Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
added 2025/02/13 9:48 a.m.6 views

Vulnerability fixed in Veeam

Veeam has fixed a vulnerability in the Veeam Updater component. The vulnerability is in how the Veeam Updater component validates TLS certificates. Insufficient validation can allow Man-in-the-Middle attackers to execute arbitrary code on affected servers. This can lead to unauthorized access and...

9CVSS7.6AI score0.00626EPSS
Exploits0References1
NCSC
NCSC
added 2025/02/13 8:22 a.m.6 views

Vulnerability fixed in CrowdStrike Falcon sensor

CrowdStrike has fixed a vulnerability in its Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability is in the Falcon sensor's validation logic, which could lead to a man-in-the-middle attack. While there is no evidence of exploitation relat...

8.1CVSS6.7AI score0.00269EPSS
Exploits0References1
NCSC
NCSC
added 2025/02/11 9:54 a.m.6 views

Vulnerability fixed in Apple iOS and iPadOS

Apple has fixed a vulnerability in iOS and iPadOS. A malicious person with physical access to the vulnerable device can exploit the vulnerability to bypass USB restrictions, even when the system is locked. This allows the malicious party to install arbitrary software on the device. Successful abu...

6.1CVSS8AI score0.04906EPSS
Exploits0References2
NCSC
NCSC
added 2025/01/29 10:35 a.m.6 views

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Site. The vulnerabilities are related to improper permissions settings on the remote debugger port, allowing unauthenticated users to access system configurations. This can lead to unauthorized changes. In addition, there is a loca...

7CVSS7.8AI score0.00247EPSS
Exploits0References1
NCSC
NCSC
added 2025/01/29 10:32 a.m.6 views

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the vulnerable system elevated privileges. For successful exploitation, the malicious party must ha...

9.3CVSS8AI score0.00715EPSS
Exploits0References1
NCSC
NCSC
added 2025/01/28 10:43 a.m.6 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for the Advanced Outbound Telephony, Project Foundation, Customer Care and Workflow components. The vulnerabilities are in several components of the Oracle E-Business Suite. The Advanced Outbound Telephony component contains...

8.1CVSS9.1AI score0.00539EPSS
Exploits0References1
NCSC
NCSC
added 2025/01/22 1:31 p.m.6 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle fixed vulnerabilities in Oracle Enterprise Manager A malicious party could exploit the vulnerabilities to gain access to sensitive data or cause a Denial-of-Service. Oracle has released updates to fix the vulnerabilities. See attached references for more information...

10CVSS7.4AI score0.54862EPSS
Exploits10References1
NCSC
NCSC
added 2025/01/15 11:47 a.m.6 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 134 and 128.6. The vulnerabilities include client-side path traversal, privilege escalation and use-after-free conditions. These vulnerabilities can be exploited by malicious parties to gain unauthorized...

9.8CVSS10AI score0.1307EPSS
Exploits0References6
NCSC
NCSC
added 2025/01/14 7:20 p.m.6 views

Vulnerability fixed in Microsoft Dynamics Power Automate

Microsoft has fixed a vulnerability in Power Automate for Desktops. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into...

7.8CVSS7.2AI score0.00732EPSS
Exploits0
NCSC
NCSC
added 2025/01/14 7:18 p.m.6 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure products. A malicious person with prior authentication could exploit the vulnerabilities to gain access to sensitive data in the victim's context. Successful misuse requires the victim to log in, where the malicious person manages to win a race...

8.8CVSS6.6AI score0.0145EPSS
Exploits0
NCSC
NCSC
added 2025/01/08 11:0 a.m.6 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Ivanti Connect Secure Specific for versions prior to 22.7R2.4 and Policy Secure Specific for versions prior to 22.7R1.2. The vulnerabilities are in the Secure Application Manager component and the IPSEC component of Ivanti Connect Secure and Policy Secure and d...

9.1CVSS8.1AI score0.01847EPSS
Exploits0References1
NCSC
NCSC
added 2025/01/06 7:30 a.m.6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. UPDATE: Researchers have published proof of concept PoC code demonstrating the vulnerability with attribute CVE-2024-49113. Successful exploitation requires the malicious party to have access to both a DC with LDAP and a rogue server under their own...

9.8CVSS9.7AI score0.83642EPSS
Exploits12
NCSC
NCSC
added 2024/12/27 1:26 p.m.6 views

Vulnerability fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS processes specially crafted DNS packets from attackers. This can lead to a device reboot and, on repeated attempts, the firewall can enter maintenance mode. Palo Alto says it has received reports from...

8.7CVSS8.9AI score0.26636EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/19 2:54 p.m.6 views

Vulnerabilities fixed in Rockwell Automation Power Monitor 1000

Rockwell Automation has fixed vulnerabilities in the Power Monitor 1000. The vulnerabilities are in the API of the Power Monitor 1000, which allows unauthorized users to configure new Policyholder users with high privileges. This allows attackers to edit existing users, create new administrators...

9.3CVSS7.8AI score0.00862EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/19 2:53 p.m.6 views

Vulnerability fixed in Fortinet FortiWLM

Fortinet has fixed a vulnerability in FortiWLM Specifically for versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4. The vulnerability is located in FortiWLM's relative path-traversal functionality, which allows remote, unauthenticated attackers to execute unauthorized code via specially crafted Web...

9.8CVSS7.3AI score0.24901EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/13 10:3 a.m.6 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 11.0 to 17.6.2. The vulnerabilities are located in several versions of GitLab CE/EE and allow attackers to create groups with names that match existing unique domains, which can lead to domain confusion. In addition, users...

8.7CVSS7.2AI score0.00765EPSS
Exploits8References1
NCSC
NCSC
added 2024/12/11 8:34 a.m.6 views

Vulnerability fixed in Adobe After Effects

Adobe has fixed a vulnerability in Adobe After Effects Specifically for versions 24.6.2, 25.0.1 and earlier. The vulnerability is in the way Adobe After Effects handles files. When a user opens a maliciously crafted file, it can cause a buffer overflow, which can result in the execution of...

7.8CVSS7.5AI score0.00459EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/11 8:20 a.m.6 views

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID19.5, ID18.5.4 and earlier. The vulnerabilities include stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read, all of which can lead to code execution when a user opens a malicious file. Thes...

7.8CVSS8.1AI score0.00391EPSS
Exploits0References1
NCSC
NCSC
added 2024/12/02 10:55 a.m.6 views

Vulnerabilities fixed in IBM Security Verify Access Appliance

IBM has fixed vulnerabilities in IBM Security Verify Access Appliance Versions 10.0.0 to 10.0.8. The vulnerabilities include an ability for remote authenticated attackers to execute arbitrary commands on the system, privilege escalation for locally authenticated non-administrative users through...

9.8CVSS7.7AI score0.0077EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/25 9:4 a.m.6 views

Vulnerabilities discovered in Veritas Enterprise Vault

Vulnerabilities have been discovered in Veritas Enterprise Vault Specifically for versions earlier than 15.2. The vulnerabilities are in how Veritas Enterprise Vault handles the deserialization of untrusted data sent through a .NET Remoting TCP port. This enables malicious actors to execute...

9.8CVSS7.5AI score0.00907EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/19 9:41 a.m.6 views

Vulnerability fixed in Oracle Agile PLM Framework

Oracle has fixed a vulnerability in version 9.3.6 of the Agile PLM Framework. The vulnerability allows unauthenticated attackers with network access to gain access to sensitive data. Oracle has released an out-of-band update to fix the vulnerability. See attached references for more information...

7.5CVSS9.3AI score0.01496EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/15 12:29 p.m.6 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...

8.8CVSS6.7AI score0.00543EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/14 12:42 p.m.6 views

Vulnerabilities fixed in Fortinet FortiClient

Fortinet has fixed vulnerabilities in FortiClient for Windows and macOS. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary commands on the system. Fortinet has released updates to fix the vulnerabilities. See attached references for...

8.8CVSS7.8AI score0.00462EPSS
Exploits0References4
NCSC
NCSC
added 2024/11/13 12:38 p.m.6 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS Cross-Site Scripting XSS. Increased user privileges Remote code execution User...

9.1CVSS7.5AI score0.02014EPSS
Exploits0References1
NCSC
NCSC
added 2024/11/12 6:57 p.m.6 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass a security measure and execute arbitrary code with user privileges, potentially gaining access to sensitive data in the victim's context. For successful abuse, the malicio...

7.8CVSS7.3AI score0.02072EPSS
Exploits0
NCSC
NCSC
added 2024/11/07 8:55 a.m.6 views

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco fixed vulnerabilities in Identity Services Engine ISE The vulnerabilities are located in the management interface and allow a malicious person to perform a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive...

6.5CVSS7AI score0.00545EPSS
Exploits0References2
NCSC
NCSC
added 2024/11/07 8:47 a.m.6 views

Vulnerability fixed in Cisco Catalyst access points

Cisco has fixed a vulnerability in the Unified Industrial Wireless Software for Catalyst Heavy Duty Access Points. A malicious party could exploit the vulnerability to execute arbitrary commands on the underlying operating system without prior authentication. The vulnerability is located in the...

10CVSS7.6AI score0.03146EPSS
Exploits0References1
NCSC
NCSC
added 2024/10/17 1:18 p.m.6 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed vulnerabilities in Enterprise Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code User privileges - Execution of arbitrary code Administrator...

9.8CVSS7.6AI score0.01433EPSS
Exploits1References1
NCSC
NCSC
added 2024/10/17 1:17 p.m.6 views

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code User privileges - Executio...

9.8CVSS7.8AI score0.17044EPSS
Exploits4References1
NCSC
NCSC
added 2024/10/17 1:16 p.m.6 views

Vulnerabilities fixed in Oracle Peoplesoft

Oracle has fixed vulnerabilities in Peoplesoft. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service DoS, or to access and potentially manipulate personal sensitive data in the database. Oracle has released updates to fix the vulnerabilities. See attached references fo...

9.8CVSS7.1AI score0.03174EPSS
Exploits1References1
NCSC
NCSC
added 2024/10/14 12:14 p.m.6 views

Vulnerabilities fixed in Moxa systems

Moxa has fixed vulnerabilities in several network components. A malicious party could exploit the vulnerabilities to modify configurations and execute arbitrary code on the vulnerable system. Moxa has released updates to fix the vulnerabilities. See attached references for more information...

9.4CVSS8AI score0.01385EPSS
Exploits0References1
NCSC
NCSC
added 2024/10/10 11:19 a.m.6 views

Vulnerabilities fixed in Juniper JunOS and JunOS Evolved

Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service by sending malformed BGP traffic. Juniper has made updates available to fix the vulnerabilities. See attached references for more information...

8.7CVSS7.2AI score0.00438EPSS
Exploits0References4
NCSC
NCSC
added 2024/10/09 9:49 a.m.6 views

Vulnerabilities fixed in Ivanti Cloud Services Appliance

Ivanti has fixed three vulnerabilities in Cloud Services Appliance. An authenticated malicious person who already has admin rights can exploit the vulnerabilities to remotely execute code and SQL statements, or bypass restrictions through path traversal. Ivanti reports that users of version 4.6...

9.4CVSS7.8AI score0.98557EPSS
Exploits2References1
NCSC
NCSC
added 2024/10/08 8:2 p.m.6 views

Vulnerabilities fixed in Microsoft System Center

Microsoft has fixed vulnerabilities in System Center. A malicious person could exploit the vulnerabilities to impersonate another user, or execute arbitrary code with administrator privileges. To successfully achieve code execution, the malicious party must have LAN access to the system on which...

9.8CVSS7.3AI score0.60661EPSS
Exploits3
NCSC
NCSC
added 2024/10/08 7:57 p.m.6 views

Vulnerabilities fixed in Microsoft Azure components

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges or execute code with administrator privileges. Azure Monitor: |----------------|------|-------------------------------------| | CVE ID | CVS...

9.1CVSS7.1AI score0.01609EPSS
Exploits0
NCSC
NCSC
added 2024/09/26 9:0 a.m.6 views

Vulnerabilities fixed in Aruba Networks ArubaOS

Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the vulnerable system without prior authentication. For successful abuse, the malicious party must have access to the PAPI port udp 8211. It is good practice n...

9.8CVSS7.7AI score0.01486EPSS
Exploits0References1
NCSC
NCSC
added 2024/09/13 5:0 p.m.6 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges...

10CVSS7.8AI score0.59257EPSS
Exploits3References1
NCSC
NCSC
added 2024/09/10 6:23 p.m.6 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges, access sensitive data or execute code with potentially SYSTEM privileges. Successful exploitation of the...

8.8CVSS7.2AI score0.51461EPSS
Exploits0
NCSC
NCSC
added 2024/09/06 8:2 a.m.6 views

Vulnerability fixed in Kemp LoadMaster

Kemp Technologies has fixed a vulnerability in Kemp LoadMaster and Progress LoadMaster. A malicious party could exploit the vulnerability to execute arbitrary commands on the vulnerable system without prior authentication via specially prepared HTTP calls. For successful abuse, the malicious part...

10CVSS7.7AI score0.44069EPSS
Exploits1References1
NCSC
NCSC
added 2024/08/19 11:37 a.m.6 views

Vulnerability fixed in Kubernetes

A vulnerability has been fixed in Kubernetes. The vulnerability is in the ingress-nginx module and allows a malicious person with permissions to create ingress objects to bypass a security measure to execute arbitrary code with permissions from the ingress-nginx controller. In a standard...

8.8CVSS9.5AI score0.27018EPSS
Exploits0References1
NCSC
NCSC
added 2024/08/14 12:44 p.m.6 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A malicious party could exploit the vulnerability to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file...

7.8CVSS7.6AI score0.00315EPSS
Exploits0References1
NCSC
NCSC
added 2024/07/25 11:28 a.m.6 views

Vulnerabilities fixed in Docker Moby

A vulnerability has been fixed in Docker Moby. The vulnerability allows a malicious party to increase privileges via an API request by bypassing a security measure. This vulnerability is only exploitable when using an AuthZ plugin to manage access rights. The Docker team has released an update to...

9.9CVSS6.5AI score0.16496EPSS
Exploits0References3
NCSC
NCSC
added 2024/07/22 9:17 a.m.6 views

Vulnerability fixed in Broadcom Symantec Privileged Access Management

Broadcom has fixed vulnerabilities in Broadcom Symantec Privileged Access Management. A malicious person could exploit the vulnerabilities to execute arbitrary code on the system or manipulate the operation of the system. The vulnerabilities with characteristics CVE-2024-36455, CVE-2024-36456 and...

9.4CVSS7.7AI score0.00939EPSS
Exploits0References6
NCSC
NCSC
added 2024/07/17 1:55 p.m.6 views

Vulnerabilities fixed in Oracle Virtualization

Vulnerabilities have been fixed in Oracle Virtualization. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Remote code execution User rights Oracle has made updates available to...

8.2CVSS8.7AI score0.00457EPSS
Exploits0References5
NCSC
NCSC
added 2024/07/17 1:54 p.m.6 views

Vulnerabilities fixed in Oracle Java SE

Vulnerabilities have been fixed in Oracle Java SE. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...

8.2CVSS7AI score0.87211EPSS
Exploits1References9
NCSC
NCSC
added 2024/07/17 1:54 p.m.6 views

Vulnerability fixed in Oracle Hyperion

A vulnerability has been fixed in Oracle Hyperion. A malicious party could exploit the vulnerability to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Oracle has made updates available to fix the vulnerabilities. See the references for more...

5.5CVSS7.8AI score0.00144EPSS
Exploits0References3
NCSC
NCSC
added 2024/07/09 6:46 p.m.6 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to cause a Denial-of-Service. Successful exploitation requires the malicious party to win a race condition. .NET and Visual...

8.1CVSS7.4AI score0.02915EPSS
Exploits0
NCSC
NCSC
added 2024/07/09 6:40 p.m.6 views

Vulnerabilities fixed in Microsoft Windows SQL Server

Microsoft has fixed vulnerabilities in Windows SQL Server. The vulnerabilities are in the Native Client of SQL Server and allow a malicious person to execute arbitrary code in the victim's context, potentially gaining access to sensitive data in Database environments to which the victim has acces...

8.8CVSS7.8AI score0.01854EPSS
Exploits0
NCSC
NCSC
added 2024/07/03 7:16 a.m.6 views

Vulnerability fixed in Juniper JunOS

Juniper has fixed a vulnerability in JunOS Specifically for SRX series systems The vulnerability is in how the Packet Forwarding Engine PFE on vulnerable SRX systems processes traffic. Certain, albeit legitimate, traffic can cause the PFE to crash. A malicious party can exploit the vulnerability ...

7.5CVSS6.9AI score0.00495EPSS
Exploits0References1
NCSC
NCSC
added 2024/07/01 3:37 p.m.6 views

Vulnerability fixed in OpenSSH

The developers of OpenSSH have fixed a vulnerability in OpenSSH The vulnerability allows a malicious party to execute arbitrary code with privileges of the sshd process without prior authentication. It cannot be ruled out that the ssh process is running with elevated privileges, making it possibl...

9.3CVSS7.9AI score0.99506EPSS
Exploits68References2
Total number of security vulnerabilities4190