulnerability allows a malicious party to perform a Cross-Site Scripting XSS attack. The vulnerability arises from incorrect input validation when generating a Web page in the SSL VPN portal. Fortinet has released updates to fix the vulnerability...

5.4CVSS6.6AI score0.00403EPSS
Exploits0
NCSC
NCSC
•added 2020/09/17 12:0 a.m.•3 views

Vulnerabilities fixed in Apple Safari

Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to execute arbitrary code under the application's permissions. Apple has released updates to fix the vulnerabilities in Safari. For more information, see: https://support.apple.com/en-us/HT211845...

8.8CVSS7.2AI score0.02333EPSS
Exploits0
NCSC
NCSC
•added 2020/09/17 12:0 a.m.•5 views

Vulnerabilities fixed in Apple iOS and iPadOS

Vulnerabilities have been fixed in Apple iOS and iPadOS. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution Us...

9.3CVSS6.7AI score0.02986EPSS
Exploits1
NCSC
NCSC
•added 2020/09/17 12:0 a.m.•8 views

Vulnerability fixed in Trend Micro ServerProtect

Trend Micro has fixed a vulnerability in ServerProtect for Linux. The vulnerability allows a remote malicious person to to execute arbitrary code under certain circumstances. Trend Micro rated the vulnerability with attribute CVE-2020-24561 with a CVSS score of 9.1. Trend Micro has released updat...

9.1CVSS7.7AI score0.05235EPSS
Exploits0
NCSC
NCSC
•added 2020/09/17 12:0 a.m.•3 views

Vulnerabilities fixed in Drupal

Vulnerabilities have been fixed in Drupal. The vulnerabilities allow a malicious person to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Accessing sensitive data The vulnerability with attribute CVE-2020-13668...

7.5CVSS6.4AI score0.02925EPSS
Exploits0
NCSC
NCSC
•added 2020/09/16 12:0 a.m.•12 views

Vulnerability fixed in Acronis Cyber Backup

A vulnerability has been found in Acronis Cyber Backup. A malicious party can exploit the vulnerability to perform a Server-side request-forgery SSRF. This allows the attacker gains access to system data. Acronis has released updates to fix the vulnerability. See the page below for more...

6.5CVSS6.8AI score0.05505EPSS
Exploits4
NCSC
NCSC
•added 2020/09/16 12:0 a.m.•6 views

Vulnerabilities fixed in VMware Workstation, Fusion and Horizon

Vulnerabilities have been fixed in VMware Workstation, Fusion and Horizon. The vulnerability with reference CVE-2020-3980 relates to VMware Fusion and allows a malicious party to obtain elevated user privileges. The remaining CVE characteristics enable a malicious person to cause a...

6.7CVSS6.8AI score0.00324EPSS
Exploits0
NCSC
NCSC
•added 2020/09/15 12:0 a.m.•5 views

Vulnerabilities fixed in IBM Spectrum Protect

Vulnerabilities have been fixed in IBM Spectrum Protect. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code and gain access to system data. IBM has released updates to fix the vulnerabilities. More information can be found on the page below:...

8CVSS7.6AI score0.02606EPSS
Exploits0
NCSC
NCSC
•added 2020/09/14 12:0 a.m.•5 views

Vulnerability fixed in Red Hat JBoss Enterprise Application Platform

A vulnerability has been fixed in JBoss Enterprise Application Platform. The vulnerability allows a malicious party to launch a Denial-of-Service DoS attack. -= Red Hat =- Red Hat has made updates available. You can install these updates install using the command 'yum'. More information about the...

7.5CVSS6.7AI score0.01356EPSS
Exploits0
NCSC
NCSC
•added 2020/09/14 12:0 a.m.•6 views

Vulnerabilities fixed in Samsung Mobile

Samsung has fixed several vulnerabilities in its Android distribution. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...

10CVSS8.2AI score0.02821EPSS
Exploits3
NCSC
NCSC
•added 2020/09/14 12:0 a.m.•10 views

Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel

Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. A malicious party could potentially exploit them to cause a denial-of-service or to obtain elevated privileges on the vulnerable system. -= Oracle =- Oracle has made updates available for Oracle Linux 6. You can instal...

8CVSS8AI score0.01455EPSS
Exploits1
NCSC
NCSC
•added 2020/09/14 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Unbreakable Enterprise Kernel

Oracle has fixed several vulnerabilities in the Unbreakable Enterprise Kernel. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data...

9.8CVSS6.8AI score0.12651EPSS
Exploits13
NCSC
NCSC
•added 2020/09/11 12:0 a.m.•5 views

Vulnerabilities fixed in McAfee Agent

Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities allow a malicious party to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Increased user privileges McAfee has released updates...

8.2CVSS7.4AI score0.00467EPSS
Exploits0
NCSC
NCSC
•added 2020/09/11 12:0 a.m.•3 views

Vulnerability fixed in WebSphere Application Server Admin Console

IBM has fixed a vulnerability in the WebSphere Application Server Admin Console. The attack that can exploit this vulnerability exploit is referred to as Cross-Site Scripting. The vulnerability allows an unauthenticated remote malicious person is able to execute arbitrary code in the browser of t...

5.4CVSS7.8AI score0.00708EPSS
Exploits0
NCSC
NCSC
•added 2020/09/11 12:0 a.m.•22 views

Vulnerability fixed in XWiki

The developers of XWiki have fixed a vulnerability. A malicious person with SCRIPT privileges could exploit the vulnerability to gain access to the server's Instance Manager and thereby create arbitrary Java objects. The developers have released updates to fix the vulnerability fix in XWiki 12.2....

6.6CVSS6.9AI score0.01341EPSS
Exploits0
NCSC
NCSC
•added 2020/09/11 12:0 a.m.•19 views

Vulnerabilities fixed in Apache ActiveMQ

Apache has fixed vulnerabilities in Apache ActiveMQ. The vulnerabilities potentially allow a malicious party to impersonate pose as a legitimate server trusted by the user. This allows the malicious party to gain access to data sent by the victim was sent encrypted. The victim is under the...

9.8CVSS7.2AI score0.51225EPSS
Exploits0
NCSC
NCSC
•added 2020/09/10 12:0 a.m.•22 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. The vulnerabilities allow a malicious person to execute arbitrary code execute arbitrary code. Adobe designates these vulnerabilities as critical. Adobe has made updates available to address the vulnerabilities. fix. More information can be found on th...

7.8CVSS7.2AI score0.11294EPSS
Exploits0
NCSC
NCSC
•added 2020/09/10 12:0 a.m.•33 views

Vulnerabilities fixed in PAN-OS

Vulnerabilities have been fixed in PAN-OS. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...

10CVSS7AI score0.86086EPSS
Exploits7
NCSC
NCSC
•added 2020/09/10 12:0 a.m.•8 views

Vulnerability fixed in Citrix Storefront

Citrix has fixed a vulnerability in StoreFront Server. The vulnerability allows an authenticated malicious party to obtain obtain arbitrary data from the StoreFront server. The malicious party must be logged into the same Active-Directory-domain as where the StoreFront logged on to the same...

6.5CVSS6.8AI score0.0133EPSS
Exploits0
NCSC
NCSC
•added 2020/09/10 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Framemaker. The vulnerabilities allow a malicious person to execute arbitrary code execute arbitrary code under user privileges. Adobe designates these vulnerabilities as critical. Adobe has made updates available to address the vulnerabilities. fix. More...

7.8CVSS7.6AI score0.03728EPSS
Exploits0
NCSC
NCSC
•added 2020/09/10 12:0 a.m.•17 views

Vulnerability found in BIG-IP

F5 has found a vulnerability in BIG-IP. The vulnerability enables an unauthenticated remote malicious party to opportunity to decrypt TLS-encrypted messages. The malicious party must perform a rogue TLS handshake to do so. BIG-IP categorizes this vulnerability according to the CVSSv3 method with ...

5.9CVSS6.9AI score0.01206EPSS
Exploits0
NCSC
NCSC
•added 2020/09/10 12:0 a.m.•5 views

Vulnerabilities fixed in McAfee Endpoint Security

McAfee has fixed vulnerabilities in End Point Security. A local malicious party could exploit the vulnerabilities to gain access gain access to sensitive data, or by obtaining elevated permissions to stop the anti-virus process and thereby deploy undetected implement malware. McAfee has released...

8.8CVSS7.1AI score0.0039EPSS
Exploits0
NCSC
NCSC
•added 2020/09/10 12:0 a.m.•11 views

Vulnerabilities fixed in Android

Google has fixed several vulnerabilities in the Android operating system. The vulnerabilities allow a malicious person to able to perform attacks that can lead to the following types of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Google has...

10CVSS6AI score0.02821EPSS
Exploits0
NCSC
NCSC
•added 2020/09/10 12:0 a.m.•2 views

Vulnerabilities fixed in Ansible

Vulnerabilities have been fixed in Ansible. The vulnerabilities allow a malicious party to gain access to sensitive and system data. Ansible has released updates to fix the vulnerabilities. More information can be found on the pages below: CVE-2020-1736:...

5.5CVSS7AI score0.00568EPSS
Exploits2
NCSC
NCSC
•added 2020/09/09 12:0 a.m.•4 views

Vulnerabilities fixed in IP stack of various SIEMENS products

Siemens has fixed two vulnerabilities in the Linux IP stack of various industrial products. An unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service cause. The malicious party must have access to the production network. It is good practice not to have suc...

7.8CVSS6.8AI score0.7354EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•3 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixes multiple vulnerabilities in Microsoft Dynamics 365 products. The vulnerabilities in Microsoft Dynamics 365 on-premises and Microsoft Dynamics 365 for Finance and Operations on-premise allow a malicious party to execute arbitrary code or perform Cross-Site Scripting XSS attack. The...

8.8CVSS6.6AI score0.0335EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•5 views

Serious vulnerability fixed in Microsoft Exchange

There is a serious vulnerability in Microsoft Exchange Server. The vulnerability occurs due to improper handling of objects in memory. Upon successful exploitation of this vulnerability, it allows an unauthenticated remote malicious agent to remote user to execute arbitrary code with SYSTEM...

9CVSS7.6AI score0.47145EPSS
Exploits5
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•18 views

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed several vulnerabilities. A malicious remote user could potentially exploit the vulnerabilities to execute arbitrary execute arbitrary code or to bypass a security measure. Microsoft considers the vulnerability with attribute CVE-2020-16874 to be critical. The vulnerability in...

9.3CVSS7.2AI score0.06624EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•19 views

Vulnerabilities fixed in Microsoft SharePoint

Microsoft is fixing several vulnerabilities in Microsoft SharePoint. A malicious party could potentially exploit the vulnerabilities to execute arbitrary code or to conduct a Cross-Site-Scripting XSS attack. Two of the vulnerabilities in SharePoint can be exploited to execute arbitrary code in th...

9.9CVSS6.7AI score0.03703EPSS
Exploits3
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•6 views

Vulnerabilities discovered in HMI Panels

Because SIMATIC HMI panels do not properly handle repeated login attempts correctly, they are susceptible to Brute-force attacks. A malicious party can use them to retrieve user names and passwords find out and thus issue random commands with permissions from the affected user account. To exploit...

9.8CVSS7.2AI score0.01477EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•7 views

Vulnerability discovered in Siemens SIMATIC S&-300 and S7-400 CPUs

Siemens has discovered a vulnerability in the SIMATIC S7-300 and S7-400 CPUs. An unauthenticated malicious person can exploit the exploit the vulnerability to eavesdrop on network traffic and thereby obtaining login credentials. To exploit the vulnerability, the attacker must have access to the...

6.5CVSS6.9AI score0.00712EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•5 views

WIBU CodeMeter vulnerabilities discovered in several Sieens products

WIBU systems has published a number of vulnerabilities, which would allow an unauthenticated remote malicious person is able to Manipulate license files, execute arbitrary code with application privileges or to cause a Denial-of-Service cause. WIBU gives the vulnerability with attribute...

9.8CVSS7.3AI score0.02031EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•5 views

Vulnerabilities fixed in Siemens Spectrum Power

Siemens has fixed two vulnerabilities in Spectrum Power 4. An unauthenticated malicious person could exploit the vulnerabilities to gain access to system data and sensitive data. Siemens has updates and mitigations available to address the vulnerabilities in Spectrum Power. However, these have no...

5.3CVSS6.7AI score0.00901EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•6 views

Multiple vulnerabilities fixed in Microsoft browsers

There are multiple vulnerabilities in the Scripting Engine, Microsoft Edge and Microsoft Internet Explorer. The vulnerabilities allow a malicious party to execute arbitrary code execute arbitrary code or to obtain elevated privileges. The vulnerability with the highest rating has the attribute...

9.3CVSS7.1AI score0.03741EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•4 views

Vulnerability fixed in Microsoft SQL Server Reporting Services

There is a vulnerability in Microsoft SQL Server Reporting Services SSRS. The vulnerability exists in the Reporting Service instance due to incorrect validation of attachments to reports. If successfully exploited, the vulnerability enables an authenticated malicious person able to add unauthoriz...

6.5CVSS7AI score0.01907EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•4 views

Vulnerability fixed in OpenSUSE

SUSE has made available an update to fix a vulnerability in the Linux kernel. The vulnerability allows a locally authenticated malicious person able to obtain elevated user privileges to obtain. See "Possible fixes" for more information. The developers of OpenSUSE have made updates available to f...

7.8CVSS8AI score0.01308EPSS
Exploits1
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•52 views

Vulnerabilities fixed in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data, - cause a denial-of-service, - bypass security measures, - circumvent authentication...

9.3CVSS7.6AI score0.53399EPSS
Exploits2
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•5 views

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. An authentication check was missing in SAP Solution Manager. The vulnerabilities in SAP BusinessObjects Business Intelligence Platform were not explained further. SAP has released updates to fix the vulnerabilities. More information can be found on...

10CVSS7AI score0.98376EPSS
Exploits7
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•4 views

Vulnerability discovered in several Siemens products

Researchers have revealed that several Industrial products from Siemens are vulnerable to the so-called "CrossTalk" vulnerability in Intel Processors. A local malicious person with the rights to install software can exploit the vulnerability to gain access gain access to sensitive data. To do so,...

5.5CVSS6.7AI score0.0054EPSS
Exploits0
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•4 views

Vulnerabilities fixed in SAP Netweaver

SAP has fixed several vulnerabilities in SAP NetWeaver. These vulnerabilities allow malicious actors to remotely launch a Cross Site Scripting attack, or Server Side Request Forgery to execute execute. SAP has released updates to fix these vulnerabilities. For more information see:...

9.8CVSS6.8AI score0.99019EPSS
Exploits13
NCSC
NCSC
•added 2020/09/08 12:0 a.m.•46 views

Vulnerabilities fixed in Microsoft Office products

Microsoft fixes multiple vulnerabilities in Microsoft Office and OneDrive products. A malicious party could potentially exploit them to execute arbitrary code, to obtain elevated privileges gain access to sensitive data, or for performing a Cross-Site-Scripting XSS attack. This could include if t...

8.8CVSS6.8AI score0.04441EPSS
Exploits1
NCSC
NCSC
•added 2020/09/07 12:0 a.m.•6 views

Vulnerability fixed in IBM Aspera Connect

IBM has fixed a vulnerability in Aspera Connect. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code under privileges of the application. To do so, the malicious party must induce the victim to execute load a rogue dynamic-link library. IBM has...

9.3CVSS7.8AI score0.02996EPSS
Exploits0
NCSC
NCSC
•added 2020/09/07 12:0 a.m.•7 views

Vulnerabilities fixed in Nagios

Several vulnerabilities have been fixed in Nagios. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights Increased user privileges For now, not ever...

10CVSS7.1AI score0.04751EPSS
Exploits0
NCSC
NCSC
•added 2020/09/07 12:0 a.m.•5 views

Vulnerability fixed in Bitdefender Endpoint Security

Bitdefender has fixed an update in Bitdefender Endpoint Security Tools and the Endpoint Security SDK. The vulnerability could potentially be exploited by a malicious party to obtain elevated user privileges and manipulate data. Bitdefender categorizes this vulnerability according to the CVSSv3...

8.1CVSS6.9AI score0.004EPSS
Exploits0
NCSC
NCSC
•added 2020/09/07 12:0 a.m.•5 views

Vulnerability fixed in GnuTLS

A vulnerability has been fixed in GnuTLS. The vulnerability allows a remote malicious person who has access to a TLS server that the victim is connected to is able to cause a denial-of-service attack. To exploit the vulnerability the TLS connection must meet specific conditions. The developers of...

7.5CVSS6.6AI score0.0373EPSS
Exploits1
NCSC
NCSC
•added 2020/09/07 12:0 a.m.•10 views

Vulnerabilities fixed in Oracle kernel

Vulnerabilities have been fixed in Oracle kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data -= Oracle =- Oracle has made updates available for Oracle Linux ...

7.8CVSS6.6AI score0.03551EPSS
Exploits0
NCSC
NCSC
•added 2020/09/04 12:0 a.m.•63 views

Vulnerabilities fixed in Gitlab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Circumvention of security measure Remote...

10CVSS6.9AI score0.99019EPSS
Exploits8
NCSC
NCSC
•added 2020/09/04 12:0 a.m.•9 views

Vulnerabilities fixed in Sophos UTM Up2Date

Sophos has fixed multiple vulnerabilities in Up2Date for Sophos UTM. The vulnerabilities allow a remote malicious person potentially able to cause a denial-of-service or gain access gain access to sensitive information. Sophos has released updates to fix the vulnerabilities in Sophos UTM Up2Data...

8.6CVSS8AI score0.93422EPSS
Exploits9
NCSC
NCSC
•added 2020/09/03 12:0 a.m.•4 views

Vulnerabilities fixed in FreeBSD

The developers of FreeBSD have fixed several vulnerabilities fixed in several network modules used by FreeBSD. used. A malicious party on the local network could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the...

7.5CVSS7.4AI score0.04472EPSS
Exploits1
Total number of security vulnerabilities4197