Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2024/08/22 11:40 a.m.•7 views

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in the Enterprise Server. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Also, under certain, unspecified conditions, a malicious party can use rogue SAML traffic to gain access to any account, including...

9.8CVSS7.3AI score0.01527EPSS
Exploits0References4
NCSC
NCSC
•added 2024/08/08 8:1 a.m.•7 views

Vulnerabilities fixed in Cisco Small Business IP Phones

Cisco has fixed vulnerabilities in the firmware of Small Business IP Phone systems. A malicious party could exploit the vulnerabilities to execute arbitrary code on the vulnerable system without prior authentication. For successful exploitation, the malicious party must have access to the...

9.8CVSS7.9AI score0.07225EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/17 1:55 p.m.•7 views

Vulnerabilities fixed in Oracle Systems

Vulnerabilities have been fixed in Oracle Systems. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has made updates available to fix the vulnerabilities. See the...

4.7CVSS8.4AI score0.00384EPSS
Exploits0References4
NCSC
NCSC
•added 2024/07/17 1:55 p.m.•7 views

Vulnerabilities fixed in Oracle Supply Chain

Vulnerabilities have been fixed in Oracle Supply Chain. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User...

8.8CVSS7.6AI score0.99999EPSS
Exploits22References7
NCSC
NCSC
•added 2024/07/17 1:55 p.m.•7 views

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User righ...

9.8CVSS8.2AI score0.17673EPSS
Exploits7References14
NCSC
NCSC
•added 2024/07/17 1:54 p.m.•7 views

Vulnerabilities fixed in Oracle JD Edwards

Vulnerabilities have been fixed in Oracle JD Edwards. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...

7.5CVSS7.5AI score0.02577EPSS
Exploits1References10
NCSC
NCSC
•added 2024/07/17 1:53 p.m.•7 views

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to sensitive data. Access to system data Manipulation of data Oracle has made updates available to fix the...

8.1CVSS8.4AI score0.004EPSS
Exploits0References12
NCSC
NCSC
•added 2024/07/11 8:22 a.m.•7 views

Vulnerability fixed in GitLab CE/EE

GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...

9.8CVSS6.8AI score0.06036EPSS
Exploits0References3
NCSC
NCSC
•added 2024/07/02 7:4 a.m.•7 views

Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder

Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...

10CVSS7.1AI score0.00711EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/14 9:37 a.m.•7 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Endpoint Manager. A malicious party can exploit the vulnerabilities to execute arbitrary code on the system using SQL Injection. For successful abuse, the malicious party must have access to the local infrastructure where the EPM system is implemented...

9.6CVSS8.2AI score0.99951EPSS
Exploits5References1
NCSC
NCSC
•added 2024/06/14 6:27 a.m.•7 views

Vulnerability fixed in Adobe Creative Cloud Desktop Application

Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A malicious person could exploit the vulnerability to execute arbitrary code with the victim's privileges. For successful abuse, the malicious party must trick the victim into opening a rogue file. Adobe has released updates t...

7.1CVSS7.8AI score0.00298EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/11 6:15 p.m.•7 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...

8.1CVSS7.5AI score0.02464EPSS
Exploits0
NCSC
NCSC
•added 2024/06/11 11:51 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro fixed vulnerabilities in Apex One A local malicious party could exploit the vulnerabilities to cause a denial-of-service DoS, or grant themselves elevated privileges and potentially execute arbitrary code on the local system. Trend Micro has released updates to fix the vulnerabilities...

7.8CVSS7.6AI score0.00889EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/11 11:33 a.m.•7 views

Vulnerabilities fixed in Veeam Backup Enterprise Manager

Veeam has fixed vulnerabilities in Backup Enterprise Manager. A malicious party could exploit the vulnerabilities to access user accounts active within Enterprise Manager without prior authentication to gain access to sensitive data within the context of the acquired account, and potentially...

9.8CVSS10AI score0.16673EPSS
Exploits1References1
NCSC
NCSC
•added 2024/05/17 11:28 a.m.•7 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including NetWeaver, Business Objects, HANA and SAP GUI. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Denial-of-Service DoS. - Manipulation ...

9.6CVSS7.7AI score0.02276EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:59 p.m.•7 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...

7.8CVSS7.7AI score0.00372EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:44 p.m.•7 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or gain access to sensitive data. Adobe has released updates to fix the vulnerabilities in Acrobat Reader DC 24.002.20759 and Acrobat Read...

7.8CVSS7.8AI score0.04257EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:43 p.m.•7 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate VPN traffic, or potentially execute code on the management interface. For successful execution of arbitrary code, the malicious party must have access to the...

7.5CVSS7.7AI score0.014EPSS
Exploits0References7
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•7 views

Vulnerability fixed in Microsoft Edge

Microsoft has fixed a vulnerability in Edge. A malicious party could exploit the vulnerability to gain access to system data. For successful abuse, the malicious party must trick the victim into opening a rogue link. This update also includes the vulnerabilities marked CVE-2024-4558, CVE-2024-455...

9.6CVSS7.6AI score0.08348EPSS
Exploits4
NCSC
NCSC
•added 2024/05/07 12:0 a.m.•7 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant himself elevated privileges granted, thus executing code with the victim's privileges or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...

9.8CVSS7.3AI score0.00786EPSS
Exploits2
NCSC
NCSC
•added 2024/05/02 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco IP phones

Cisco has fixed vulnerabilities in the firmware of several IP Phone systems. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data on the vulnerable device and thus potentially manipulate phone calls. Cisco has released updates to fix t...

7.5CVSS7AI score0.00873EPSS
Exploits0
NCSC
NCSC
•added 2024/04/29 12:0 a.m.•7 views

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Bypassing authentication. Circumvention of security measure Remote code execution Administrator/Root right...

8.8CVSS8AI score0.4158EPSS
Exploits0
NCSC
NCSC
•added 2024/04/24 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA) and Firepower Threat defense (FTD).

Cisco has fixed actively exploited vulnerabilities in Adaptive Security Appliance and Firepower Threat defense FTD. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Remote code executi...

8.6CVSS8AI score0.63272EPSS
Exploits2
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Supply Chain products

Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...

8.1CVSS7.3AI score0.46836EPSS
Exploits3
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in several Java products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive data...

8.8CVSS7.4AI score0.29179EPSS
Exploits3
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed vulnerabilities in several Analytics products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...

9.8CVSS7.3AI score0.05533EPSS
Exploits0
NCSC
NCSC
•added 2024/04/12 12:0 a.m.•7 views

Vulnerability discovered in Palo Alto PAN-OS

Palo Alto has discovered a vulnerability in PAN-OS. A unauthenticated malicious person can exploit the vulnerability to execute arbitrary code on the vulnerable system with root privileges. The vulnerability is found only in PAN-OS versions 10.2, 11.0 and 11.1, if both the GlobalProtect Gateway a...

10CVSS7.3AI score0.99999EPSS
Exploits43
NCSC
NCSC
•added 2024/04/05 12:0 a.m.•7 views

Vulnerabilities fixed in Broadcom Brocade Fabric OS

Broadcom has fixed vulnerabilities in Brocade Fabric OS. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code on the system, or to manipulate the operation of the system manipulate. To do this, the malicious party does not need prior authentication...

9.8CVSS7.9AI score0.01205EPSS
Exploits1
NCSC
NCSC
•added 2024/04/04 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Identity Services Engine. The vulnerabilities are located in the management interface and allow a malicious person with access to that interface to perform a Server-Side-Request-Forgery, or a Cross-Site-Request-Forgery to perform execution. Such an attack can le...

8.8CVSS7.2AI score0.00369EPSS
Exploits0
NCSC
NCSC
•added 2024/04/02 12:0 a.m.•7 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or grant themselves elevated privileges to gain gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into followi...

9.8CVSS6.8AI score0.00878EPSS
Exploits0
NCSC
NCSC
•added 2024/04/02 12:0 a.m.•7 views

Vulnerability fixed in Flexera Software FlexNet Publisher

Flexera Software has fixed a vulnerability in FlexNet Publisher. A local malicious person could exploit the vulnerability to grant itself elevated privileges and execute code with elevated privileges. To exploit the vulnerability, a malicious party must load a specially prepared SSL configuration...

8.5CVSS6.8AI score0.00419EPSS
Exploits0
NCSC
NCSC
•added 2024/03/29 12:0 a.m.•7 views

Vulnerability fixed in liblzma (XZ Utils)

Malicious code has been found in liblzma XZ Utils software. XZ Utils is used for compression of data and may be present in Linux distributions. The vulnerability has been labeled CVE-2024-3094 and has been found in versions 5.6.0 and 5.6.1 of XZ Utils. A malicious party can exploit the...

10CVSS7.2AI score0.85974EPSS
Exploits40
NCSC
NCSC
•added 2024/03/29 12:0 a.m.•7 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS GitLab has released updates to fix th...

8.7CVSS6.5AI score0.00945EPSS
Exploits1
NCSC
NCSC
•added 2024/03/28 12:0 a.m.•7 views

Vulnerabilities fixed in Synology Surveillance Station

Synology has fixed vulnerabilities in Surveillance Station. A malicious party can exploit the vulnerabilities to execute arbitrary code via SQL injection to execute arbitrary code, or gain access to sensitive data. Synology has released updates to fix the vulnerabilities in Surveillance Station...

9.9CVSS8AI score0.00797EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe Bridge

Adobe has fixed vulnerabilities in Adobe Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...

7.8CVSS7.4AI score0.07758EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•7 views

Vulnerability fixed in Adobe ColdFusion

Adobe has fixed a vulnerability in ColdFusion. A malicious party can exploit the vulnerability to bypass a security measure to bypass the vulnerability and thus gain access to sensitive data in the affected Adobe ColdFusion application. Adobe has released updates to fix the vulnerability in...

7.4CVSS7AI score0.98514EPSS
Exploits7
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...

8.8CVSS8AI score0.30504EPSS
Exploits0
NCSC
NCSC
•added 2024/02/23 12:0 a.m.•7 views

Vulnerability fixed in SonicWall SSL-VPN products

SonicWall has fixed a vulnerability in SMA 100 series SSL VPNs. An authenticated malicious party can exploit the vulnerability exploit the vulnerability to establish a link to the mobile MFA device of another user and thus potentially gain access to sensitive data in the victim's context. SonicWa...

6.3CVSS6.8AI score0.00433EPSS
Exploits0
NCSC
NCSC
•added 2024/02/15 12:0 a.m.•7 views

Vulnerabilities fixed in ISC BIND

ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND 9.19.21, 9.18.24 S1, 9.16.48 S1 For more information, see: https://kb.isc.org/docs/cve-2023-4408...

7.5CVSS7AI score0.99995EPSS
Exploits1
NCSC
NCSC
•added 2024/02/14 12:0 a.m.•7 views

Vulnerability fixed in Adobe Audition

Adobe has fixed a vulnerability in Adobe Audition. The vulnerability allows a malicious person to execute arbitrary code execute arbitrary code with the victim's privileges. Successful exploit requires user interaction from the victim. Adobe has released updates to fix the vulnerabilities in...

7.8CVSS7.7AI score0.00612EPSS
Exploits0
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of the...

8.2CVSS6.5AI score0.01725EPSS
Exploits0
NCSC
NCSC
•added 2024/02/07 12:0 a.m.•7 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Increased user privileges Successful misuse requires...

9.8CVSS7.5AI score0.01954EPSS
Exploits1
NCSC
NCSC
•added 2024/01/26 12:0 a.m.•7 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...

9.9CVSS7.8AI score0.04392EPSS
Exploits3
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•7 views

Vulnerabilities fixed iin Oracle JD Edwards

Oracle has fixed vulnerabilities in JD Edwards. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Oracle has fixed the...

9.8CVSS7.6AI score0.73461EPSS
Exploits2
NCSC
NCSC
•added 2023/12/29 12:0 a.m.•7 views

Vulnerabilities fixed in Apache OpenOffice

Apache has fixed vulnerabilities in OpenOffice. A malicious party can exploit the vulnerabilities to execute arbitrary code execute arbitrary code in the context of the application, with permissions from the victim, or to bypass a security measure. Apache has released updates to fix the...

8.8CVSS8.3AI score0.65692EPSS
Exploits1
NCSC
NCSC
•added 2023/12/22 12:0 a.m.•7 views

Vulnerability fixed in IBM Informix

IBM has fixed a vulnerability in the JDBC driver of Informix. A malicious person with rights to use the API could can exploit the vulnerability to execute arbitrary code execute code with permissions from the application using the JDBC driver. Because it cannot be estimated with what permissions...

9.8CVSS7.8AI score0.00863EPSS
Exploits0
NCSC
NCSC
•added 2023/12/14 12:0 a.m.•7 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS, as used in FortiProxy and FortiPAM. An unauthenticated malicious person could exploit the vulnerability with reference CVE-2023-47536 to exploit a security measure to bypass and route traffic through the system that should not be allowed should be...

8.8CVSS7.2AI score0.01068EPSS
Exploits0
NCSC
NCSC
•added 2023/12/14 12:0 a.m.•7 views

Vulnerabilities fixed in Fortinet FortiSandbox

Fortinet has fixed vulnerabilities in FortiSandbox. A malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser...

5.4CVSS7.2AI score0.00434EPSS
Exploits0
NCSC
NCSC
•added 2023/12/13 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe After Effects

Adobe has fixed vulnerabilities in After Effects. A malicious party could exploit the vulnerabilities to gain access to system data, or to execute arbitrary code with privileges of the victim. The malicious party does not need any prior authorizations required. Adobe has released updates to fix t...

7.8CVSS8AI score0.00568EPSS
Exploits0
NCSC
NCSC
•added 2023/12/04 12:0 a.m.•7 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a denial-of-service DoS cause, manipulate data, or launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary co...

8.7CVSS7.2AI score0.00579EPSS
Exploits0
Total number of security vulnerabilities4190