Lucene search
K
NcscMost viewed

4189 matches found

NCSC
NCSC
•added 2023/06/23 12:0 a.m.•6 views

Vulnerabilities fixed in Fortinet FortiNAC

Fortinet has fixed vulnerabilities in FortiNAC. A unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code or manipulate files on the FortiNAC system. This requires malicious network traffic must be sent to TCP port 1050 or 5555. Fortinet has released updates t...

9.8CVSS7.8AI score0.24296EPSS
Exploits0
NCSC
NCSC
•added 2023/06/22 12:0 a.m.•6 views

Vulnerabilities fixed in Apple macOS, iOS, iPadOS and Safari

Apple has fixed vulnerabilities in macOS, iOS, iPadOS and Safari. An unauthenticated malicious person could exploit them to execute arbitrary code on the vulnerable system. The most serious vulnerability has been assigned attribute CVE-2023-32434 assigned and allows a malicious person to execute...

8.8CVSS8.7AI score0.51517EPSS
Exploits3
NCSC
NCSC
•added 2023/06/17 12:0 a.m.•6 views

Vulnerabilities fixed in Mattermost

The developers of Mattermost have fixed vulnerabilities in Mattermost. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, bypass, manipulate the operation of the application and thus gain access gain access to channels and conversations to...

6.5CVSS7.1AI score0.00678EPSS
Exploits0
NCSC
NCSC
•added 2023/06/16 12:0 a.m.•6 views

Vulnerabilities fixed in Liferay Portal and DXP

Liferay has fixed vulnerabilities in Portal and DXP. A malicious party can exploit the vulnerabilities for various redirection attacks, such as Cross-site Scripting XSS and Cross-Source-Request-Forgery CSRF. Such attacks can lead to execution of script code in the context of the victim's browser,...

8.8CVSS6.7AI score0.00468EPSS
Exploits0
NCSC
NCSC
•added 2023/06/15 12:0 a.m.•6 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. A local malicious party can exploit the vulnerabilities to gain elevated permissions and affect the operation of Apex One, or to execute arbitrary code with elevated privileges. Trend Micro has released updates to address the vulnerabilities fixe...

7.8CVSS8AI score0.00306EPSS
Exploits0
NCSC
NCSC
•added 2023/06/13 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. A authenticated malicious person with the ability to Powershell scripts can execute the vulnerabilities exploit them to execute arbitrary code with permissions from the application. Microsoft Exchange Server:...

8.8CVSS7.3AI score0.81775EPSS
Exploits0
NCSC
NCSC
•added 2023/06/13 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Power Apps and Dynamics. An authenticated malicious person could exploit the vulnerabilities to impersonate another user and execute arbitrary code execute arbitrary code with privileges of that user. Microsoft Power Apps:...

5.4CVSS7.2AI score0.01488EPSS
Exploits0
NCSC
NCSC
•added 2023/06/08 12:0 a.m.•6 views

Vulnerabilities fixed in VMware Aria Operations Networks

VMware has fixed vulnerabilities in Aria Operations Networks aka vRealize Network Insight. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code on the underlying system. The most serious vulnerability has been labeled CVE-2023-20887 an...

9.8CVSS8.6AI score0.98281EPSS
Exploits7
NCSC
NCSC
•added 2023/06/08 12:0 a.m.•6 views

Vulnerability fixed in Cisco ASA and Firepower Threat defense

Cisco has fixed a vulnerability in ASA and FTD. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the vulnerable system. The vulnerability is in the way ASA and FTD handle SSL/TLS traffic. Cisco has released updates to fix the vulnerability i...

8.6CVSS6.8AI score0.00919EPSS
Exploits0
NCSC
NCSC
•added 2023/06/07 12:0 a.m.•6 views

Vulnerabilities fixed in GeoServer

GeoServer has fixed vulnerabilities in the OGC filters of GeoServer and GeoTools. A malicious party can exploit exploit the vulnerabilities to improperly access publicly access publicly accessible data or execute arbitrary SQL code on the underlying database. execute arbitrary SQL code on the...

9.8CVSS8.2AI score0.85247EPSS
Exploits2
NCSC
NCSC
•added 2023/06/05 12:0 a.m.•6 views

Vulnerabilities fixed in IBM Aspera Connect and Aspera Cargo

IBM has fixed vulnerabilities in Aspera Connect and Aspera Cargo. A malicious party could exploit the vulnerabilities to access gain access to login credentials, or to be able to execute arbitrary code execute with application privileges. IBM has released updates to fix the vulnerabilities in...

8.4CVSS7.3AI score0.00545EPSS
Exploits0
NCSC
NCSC
•added 2023/06/01 12:0 a.m.•6 views

Vulnerability fixed in VMWare Workspace ONE and Identity Manager

VMWare has fixed a vulnerability in Workspace ONE and Identity Manager vIDM. A malicious party could exploit it for a redirect attack, thus tricking the victim into trick the victim into contacting a server under its own control. This may allow the malicious party to obtain login credentials and...

6.1CVSS6.8AI score0.00348EPSS
Exploits0
NCSC
NCSC
•added 2023/06/01 12:0 a.m.•6 views

Vulnerabilities fixed in Joomla!

Joomla! has fixed vulnerabilities in the MultiFactor Authentication system of Joomla! CMS. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack, or to use brute force to access the account. forcing to gain access to a user's account and...

7.5CVSS6.9AI score0.0056EPSS
Exploits0
NCSC
NCSC
•added 2023/05/30 12:0 a.m.•6 views

Vulnerabilities fixed in Dell EMC Powerpath

Dell has fixed vulnerabilities in Powerpath. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute code with SYSTEM privileges, or to gain access to the license key and thereby perform unauthorized new installations. Dell has released updat...

7.8CVSS7.6AI score0.00176EPSS
Exploits0
NCSC
NCSC
•added 2023/05/19 12:0 a.m.•6 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

9.8CVSS8.3AI score0.1653EPSS
Exploits1
NCSC
NCSC
•added 2023/05/19 12:0 a.m.•6 views

Vulnerabilities fixed in Tracker Software PDF-Xchange

Tracker Software has fixed vulnerabilities in PDF-Xchange. A malicious party could exploit the vulnerabilities to cause a denial-of-service and potentially execute code with privileges of the victim. This requires the malicious party to trick the victim into opening a malicious file to open...

7.8CVSS7.4AI score0.00579EPSS
Exploits0
NCSC
NCSC
•added 2023/05/15 12:0 a.m.•6 views

Vulnerability fixed in Netapp SnapCenter

Netapp has fixed a vulnerability in SnapCenter. A unauthenticated malicious party could exploit the vulnerability to gain access to the backup environment with administrator privileges. This allows the malicious party to gain access to sensitive information, manipulate data or cause a...

9.8CVSS7AI score0.00957EPSS
Exploits0
NCSC
NCSC
•added 2023/05/10 12:0 a.m.•6 views

Firmware and Intel Boot Guard keys leaked in ransomware attack on MSI

In late March, hardware manufacturer MSI was hit by a ransomware attack. As a result of this ransomware attack, private keys were according to security firm Binarly, private keys were leaked that are used to digitally sign firmware for motherboards. Also compromised were private keys used by Inte...

6.3AI score
Exploits0
NCSC
NCSC
•added 2023/05/08 12:0 a.m.•6 views

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person with user privileges could exploit the vulnerability to use a GraphQL endpoint to install rogue runners in any project within the environment and thus execute arbitrary code execute. GitL...

9.6CVSS7.2AI score0.05042EPSS
Exploits0
NCSC
NCSC
•added 2023/04/20 12:0 a.m.•6 views

Vulnerabilities fixed in Xwiki

The developers of Xwiki have released updates to fix the vulnerabilities fixed in Xwiki 15.0-rc-1, 14.10.1, 14.4.8 & 13.10.11. For more information, see: https://github.com/xwiki/xwiki-platform/security/advisories /GHSA-jgrg-qvpp-9vwr https://github.com/xwiki/xwiki-platform/security/advisories...

9.9CVSS6.9AI score0.65869EPSS
Exploits4
NCSC
NCSC
•added 2023/04/20 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle JD Edwards

Vulnerabilities have been fixed in Oracle JD Edwards products. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User Rights Access to...

10CVSS7AI score0.44881EPSS
Exploits8
NCSC
NCSC
•added 2023/04/20 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Peoplesoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data...

10CVSS7.7AI score0.17673EPSS
Exploits6
NCSC
NCSC
•added 2023/04/19 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle Essbase

Oracle has fixed vulnerabilities in Oracle Essbase. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to gain access to sensitive data. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...

9.8CVSS6.6AI score0.04494EPSS
Exploits6
NCSC
NCSC
•added 2023/04/13 12:0 a.m.•6 views

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in AIX. The vulnerabilities allow a local, authenticated user to execute arbitrary execute commands on the system. Even those for which the malicious user is not initially authorized to do. IBM has released updates to fix the vulnerabilities in AIX. For more...

8.4CVSS7.1AI score0.01457EPSS
Exploits3
NCSC
NCSC
•added 2023/04/12 12:0 a.m.•6 views

Vulnerabilities fixed in Fortinet FortiSandbox

Fortinet has fixed vulnerabilities in FortiSandbox. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, or to gain access to sensitive data from within the underlying system. Fortinet has released updates to fix the vulnerabilities in FortiSandbox. For mo...

8.8CVSS7.2AI score0.00975EPSS
Exploits0
NCSC
NCSC
•added 2023/04/12 12:0 a.m.•6 views

Vulnerabilities fixed in FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious person with access to the management interface can exploit the vulnerability with attribute CVE-2022-41330 to exploit it to perform a cross-site scripting XSS attack. Such an attack can lead to execution of arbitrary code i...

8.8CVSS6.5AI score0.00645EPSS
Exploits0
NCSC
NCSC
•added 2023/04/11 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

9.8CVSS7.8AI score0.95454EPSS
Exploits22
NCSC
NCSC
•added 2023/04/11 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in the Azure components Service Connector and Machine Learning. A malicious party could exploit the vulnerabilities to bypass internal firewall rules, or to gain access to logging data. The malicious party must be authenticated with the appropriate...

7.5CVSS6.3AI score0.01752EPSS
Exploits0
NCSC
NCSC
•added 2023/04/04 12:0 a.m.•6 views

Vulnerabilities fixed in Dell EMC Networker

Dell has fixed vulnerabilities in EMC Networker. A authenticated malicious person could exploit the vulnerabilities to bypass security measures or execute arbitrary code execute application privileges on the underlying system. Under normal circumstances, the application runs with limited...

9.8CVSS7.3AI score0.01478EPSS
Exploits0
NCSC
NCSC
•added 2023/04/04 12:0 a.m.•6 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that...

9.8CVSS8.9AI score0.12588EPSS
Exploits7
NCSC
NCSC
•added 2023/03/28 12:0 a.m.•6 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

9.8CVSS7.6AI score0.1654EPSS
Exploits8
NCSC
NCSC
•added 2023/03/28 12:0 a.m.•6 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root righ...

9.8CVSS7.8AI score0.09426EPSS
Exploits0
NCSC
NCSC
•added 2023/03/16 12:0 a.m.•6 views

Vulnerability fixed in Adobe Creative Cloud Desktop Application

Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A local malicious person could abuse the vulnerability to execute arbitrary code. The malicious party does not need prior authorizations on the application. Adobe has released updates to fix the vulnerability in Creative Cloud...

8.6CVSS7.1AI score0.00355EPSS
Exploits0
NCSC
NCSC
•added 2023/03/16 12:0 a.m.•6 views

Vulnerabilities fixed in Adobe Dimension

Adobe has fixed vulnerabilities in Dimension. A local malicious person could exploit the vulnerabilities to execute arbitrary code execute with application privileges, or to access gain access to sensitive data in the context of the application. Adobe has released updates to fix the vulnerabiliti...

7.8CVSS7.3AI score0.00437EPSS
Exploits0
NCSC
NCSC
•added 2023/03/08 12:0 a.m.•6 views

Vulnerability fixed in FortiOS

FortiNet has fixed a vulnerability in FortiOS. The vulnerability is located in the management environment and allows an unauthenticated malicious person, with access to that management interface, be able to perform a denial-of-service on the management interface, or execute arbitrary code on the...

9.8CVSS7.7AI score0.17797EPSS
Exploits1
NCSC
NCSC
•added 2023/03/07 12:0 a.m.•6 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...

9.8CVSS7.1AI score0.01445EPSS
Exploits1
NCSC
NCSC
•added 2023/03/02 12:0 a.m.•6 views

Vulnerability fixed in Cisco Finesse and Unified Contact Center

Cisco has fixed a vulnerability in Finesse and Unified Contact Center. The vulnerability is in the nginx component. When configured as a reverse proxy, an unauthenticated remote malicious person could exploit it to cause a denial-of-service on the system. Cisco has released updates to fix the...

7.5CVSS6.9AI score0.00795EPSS
Exploits0
NCSC
NCSC
•added 2023/03/02 12:0 a.m.•6 views

Vulnerabilities fixed in HP Serviceguard

HP has fixed vulnerabilities in Serviceguard. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or possibly to execute arbitrary code with application privileges. HP has released updates to fix the vulnerabilities in Serviceguard linux A.15.00.00 and A.12.80.05. F...

9.8CVSS7.7AI score0.00787EPSS
Exploits0
NCSC
NCSC
•added 2023/02/20 12:0 a.m.•6 views

Vulnerabilities fixed in IBM MQ Operator and Queue Manager

IBM has fixed vulnerabilities in MQ Operator and Queue Manager. An unauthenticated malicious person could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system. The vulnerabilities are located in the underlying libksba and sqlite libraries. IBM...

9.8CVSS9.7AI score0.19193EPSS
Exploits4
NCSC
NCSC
•added 2023/02/16 12:0 a.m.•6 views

Vulnerabilities fixed in Git and GitLab

The Git community has fixed vulnerabilities in Git. A malicious party with a repository under its control could exploit the vulnerabilities to gain access to sensitive data, or overwrite arbitrary files on the system of the victim's system. The vulnerability is in the way Git handles symbolic...

7.5CVSS9.7AI score0.01144EPSS
Exploits3
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office components. For an overview of the vulnerabilities, see list below. The most serious vulnerability is in MS Word and has attribute CVE-2023-21716 assigned. This vulnerability allows a remote malicious person to execute arbitrary code with user...

9.8CVSS7AI score0.82302EPSS
Exploits11
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to...

9.8CVSS7.1AI score0.43172EPSS
Exploits0
NCSC
NCSC
•added 2023/02/14 12:0 a.m.•6 views

Vulnerabilities fixed in IBM Qradar SIEM

IBM has fixed several vulnerabilities in Qradar SIEM. The vulnerabilities are in underlying third-party products and have been previously fixed by the relevant developers and already previously described in previous security advisories. IBM is now bundling these updates now in the latest version ...

9.8CVSS6.2AI score0.06451EPSS
Exploits6
NCSC
NCSC
•added 2023/02/06 12:0 a.m.•6 views

Vulnerability fixed in Dell EMC Networker

Dell has fixed a vulnerability in EMC Networker client. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. The vulnerability can be exploited when the Networker Client uses the oldauth authentication method. Dell has released...

9.8CVSS7.5AI score0.0103EPSS
Exploits0
NCSC
NCSC
•added 2023/02/06 12:0 a.m.•6 views

Vulnerability fixed in Dell Repository Manager

Dell has fixed a vulnerability in Repository Manager. A local malicious person could exploit the vulnerability to execute arbitrary code on the underlying operating system. The vulnerability can be exploited during the installation of systems. Dell has released updates to fix the vulnerability in...

7.8CVSS7.4AI score0.00132EPSS
Exploits0
NCSC
NCSC
•added 2023/02/02 12:0 a.m.•6 views

Vulnerabilities fixed in F5 BIG-IP

F5 has incorporated several vulnerabilities into BIG-IP. A malicious party could exploit the vulnerabilities to bypass security measures to enable traffic that is not permitted. Also, a malicious party could exploit the vulnerabilities to cause a denial-of-service on sub-processes of the BIG-IP...

8.5CVSS7.5AI score0.72646EPSS
Exploits0
NCSC
NCSC
•added 2023/02/01 12:0 a.m.•6 views

Vulnerability fixed in VMware vRealize Operations

A vulnerability has been fixed in VMware vRealize Operations. A malicious person with user privileges within the same network is able to able to bypass Cross-Site Request Forgery CSRF protection. As a result, a malicious party may be able to launch a CSRF attack cross-site request forgery attack ...

8.8CVSS6.5AI score0.00404EPSS
Exploits0
NCSC
NCSC
•added 2023/01/27 12:0 a.m.•6 views

Vulnerability remedied in Keycloak

A vulnerability has been fixed in Keycloak. A malicious party can exploit the vulnerability to gain access via path-traversal to sensitive data. The vulnerability is caused by the fact that URL redirects where the client accepts wildcards are not correctly are processed correctly. -= Red Hat =- R...

9.1CVSS6.7AI score0.05796EPSS
Exploits0
NCSC
NCSC
•added 2023/01/26 12:0 a.m.•6 views

Vulnerability found in KeePass

A vulnerability has been found in KeePass. A malicious person could potentially exploit the vulnerability to gain access to data stored in a KeePass database. This could include usernames, passwords and email addresses. Successful misuse requires that the malicious party have access to the system...

5.5CVSS6.1AI score0.03661EPSS
Exploits2
NCSC
NCSC
•added 2023/01/12 12:0 a.m.•6 views

Vulnerabilities fixed in Juniper Junos OS

Juniper has fixed vulnerabilities in Junos OS for several products. A malicious party could potentially exploit them to cause a denial-of-service. The vulnerabilities CVE-2023-22391, CVE-2023-22396, CVE-2023-22399 and CVE-2023-22403 can be exploited by an unauthenticated malicious person via the...

7.5CVSS6.8AI score0.00644EPSS
Exploits0
Total number of security vulnerabilities4189