Lucene search
+L

546 matches found

ncsc
ncsc
added 2023/11/16 12:0 a.m.6 views

Vulnerabilities fixed in Fortinet FortiMail

Fortinet has fixed vulnerabilities in FortiMail. A malicious party can exploit the vulnerability with reference CVE-2023-45582 exploited to gain brute-force access to the mail environment. The vulnerability with reference CVE-2023-36633 allows an authenticated malicious person to gain access to...

7.3CVSS7AI score0.00522EPSS
Exploits0
ncsc
ncsc
added 2023/11/02 12:0 a.m.6 views

Vulnerability fixed in Cisco Meeting Server

Cisco has fixed a vulnerability in Meeting Server. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service. Cisco has released updates to fix the vulnerability in Meeting Server. For more information, see:...

5.3CVSS6.8AI score0.00813EPSS
Exploits0
ncsc
ncsc
added 2023/10/27 12:0 a.m.11 views

Vulnerabilities fixed in VMware Tools

VMware has fixed vulnerabilities in VMware Tools. A malicious person with access to a guest system in which VMWare Tools are installed can exploit the vulnerabilities to give themselves elevated privileges and thus potentially execute code with elevated privileges. VMware has released updates to...

7.8CVSS7.5AI score0.01193EPSS
Exploits0
ncsc
ncsc
added 2023/10/26 12:0 a.m.4 views

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail. A malicious party could exploit the vulnerability to launch a Stored Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim and access sensitive data in the context of the victim's...

6.1CVSS7AI score0.75873EPSS
Exploits2
ncsc
ncsc
added 2023/10/16 12:0 a.m.5 views

Vulnerabilities fixed in OTRS

OTRS developers have fixed vulnerabilities in OTRS. An authenticated malicious person could exploit the vulnerabilities to launch a cross-site scripting attack. In addition, a malicious party can bypass security measures using an invalid certificate. OTRS has released updates to fix the...

9.1CVSS6.3AI score0.00374EPSS
Exploits0
ncsc
ncsc
added 2023/10/16 12:0 a.m.6 views

Vulnerability fixed in Cisco IOS XE

Cisco has fixed a vulnerability in IOS XE. This vulnerability allows an unauthenticated malicious person to remotely create an account - with access level 15 - on an affected device. Through that account, full control over the affected device. As mitigating measures, Cisco makes the following...

10CVSS7AI score0.99571EPSS
Exploits27
ncsc
ncsc
added 2023/10/13 12:0 a.m.6 views

Vulnerability fixed in FortiManager and FortiAnalyzer

FortiNet has fixed a vulnerability in FortiManager and FortiAnalyzer. The vulnerability involves a "relative path traversal" vulnerability in FortiManager and FortiAnalyzer and could allow a remote malicious party to execute unauthorized code. execute. FortiNet has released updates to fix the...

8.8CVSS7AI score0.04184EPSS
Exploits1
ncsc
ncsc
added 2023/10/12 12:0 a.m.42 views

Vulnerabilities fixed in FortiOS

FortiNet has fixed vulnerabilities in FortiOS. The vulnerabilities are located in the management environment and allow an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, execute arbitrary code on the...

8.8CVSS7.9AI score0.0102EPSS
Exploits0
ncsc
ncsc
added 2023/10/10 12:0 a.m.6 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Business Objects, SAP HANA, SAP Netweaver and SAP PowerDesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSR...

7.5CVSS7.1AI score0.008EPSS
Exploits0
ncsc
ncsc
added 2023/10/09 12:0 a.m.3 views

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious party can exploit the exploit the vulnerabilities to execute arbitrary code with application privileges, perform a denial-of-service DoS or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2. For more...

9.8CVSS8.1AI score0.00984EPSS
Exploits0
ncsc
ncsc
added 2023/10/03 12:0 a.m.7 views

Vulnerability fixed in IBM License Metric Tool

A vulnerability has been fixed in IBM License Metric Tool A malicious party can send a specially crafted URL request with "dot dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. More information can be found on the page below:...

7.5CVSS6.8AI score0.00816EPSS
Exploits0
ncsc
ncsc
added 2023/09/22 12:0 a.m.5 views

Vulnerability fixed in Rockwell Automation FactoryTalk

Rockwell has fixed a vulnerability in Factory Talk View Machine Edition. An unauthenticated malicious person could exploit the exploit the vulnerability to execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to the production network...

9.8CVSS7.8AI score0.10974EPSS
Exploits0
ncsc
ncsc
added 2023/09/22 12:0 a.m.4 views

Vulnerability fixed in Roundcube webmail

A vulnerability has been fixed in Roundcube webmail. A malicious party can exploit the vulnerability for a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. victim...

6.1CVSS7AI score0.58483EPSS
Exploits2
ncsc
ncsc
added 2023/09/21 12:0 a.m.8 views

Vulnerabilities fixed in Progress MOVEit Transfer

Progress has fixed vulnerabilities in MOVEit Transfer. The vulnerabilities labeled CVE-2023-40043 and CVE-2023-42660 can be be exploited by an authenticated malicious person to gain access to sensitive data via an SQL injection to gain access to sensitive data. Misuse of the vulnerability with...

8.8CVSS8AI score0.00577EPSS
Exploits0
ncsc
ncsc
added 2023/09/19 12:0 a.m.4 views

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person could exploit the vulnerability to execute pipelines with the privileges of an arbitrary user to execute pipelines. When this arbitrary user has elevated privileges, execution of code wit...

7.4AI score
Exploits0
ncsc
ncsc
added 2023/09/14 12:0 a.m.3 views

Vulnerability fixed in Adobe Acrobat and Acrobat Reader

Adobe has fixed a vulnerability in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. It is possible that by executing code, access can be gained to sensitive data in the victim's context. Successful exploitation requires...

7.8CVSS7.2AI score0.07036EPSS
Exploits0
ncsc
ncsc
added 2023/09/12 12:0 a.m.7 views

Vulnerabilities fixed in Hewlett Packard OneView

Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass authentication and gain access to sensitive data. HPE has released updates to fix the vulnerabilities in OneView 8.5 and 6.60.05. For more...

9.8CVSS7.4AI score0.75116EPSS
Exploits0
ncsc
ncsc
added 2023/09/12 12:0 a.m.3 views

Zeroday vulnerability fixed in Google Chrome

Google has fixed a Zeroday vulnerability in Chrome. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code on the underlying operating system with permissions from the victim. If the victim's privileges are high enough are high enough, this allows the...

8.8CVSS7.7AI score0.99735EPSS
Exploits9
ncsc
ncsc
added 2023/07/27 12:0 a.m.3 views

Vulnerabilities fixed in Sophos Unified Threat Management (UTM)

Sophos has fixed vulnerabilities in Unified Threat Management UTM. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with application privileges. Sophos has released updates to fix the vulnerabilities in UTM 9.716. For more...

7.5CVSS7AI score0.59501EPSS
Exploits1
ncsc
ncsc
added 2023/07/25 12:0 a.m.10 views

Vulnerability fixed in AMD Zen 2 platform

AMD has fixed a vulnerability in its Zen 2 platform. The involves a hardware vulnerability that allows a malicious person to able to read out part of the processor memory. The malicious party could theoretically use this to gain access to sensitive information, such as key material. Because this ...

5.5CVSS7.8AI score0.05794EPSS
Exploits1
Rows per page
Query Builder