Lucene search
K

545 matches found

Malwarebytes
Malwarebytes
added 2025/01/28 1:18 p.m.36 views

Apple users: Update your devices now to patch zero-day vulnerability

Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS. Apple said: "A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against...

7.8CVSS7AI score0.18668EPSS
Exploits5
NCSC
NCSC
added 2025/01/22 1:33 p.m.12 views

Vulnerabilities fixed in Oracle Financial Services

Oracle has fixed several vulnerabilities in Financial Services and components. The vulnerabilities allow unauthenticated attackers to gain access to critical data and compromise system integrity. Specific vulnerabilities can lead to compromise of confidentiality, integrity and availability, with...

10CVSS7.6AI score0.93305EPSS
Exploits16References1
NCSC
NCSC
added 2025/01/22 1:31 p.m.6 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle fixed vulnerabilities in Oracle Enterprise Manager A malicious party could exploit the vulnerabilities to gain access to sensitive data or cause a Denial-of-Service. Oracle has released updates to fix the vulnerabilities. See attached references for more information...

10CVSS7.4AI score0.54862EPSS
Exploits10References1
OpenVAS
OpenVAS
added 2025/01/22 12:0 a.m.15 views

Oracle Java SE Security Update (Jan 2025) - Linux

Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.8CVSS4.8AI score0.00971EPSS
Exploits0References1
NCSC
NCSC
added 2025/01/08 11:0 a.m.6 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Ivanti Connect Secure Specific for versions prior to 22.7R2.4 and Policy Secure Specific for versions prior to 22.7R1.2. The vulnerabilities are in the Secure Application Manager component and the IPSEC component of Ivanti Connect Secure and Policy Secure and d...

9.1CVSS8.1AI score0.01847EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/11 8:42 a.m.5 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed several vulnerabilities in Acrobat Reader including versions up to and including 24.005.20307. The vulnerabilities include a Use After Free vulnerability that can lead to arbitrary code execution and denial-of-service. All vulnerabilities require user interaction for exploitation,...

7.8CVSS7.9AI score0.00525EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/11 8:34 a.m.6 views

Vulnerability fixed in Adobe After Effects

Adobe has fixed a vulnerability in Adobe After Effects Specifically for versions 24.6.2, 25.0.1 and earlier. The vulnerability is in the way Adobe After Effects handles files. When a user opens a maliciously crafted file, it can cause a buffer overflow, which can result in the execution of...

7.8CVSS7.5AI score0.00459EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/11 8:20 a.m.6 views

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID19.5, ID18.5.4 and earlier. The vulnerabilities include stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read, all of which can lead to code execution when a user opens a malicious file. Thes...

7.8CVSS8.1AI score0.00391EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/11 8:6 a.m.4 views

Vulnerability fixed in Adobe Framemaker

Adobe has fixed a vulnerability in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerability is in the way Adobe Framemaker handles files. A malicious party can exploit this vulnerability by creating a malicious file and allowing it to be opened, which can lead to...

7.8CVSS7.4AI score0.00484EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/10 7:35 p.m.4 views

Vulnerabilities fixed in Drupal Core

Drupal has fixed vulnerabilities in Drupal Core Specifically for versions 7.0 to 7.102, 8.0.0 to before 10.2.11, 10.3.0 to before 10.3.9, and 11.0.0 to before 11.0.8. The vulnerabilities in Drupal Core are related to privilege escalation and deserialization of untrusted data, which can lead to...

9.8CVSS9.7AI score0.00956EPSS
Exploits0References6
Photon
Photon
added 2024/12/06 12:0 a.m.7 views

Important Photon OS Security Update - PHSA-2024-5.0-0419

Updates of 'postgresql13', 'postgresql15', 'postgresql14' packages of Photon OS have been released...

8.8CVSS6.9AI score0.04422EPSS
Exploits1
NCSC
NCSC
added 2024/11/26 1:25 p.m.5 views

Vulnerabilities fixed in VMware Aria Operations

VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include local privilege escalation and stored cross-site scripting XSS. Local privilege escalation allows an attacker with local administrative privileges to increase their access to the root user level on the device,...

7.8CVSS7.1AI score0.00449EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/20 10:0 a.m.5 views

Vulnerabilities fixed in Apple macOS and Safari

Apple has fixed several vulnerabilities in macOS and Safari. Two vulnerabilities CVE-2024-44308 & CVE-2024-44309 in present in macOS Sequoia and Safari 18.1.1 can lead to execution of arbitrary code. Apple indicates that active exploits of these vulnerabilities have been taking place on Intel-bas...

8.8CVSS8.6AI score0.22728EPSS
Exploits1References2
NCSC
NCSC
added 2024/11/20 9:4 a.m.7 views

Vulnerability fixed in Trend Micro Deep Security

Trend Micro has fixed a vulnerability in Trend Micro Deep Security. The vulnerability is in the Trend Micro Deep Security 20 Agent and allows malicious actors with legitimate domain access to elevate privileges and potentially execute arbitrary code. Trend Micro has released updates to fix the...

8.8CVSS7.3AI score0.04032EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/18 11:18 a.m.16 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Specifically for versions 24.7.3, 25.11 and earlier. The vulnerability is in the way Adobe Photoshop handles certain files. A malicious party could exploit this vulnerability by tricking a user into opening a malicious file, which could lead to the...

7.8CVSS7.3AI score0.00299EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 5:15 p.m.6 views

CVE-2021-1464

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input...

5CVSS5.8AI score0.013EPSS
Exploits0References9
OSV
OSV
added 2024/11/15 4:15 p.m.4 views

CVE-2022-20931

A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 4:15 p.m.4 views

CVE-2022-20654

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based...

6.1CVSS6AI score0.00572EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 4:15 p.m.4 views

CVE-2022-20631

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...

6.1CVSS6.1AI score0.00496EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 4:15 p.m.5 views

CVE-2022-20626

A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device. This vulnerability i...

5.4CVSS6AI score0.00436EPSS
Exploits0References1
Rows per page
Query Builder