Lucene search
K
NcscMost viewed

4192 matches found

NCSC
NCSC
•added 2024/08/22 1:5 p.m.•8 views

Vulnerabilities fixed in Solarwinds Web Helpdesk

Solarwinds fixed vulnerabilities in Web Helpdesk A malicious party can exploit the vulnerabilities to execute code on the system using Java deserialization. A malicious party can also use hardcoded credentials to gain access to data and functionality. Solarwinds developers have released a hotfix ...

9.8CVSS7.9AI score0.93299EPSS
Exploits5References1
NCSC
NCSC
•added 2024/08/22 11:40 a.m.•8 views

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in the Enterprise Server. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Also, under certain, unspecified conditions, a malicious party can use rogue SAML traffic to gain access to any account, including...

9.8CVSS7.3AI score0.01527EPSS
Exploits0References4
NCSC
NCSC
•added 2024/08/14 12:58 p.m.•8 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Commerce and Magento. A malicious person could exploit the vulnerabilities to bypass security measures, grant themselves elevated privileges and execute arbitrary code with application privileges. Adobe has made updates available to fix the vulnerabilities. See...

9CVSS7.9AI score0.01529EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:52 p.m.•8 views

Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges and gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogu...

7.8CVSS7.8AI score0.0455EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:47 p.m.•8 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victi...

7.8CVSS7.9AI score0.00365EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/13 6:22 p.m.•8 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser...

8.2CVSS6.7AI score0.00941EPSS
Exploits0
NCSC
NCSC
•added 2024/08/13 6:21 p.m.•8 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to impersonate another user, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data in the victim's context. Successful exploitation require...

9.1CVSS7.4AI score0.19534EPSS
Exploits2
NCSC
NCSC
•added 2024/08/13 6:21 p.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in two Developer tools. Successful exploitation requires the malicious party to trick the victim into opening and processing a rogue file. Azure IoT SDK: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

7.5CVSS6.7AI score0.02701EPSS
Exploits0
NCSC
NCSC
•added 2024/08/13 6:20 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure components

Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges or impersonate another user. For successful abuse, the malicious party needs prior access to the vulnerable environment, or the malicious part...

9.3CVSS6.7AI score0.01833EPSS
Exploits0
NCSC
NCSC
•added 2024/08/08 8:1 a.m.•8 views

Vulnerabilities fixed in Cisco Small Business IP Phones

Cisco has fixed vulnerabilities in the firmware of Small Business IP Phone systems. A malicious party could exploit the vulnerabilities to execute arbitrary code on the vulnerable system without prior authentication. For successful exploitation, the malicious party must have access to the...

9.8CVSS7.9AI score0.07225EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/17 1:53 p.m.•8 views

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to sensitive data. Access to system data Manipulation of data Oracle has made updates available to fix the...

8.1CVSS8.4AI score0.004EPSS
Exploits0References12
NCSC
NCSC
•added 2024/07/11 8:22 a.m.•8 views

Vulnerability fixed in GitLab CE/EE

GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...

9.8CVSS6.8AI score0.06036EPSS
Exploits0References3
NCSC
NCSC
•added 2024/07/10 8:27 a.m.•8 views

Vulnerabilities fixed in Fortinet

Fortinet has fixed a number of vulnerabilities in FortiAIOps, Fortinet FortiPortal, FortiWeb and Fortinet FortiExtender. The most serious vulnerabilities are CVE-2024-23663, CVE-2024-27782 and CVE-2024-27784. Which are in Fortinet FortiExtender and FortiAIOps. Fortinet FortiExtender: Fortinet...

9.8CVSS7.2AI score0.00758EPSS
Exploits0References12
NCSC
NCSC
•added 2024/07/05 9:41 a.m.•8 views

Vulnerability fixed in GeoServer

The developers of GeoServer have fixed a vulnerability. Proof-of-Concept PoC code for this vulnerability has appeared on the Internet. The vulnerability resides in the way XPath expressions are processed by the API and allows a malicious person to use specially prepared XPath expressions to execu...

9.8CVSS7.2AI score0.99813EPSS
Exploits25References1
NCSC
NCSC
•added 2024/07/03 7:21 a.m.•8 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...

8.8CVSS7.7AI score0.00758EPSS
Exploits1References2
NCSC
NCSC
•added 2024/07/02 7:4 a.m.•8 views

Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder

Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...

10CVSS7.1AI score0.00711EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/13 1:31 p.m.•8 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe has released updates to fix the...

7.8CVSS7.7AI score0.00315EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/11 6:15 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...

8.1CVSS7.5AI score0.02464EPSS
Exploits0
NCSC
NCSC
•added 2024/06/11 11:33 a.m.•8 views

Vulnerabilities fixed in Veeam Backup Enterprise Manager

Veeam has fixed vulnerabilities in Backup Enterprise Manager. A malicious party could exploit the vulnerabilities to access user accounts active within Enterprise Manager without prior authentication to gain access to sensitive data within the context of the acquired account, and potentially...

9.8CVSS10AI score0.16673EPSS
Exploits1References1
NCSC
NCSC
•added 2024/05/16 12:43 p.m.•8 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate VPN traffic, or potentially execute code on the management interface. For successful execution of arbitrary code, the malicious party must have access to the...

7.5CVSS7.7AI score0.014EPSS
Exploits0References7
NCSC
NCSC
•added 2024/05/15 12:47 p.m.•8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Remote code execution Administrator/Root rights - Remote code execution User rights - Access to...

9.8CVSS7.2AI score0.01325EPSS
Exploits1References1
NCSC
NCSC
•added 2024/05/15 12:29 p.m.•8 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla fixed vulnerabilities in Firefox and Thunderbird A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution User rights Mozilla has released...

9.8CVSS9.5AI score0.72648EPSS
Exploits23References3
NCSC
NCSC
•added 2024/05/15 11:18 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of security measure - Remote code execution User rights - Remote cod...

9.8CVSS7AI score0.01411EPSS
Exploits3References3
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in several PeopleSoft products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution User Rights Access to sensitive data...

9.8CVSS7AI score0.78483EPSS
Exploits12
NCSC
NCSC
•added 2024/04/11 12:0 a.m.•8 views

Vulnerability fixed in Adobe Media Encoder

Adobe has fixed a vulnerability in Media Encoder. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into opening a rogue media file. Adobe has...

7.8CVSS7.7AI score0.00612EPSS
Exploits0
NCSC
NCSC
•added 2024/04/10 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Azure products

Microsoft has fixed vulnerabilities in Azure and various applications within Azure. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system...

9CVSS7AI score0.18008EPSS
Exploits0
NCSC
NCSC
•added 2024/04/09 12:0 a.m.•8 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Netweaver, HANA, Fiori and Business Objects. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

8.8CVSS6.3AI score0.00726EPSS
Exploits0
NCSC
NCSC
•added 2024/03/29 12:0 a.m.•8 views

Vulnerability fixed in liblzma (XZ Utils)

Malicious code has been found in liblzma XZ Utils software. XZ Utils is used for compression of data and may be present in Linux distributions. The vulnerability has been labeled CVE-2024-3094 and has been found in versions 5.6.0 and 5.6.1 of XZ Utils. A malicious party can exploit the...

10CVSS7.2AI score0.85974EPSS
Exploits40
NCSC
NCSC
•added 2024/03/26 12:0 a.m.•8 views

Vulnerabilities fixed in MISP

The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities allow a malicious person to to bypass security measures. The MISP community has released updates to fix the vulnerabilities fixes in MISP. For more information, see: https://github.com/MISP/MISP/commit...

9.8CVSS7AI score0.00816EPSS
Exploits0
NCSC
NCSC
•added 2024/03/15 12:0 a.m.•8 views

Vulnerabilities fixed in Fortinet FortiManager, FortiAnalyzer and FortiClient-EMS

Vulnerabilities have been fixed in Fortinet FortiManager, FortiAnalyzer and FortiClient-EMS. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: SQL Injection; Manipulation of data; Remote code execution User Rights; Circumvention of...

9.8CVSS8.6AI score0.97591EPSS
Exploits4
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft System Center

Microsoft has fixed vulnerabilities in two System Center components. A malicious party could exploit the vulnerabilities to bypass security measures, grant himself elevated privileges grant themselves elevated privileges or execute arbitrary code. Open Management Infrastructure:...

9.8CVSS7.1AI score0.20157EPSS
Exploits0
NCSC
NCSC
•added 2024/02/29 12:0 a.m.•8 views

Vulnerabilities fixed in Nvidia GPU driver

Nvidia has fixed vulnerabilities in its driver for GPU chipsets and associated controller software. A local malicious party could exploit the vulnerabilities to cause a denial-of-service cause, or to grant themselves elevated privileges in order to execute arbitrary code with privileges from SYST...

7.8CVSS7.4AI score0.00381EPSS
Exploits0
NCSC
NCSC
•added 2024/02/15 12:0 a.m.•8 views

Vulnerabilities fixed in ISC BIND

ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND 9.19.21, 9.18.24 S1, 9.16.48 S1 For more information, see: https://kb.isc.org/docs/cve-2023-4408...

7.5CVSS7AI score0.99995EPSS
Exploits1
NCSC
NCSC
•added 2024/02/14 12:0 a.m.•8 views

Vulnerabilities fixed in Adobe Acrobat and Reader

Adobe has fixed vulnerabilities in Adobe Acrobat and Reader. A malicious party can exploit the vulnerabilities to cause a denial-of-service DoS, execute arbitrary code execute with the victim's privileges and to gain access to sensitive data in the victim's context. To exploit the exploit...

7.8CVSS7.5AI score0.04448EPSS
Exploits0
NCSC
NCSC
•added 2024/02/08 12:0 a.m.•8 views

Vulnerabilities fixed in VMware Aria Operations Networks

VMWare has fixed vulnerabilities in Aria Operations Networks, formerly known as vRealize Network Insight. A malicious party could exploit the vulnerabilities to gain access to sensitive data, to elevate privileges or to launch a Cross-Site Scripting XSS attack. The vulnerability marked...

7.8CVSS6.7AI score0.37849EPSS
Exploits0
NCSC
NCSC
•added 2024/01/26 12:0 a.m.•8 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...

9.9CVSS7.8AI score0.04392EPSS
Exploits3
NCSC
NCSC
•added 2024/01/23 12:0 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User rights Access to...

9.8CVSS7.6AI score0.78483EPSS
Exploits13
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle Siebel CRM

Oracle has fixed vulnerabilities in Siebel CRM. A unauthenticated malicious person could exploit the vulnerabilities to cause a denial-of-service. Oracle has made updates available to fix the vulnerabilities. fix. For more information, see: https://www.oracle.com/security-alerts/cpujan2024.html...

7.5CVSS6.7AI score0.99999EPSS
Exploits20
NCSC
NCSC
•added 2023/12/14 12:0 a.m.•8 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS, as used in FortiProxy and FortiPAM. An unauthenticated malicious person could exploit the vulnerability with reference CVE-2023-47536 to exploit a security measure to bypass and route traffic through the system that should not be allowed should be...

8.8CVSS7.2AI score0.01068EPSS
Exploits0
NCSC
NCSC
•added 2023/12/07 12:0 a.m.•8 views

Vulnerability fixed in Apache Struts

Apache Foundation has fixed a vulnerability in Struts. A malicious person with rights to upload files can exploit the exploit the vulnerability to upload a rogue file to potentially potentially execute or cause to be executed arbitrary code within the application using Struts. Apache Foundation h...

9.8CVSS9.5AI score0.80819EPSS
Exploits15
NCSC
NCSC
•added 2023/11/30 12:0 a.m.•8 views

Vulnerabilities fixed in QlikTech Qlik Sense Vulnerabilities fixed in QlikTech Qlik Sense

QlikTech has fixed vulnerabilities in Qlik Sense Enterprise. An unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code on the system where Qlik Sense is installed, potentially taking over that system. take over. Qlik Sense reports having received reports that...

9.9CVSS8AI score0.84967EPSS
Exploits0
NCSC
NCSC
•added 2023/11/16 12:0 a.m.•8 views

Vulnerabilities fixed in Adobe Photoshop

Adobe has fixed vulnerabilities in Photoshop. A malicious person can exploit the vulnerabilities to execute arbitrary code with privileges of the victim and to gain access to sensitive data in the victim's context. Successful exploitation requires the malicious party to trick the victim into...

7.8CVSS7.6AI score0.00328EPSS
Exploits0
NCSC
NCSC
•added 2023/11/14 12:0 a.m.•8 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products including. SIMATIC, SINEC, SIPROTEC and RUGGEDCOM. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention o...

9.8CVSS8.3AI score0.99735EPSS
Exploits20
NCSC
NCSC
•added 2023/11/13 12:0 a.m.•8 views

Vulnerabilities fixed in Ivanti Secure Access Client

Ivanti has fixed vulnerabilities in Secure Access Client formerly Pulse Secure Desktop Client. A local malicious person could exploit the vulnerabilities to grant himself elevated privileges granted and thus execute code with potentially system privileges and/or gain access to sensitive data...

8.8CVSS7.3AI score0.00713EPSS
Exploits1
NCSC
NCSC
•added 2023/10/30 12:0 a.m.•8 views

Vulnerability fixed in Apache ActiveMQ

The Apache Foundation has fixed a vulnerability in ActiveMQ. A malicious party could exploit the vulnerability to execute arbitrary execute arbitrary code on the system where ActiveMQ is installed. Apache Foundation has released updates to fix the vulnerability fix in ActiveMQ 5.15.16, 5.16.7,...

10CVSS9.2AI score0.99654EPSS
Exploits31
NCSC
NCSC
•added 2023/10/19 12:0 a.m.•8 views

Vulnerability fixed in Oracle JD Edwards

A vulnerability has been fixed in Oracle JD Edwards products. A malicious party could exploit the vulnerability to gain access gain access to sensitive data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...

5.3CVSS7.3AI score0.08665EPSS
Exploits1
NCSC
NCSC
•added 2023/10/16 12:0 a.m.•8 views

Vulnerabilities fixed Node.js

Several vulnerabilities have been fixed in Node.js. A malicious party could potentially exploit the vulnerabilities remotely to cause a denial-of-service DoS, bypass of authentication and/or gaining access to sensitive data. The vulnerability with attribute CVE-2023-44487 is a Denial-of-Service D...

9.8CVSS7.5AI score0.99999EPSS
Exploits19
NCSC
NCSC
•added 2023/10/11 12:0 a.m.•8 views

Vulnerabilities fixed in NetScaler ADC and NetScaler Gateway

Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to obtain sensitive information or cause a denial-of-service attack. Citrix has released updates to fix the vulnerabilities. For more information, see:...

9.4CVSS9.1AI score0.99999EPSS
Exploits15
NCSC
NCSC
•added 2023/09/28 12:0 a.m.•8 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. Although a total of 10 vulnerabilities have been fixed, Google has made some information of only 3 vulnerabilities made some information available. The listed vulnerabilities allow a malicious party to cause a denial-of-service, or to execute arbitrary...

8.8CVSS7.6AI score0.49013EPSS
Exploits3
NCSC
NCSC
•added 2023/09/11 12:0 a.m.•8 views

Vulnerabilities fixed in Notepad++

Vulnerabilities have been fixed in Notepad++. A malicious person could exploit the vulnerabilities to gain access to memory locations to which the malicious party is not authorized, or potentially execute arbitrary code with privileges of the victim. Successful exploitation requires the malicious...

7.8CVSS8AI score0.00549EPSS
Exploits4
Total number of security vulnerabilities4192