Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2025/02/24 12:4 p.m.•8 views

Vulnerabilities fixed in Mattermost

Mattermost fixed vulnerabilities in versions 10.4.x, 9.11.x, 10.3.x, 10.2.x and 10.1.x. The vulnerabilities include failure to invalidate active sessions when converting to a bot, incorrect input validation during board patching and duplication, SQL injection attacks due to lack of prepared...

9.9CVSS8AI score0.2251EPSS
Exploits1References1
NCSC
NCSC
•added 2025/02/21 12:33 p.m.•8 views

Vulnerability fixed in XWiki

XWiki has fixed a vulnerability in the system. The vulnerability is in the way XWiki handles the SolrSearch request. This allows a guest to execute arbitrary external code, compromising the confidentiality, integrity and availability of the system. The documentation provides specific steps for...

9.8CVSS7AI score0.99898EPSS
Exploits50References1
NCSC
NCSC
•added 2025/02/21 8:8 a.m.•8 views

Vulnerabilities fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an authentication bypass that allows unauthenticated malicious actors to invoke specific PHP scripts through the management Web interface, an unauthenticated file deletion that allows malicious actors to delete...

9.1CVSS8.7AI score0.98338EPSS
Exploits8References4
NCSC
NCSC
•added 2025/02/13 9:29 a.m.•8 views

Vulnerability fixed in Fortinet FortiOS

Fortinet has fixed a vulnerability in FortiOS Specifically for versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. The vulnerability is in the way FortiOS handles UDP packets. A malicious party, if stack protection is bypassed and the fabric service is active on the exposed interface, can execute arbitra...

8.1CVSS7.9AI score0.00938EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/13 9:9 a.m.•8 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 14.1 to 17.8.2. The vulnerabilities include a denial-of-service vulnerability, an external service interaction vulnerability, a critical XSS vulnerability, improper authorization vulnerabilities, an insecure direct object...

8.8CVSS6.2AI score0.00473EPSS
Exploits4References1
NCSC
NCSC
•added 2025/02/13 8:22 a.m.•8 views

Vulnerability fixed in CrowdStrike Falcon sensor

CrowdStrike has fixed a vulnerability in its Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability is in the Falcon sensor's validation logic, which could lead to a man-in-the-middle attack. While there is no evidence of exploitation relat...

8.1CVSS6.7AI score0.00269EPSS
Exploits0References1
NCSC
NCSC
•added 2025/02/13 6:46 a.m.•8 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Adobe Commerce and Magento. The vulnerabilities include a Path Traversal, unauthorized actions, information exposition, improper authorization, and several stored XSS vulnerabilities. These vulnerabilities allow attackers to gain unauthorized access, reveal...

9.1CVSS6.4AI score0.15857EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/28 10:37 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Ventura Specific to versions 13.7.3, Sequoia Specific to versions 15.3 and Sonoma Specific to versions 14.7.3. The vulnerabilities cover several issues, including unauthorized access to sensitive user data, incorrect permissions, and vulnerabilities that c...

9.8CVSS8.1AI score0.18668EPSS
Exploits7References4
NCSC
NCSC
•added 2025/01/23 1:56 p.m.•8 views

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is located in Cisco Meeting Management's REST API, which allows remote, authenticated attackers with low privileges to elevate their privileges to administrator level through inadequate authorization enforcement. This...

9.9CVSS6.6AI score0.01159EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/22 1:32 p.m.•8 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in Oracle MySQL. The vulnerabilities allow a malicious person to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of a security measure - Accessing sensitive data Oracle has released...

9.1CVSS7.7AI score0.01863EPSS
Exploits2References1
NCSC
NCSC
•added 2025/01/03 12:1 p.m.•8 views

Vulnerabilities fixed in Ipswitch WhatsUp Gold

Ipswitch has fixed vulnerabilities in WhatsUp Gold Versions before 2024.0.2 and earlier. The vulnerabilities are in versions of WhatsUp Gold before 2024.0.2. An authenticated user could misuse a specific HTTP call, which could lead to the disclosure of sensitive information and compromise data...

9.6CVSS6.4AI score0.42369EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/31 9:22 a.m.•8 views

Vulnerabilities fixed in Foxit PDF Reader and PDF Editor

Foxit has fixed vulnerabilities in Foxit PDF Reader. The vulnerabilities include a remote code execution vulnerability due to improper validation of user-supplied data in AcroForms, a memory corruption related to AcroForm functionality, and a local privilege escalation vulnerability that can be...

8.8CVSS8.7AI score0.0127EPSS
Exploits2References1
NCSC
NCSC
•added 2024/12/22 6:38 p.m.•8 views

Vulnerability fixed in Apache Struts

Apache has fixed a vulnerability in Apache Struts Versions from 2.0.0 to before 6.4.0. The vulnerability is in the way the file upload logic is implemented in the deprecated FileUploadInterceptor. This vulnerability can be exploited to execute arbitrary code on systems running these versions. Sin...

9.8CVSS9.9AI score0.78198EPSS
Exploits15References2
NCSC
NCSC
•added 2024/12/12 10:30 a.m.•8 views

Vulnerabilities fixed in Apple iPadOS and iOS

Apple has fixed vulnerabilities in iPadOS Specific to versions 17.7.3 and 18.2 and iOS Specific to 18.2. The vulnerabilities include a denial-of-service issue, logic issues that allowed unauthorized privilege escalation, and unexpected system terminations due to memory corruption. These...

9.8CVSS7.6AI score0.14492EPSS
Exploits1References2
NCSC
NCSC
•added 2024/12/11 8:17 a.m.•8 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Desktop Versions 26.0 and earlier. The vulnerability is in how Photoshop handles memory management, specifically a Use After Free error. This vulnerability allows an attacker to execute arbitrary code, but requires user interaction such as opening a...

7.8CVSS7.8AI score0.00521EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/19 8:19 a.m.•8 views

Vulnerabilities fixed in Siemens Tecnomatix Plant Simulation

Siemens has fixed vulnerabilities in Tecnomatix Plant Simulation. The vulnerabilities are in how Tecnomatix Plant Simulation processes specially crafted WRL files. These vulnerabilities include out-of-bounds writes, use-after-free and stack-based overflows, all of which can be exploited by...

7.8CVSS7.9AI score0.00272EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/15 10:52 a.m.•8 views

Vulnerability discovered in Fortinet FortiManager

UPDATE Public proof of concept PoC code for the vulnerability is available. It applies to FortiManager variants that have not yet been patched. Also, researchers have discovered that Fortinet's patch did not fix the full chain of exploitation. Thus, it is still possible to execute code on a patch...

9.8CVSS7.4AI score0.94761EPSS
Exploits7References1
NCSC
NCSC
•added 2024/11/12 6:55 p.m.•8 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious person could exploit the vulnerabilities to execute arbitrary SQL code on the database environment. With the exception of the vulnerabilities marked CVE-2024-49021 and CVE-2024-49043, the vulnerabilities are in the SQL Native Client...

8.8CVSS7.9AI score0.01577EPSS
Exploits0
NCSC
NCSC
•added 2024/11/12 6:54 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges within the vulnerable components. The most serious vulnerability is in CycleCloud and has been assigned attribute CVE-2024-43602. CycleClou...

9.9CVSS9.1AI score0.02203EPSS
Exploits0
NCSC
NCSC
•added 2024/11/12 6:53 p.m.•8 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code User Rights - Execution of arbitrary code System Rights - Obtaining...

9.8CVSS8.8AI score0.81817EPSS
Exploits3
NCSC
NCSC
•added 2024/11/05 2:9 p.m.•8 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit the...

9.8CVSS7.7AI score0.00714EPSS
Exploits0References2
NCSC
NCSC
•added 2024/10/30 11:39 a.m.•8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Circumvention of security measu...

9.6CVSS8AI score0.01028EPSS
Exploits2References2
NCSC
NCSC
•added 2024/10/24 8:37 a.m.•8 views

Vulnerabilities fixed in Cisco Adaptive Security Appliance and Firepower Threat Defense

Cisco has fixed vulnerabilities in Adaptive Security Appliance ASA and Firepower Threat Defense FTD. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service on the system, disrupting the underlying service, bypassing implemented security measures to enable unauthorized...

9.9CVSS7.7AI score0.01158EPSS
Exploits0References11
NCSC
NCSC
•added 2024/10/18 9:26 a.m.•8 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in E-Business Suite. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Oracle has released updates to fix the vulnerabilities. See attached references for more information...

8.1CVSS8.8AI score0.00484EPSS
Exploits0References1
NCSC
NCSC
•added 2024/10/11 9:18 a.m.•8 views

Fixed vulnerabilities in several Veeam products.

Veeam has fixed vulnerabilities in several products, including Backup & Replication, ONE, Service Provider Console and Agent. UPDATE: POC code is now available online and CVE-2024-40711 has recently been actively abused to roll out ransomware. A malicious party can exploit the vulnerabilities to...

9.9CVSS8AI score0.88193EPSS
Exploits3References3
NCSC
NCSC
•added 2024/10/09 10:45 a.m.•8 views

Vulnerabilities fixed in Ivanti Avalanche

Ivanti has fixed vulnerabilities in Avalanche. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Accessing sensitive data Ivanti has release...

9.8CVSS7AI score0.5705EPSS
Exploits0References1
NCSC
NCSC
•added 2024/10/08 7:58 p.m.•8 views

Vulnerabilities fixed in Microsoft SQL Server Power BI Report Server

Microsoft fixed vulnerabilities in SQL Server Power BI Report Server A malicious party could exploit the vulnerabilities to impersonate another user and execute arbitrary code under their context, possibly with administrator privileges. Successful exploitation requires the malicious party to have...

8.8CVSS8.3AI score0.01855EPSS
Exploits0
NCSC
NCSC
•added 2024/09/10 6:28 p.m.•8 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to potentially execute code within the application, or to conduct a Cross-Site Scripting attack. Such an attack could result in execution of code in the...

9.8CVSS6.5AI score0.01362EPSS
Exploits0
NCSC
NCSC
•added 2024/08/22 1:5 p.m.•8 views

Vulnerabilities fixed in Solarwinds Web Helpdesk

Solarwinds fixed vulnerabilities in Web Helpdesk A malicious party can exploit the vulnerabilities to execute code on the system using Java deserialization. A malicious party can also use hardcoded credentials to gain access to data and functionality. Solarwinds developers have released a hotfix ...

9.8CVSS7.9AI score0.93299EPSS
Exploits5References1
NCSC
NCSC
•added 2024/08/14 12:58 p.m.•8 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Commerce and Magento. A malicious person could exploit the vulnerabilities to bypass security measures, grant themselves elevated privileges and execute arbitrary code with application privileges. Adobe has made updates available to fix the vulnerabilities. See...

9CVSS7.9AI score0.01529EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:52 p.m.•8 views

Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges and gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogu...

7.8CVSS7.8AI score0.0455EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:47 p.m.•8 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victi...

7.8CVSS7.9AI score0.00365EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/13 6:22 p.m.•8 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser...

8.2CVSS6.7AI score0.00941EPSS
Exploits0
NCSC
NCSC
•added 2024/08/13 6:21 p.m.•8 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to impersonate another user, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data in the victim's context. Successful exploitation require...

9.1CVSS7.4AI score0.19534EPSS
Exploits2
NCSC
NCSC
•added 2024/08/13 6:21 p.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in two Developer tools. Successful exploitation requires the malicious party to trick the victim into opening and processing a rogue file. Azure IoT SDK: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

7.5CVSS6.7AI score0.02701EPSS
Exploits0
NCSC
NCSC
•added 2024/08/13 6:20 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure components

Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges or impersonate another user. For successful abuse, the malicious party needs prior access to the vulnerable environment, or the malicious part...

9.3CVSS6.7AI score0.01833EPSS
Exploits0
NCSC
NCSC
•added 2024/08/08 8:1 a.m.•8 views

Vulnerabilities fixed in Cisco Small Business IP Phones

Cisco has fixed vulnerabilities in the firmware of Small Business IP Phone systems. A malicious party could exploit the vulnerabilities to execute arbitrary code on the vulnerable system without prior authentication. For successful exploitation, the malicious party must have access to the...

9.8CVSS7.9AI score0.07225EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/17 1:54 p.m.•8 views

Vulnerabilities fixed in Oracle Analytics

Vulnerabilities have been fixed in Oracle Analytics. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User right...

9.8CVSS7.5AI score0.9378EPSS
Exploits11References15
NCSC
NCSC
•added 2024/07/17 1:53 p.m.•8 views

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to sensitive data. Access to system data Manipulation of data Oracle has made updates available to fix the...

8.1CVSS8.4AI score0.004EPSS
Exploits0References12
NCSC
NCSC
•added 2024/07/11 8:22 a.m.•8 views

Vulnerability fixed in GitLab CE/EE

GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...

9.8CVSS6.8AI score0.06036EPSS
Exploits0References3
NCSC
NCSC
•added 2024/07/10 8:27 a.m.•8 views

Vulnerabilities fixed in Fortinet

Fortinet has fixed a number of vulnerabilities in FortiAIOps, Fortinet FortiPortal, FortiWeb and Fortinet FortiExtender. The most serious vulnerabilities are CVE-2024-23663, CVE-2024-27782 and CVE-2024-27784. Which are in Fortinet FortiExtender and FortiAIOps. Fortinet FortiExtender: Fortinet...

9.8CVSS7.2AI score0.00758EPSS
Exploits0References12
NCSC
NCSC
•added 2024/07/05 9:41 a.m.•8 views

Vulnerability fixed in GeoServer

The developers of GeoServer have fixed a vulnerability. Proof-of-Concept PoC code for this vulnerability has appeared on the Internet. The vulnerability resides in the way XPath expressions are processed by the API and allows a malicious person to use specially prepared XPath expressions to execu...

9.8CVSS7.2AI score0.99813EPSS
Exploits25References1
NCSC
NCSC
•added 2024/07/03 7:21 a.m.•8 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...

8.8CVSS7.7AI score0.00758EPSS
Exploits1References2
NCSC
NCSC
•added 2024/07/02 11:44 a.m.•8 views

Vulnerabilities fixed in Apache HHTP server

Apache Software Foundation has fixed vulnerabilities in the Apache HTTP Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service, manipulate traffic via Server-Side-Request-Forgery SSRF, or execute code within the Web server, which the malicious party is not initiall...

9.8CVSS8.5AI score0.99957EPSS
Exploits3References1
NCSC
NCSC
•added 2024/06/13 1:31 p.m.•8 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe has released updates to fix the...

7.8CVSS7.7AI score0.00315EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/11 6:15 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...

8.1CVSS7.5AI score0.02464EPSS
Exploits0
NCSC
NCSC
•added 2024/06/11 11:33 a.m.•8 views

Vulnerabilities fixed in Veeam Backup Enterprise Manager

Veeam has fixed vulnerabilities in Backup Enterprise Manager. A malicious party could exploit the vulnerabilities to access user accounts active within Enterprise Manager without prior authentication to gain access to sensitive data within the context of the acquired account, and potentially...

9.8CVSS10AI score0.16673EPSS
Exploits1References1
NCSC
NCSC
•added 2024/05/16 12:54 p.m.•8 views

Vulnerabilities fixed in Adobe FrameMaker

Adobe has fixed vulnerabilities in FrameMaker. A malicious party can exploit the vulnerabilities to execute arbitrary code with the victim's privileges, and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...

7.8CVSS7.7AI score0.0034EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:43 p.m.•8 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate VPN traffic, or potentially execute code on the management interface. For successful execution of arbitrary code, the malicious party must have access to the...

7.5CVSS7.7AI score0.014EPSS
Exploits0References7
NCSC
NCSC
•added 2024/05/15 12:47 p.m.•8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Remote code execution Administrator/Root rights - Remote code execution User rights - Access to...

9.8CVSS7.2AI score0.01325EPSS
Exploits1References1
Total number of security vulnerabilities4190