Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2024/12/06 11:49 a.m.•5 views

Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series

ABB has fixed vulnerabilities in ABB ASPECT, NEXUS Series and MATRIX Series Specifically for versions up to 3.08.02. The vulnerabilities include unauthorized access to files on the Web server, which can lead to data leakage or unauthorized data manipulation. In addition, serious vulnerabilities...

10CVSS8AI score0.1901EPSS
Exploits48References1
NCSC
NCSC
•added 2024/12/06 11:47 a.m.•5 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities in Veeam Backup & Replication allow low-privileged users to remotely execute code, extract stored credentials in plain text, launch an agent in server mode, manipulate configurations within the virtual...

8.8CVSS7.2AI score0.14009EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/26 1:25 p.m.•5 views

Vulnerabilities fixed in VMware Aria Operations

VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include local privilege escalation and stored cross-site scripting XSS. Local privilege escalation allows an attacker with local administrative privileges to increase their access to the root user level on the device,...

7.8CVSS7.1AI score0.00449EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/20 10:0 a.m.•5 views

Vulnerabilities fixed in Apple macOS and Safari

Apple has fixed several vulnerabilities in macOS and Safari. Two vulnerabilities CVE-2024-44308 & CVE-2024-44309 in present in macOS Sequoia and Safari 18.1.1 can lead to execution of arbitrary code. Apple indicates that active exploits of these vulnerabilities have been taking place on Intel-bas...

8.8CVSS8.6AI score0.21044EPSS
Exploits1References2
NCSC
NCSC
•added 2024/11/20 8:41 a.m.•5 views

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has actively fixed exploited vulnerabilities in PAN-OS. UPDATE Public PoC has now appeared to exploit CVE-2024-0012. The vulnerability with attribute CVE-2024-0012 allows a malicious person with access to the management web interface to gain administrator privileges. Through th...

9.8CVSS8.2AI score0.99698EPSS
Exploits18References2
NCSC
NCSC
•added 2024/11/19 3:3 p.m.•5 views

Vulnerability fixed in GitHub CLI

GitHub has fixed a vulnerability in GitHub CLI Specifically for versions 2.6.1 and earlier. The vulnerability is in how GitHub CLI manages SSH connection details. This could allow malicious actors to execute arbitrary code on the user's workstation when connecting to a malicious Codespace SSH...

9.6CVSS7.7AI score0.00861EPSS
Exploits0References2
NCSC
NCSC
•added 2024/11/18 11:8 a.m.•5 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.1 and earlier. The vulnerabilities in Adobe Illustrator allow attackers to read sensitive data, execute arbitrary code and can lead to a Denial-of-Service. These vulnerabilities require users to open a specifically crafted malicio...

7.8CVSS7.7AI score0.00328EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/13 10:42 a.m.•5 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - SQL Injection - Circumvention of security measure - Execution of arbitrary code on the server Ivanti has released...

9.8CVSS8.2AI score0.67711EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/07 8:51 a.m.•5 views

Vulnerabilities fixed in Aruba Networks ArubaOS

Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the underlying operating system. For successful abuse, the malicious party must have access to the management interface, or command-line. It is good practice n...

9.8CVSS7.7AI score0.01979EPSS
Exploits0References1
NCSC
NCSC
•added 2024/10/17 1:17 p.m.•5 views

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code User privileges - Executio...

9.8CVSS7.8AI score0.17044EPSS
Exploits4References1
NCSC
NCSC
•added 2024/10/11 7:3 a.m.•5 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed a vulnerability in Connect Secure and Policy Secure. UPDATE: POC code is now available online for this vulnerability. An authenticated malicious person with access to the admin portal of Connect Secure or Policy Secure can exploit the vulnerability to execute code remotely. Ivant...

9.1CVSS7.1AI score0.67291EPSS
Exploits1References1
NCSC
NCSC
•added 2024/10/09 9:49 a.m.•5 views

Vulnerabilities fixed in Ivanti Cloud Services Appliance

Ivanti has fixed three vulnerabilities in Cloud Services Appliance. An authenticated malicious person who already has admin rights can exploit the vulnerabilities to remotely execute code and SQL statements, or bypass restrictions through path traversal. Ivanti reports that users of version 4.6...

9.4CVSS7.8AI score0.98557EPSS
Exploits2References1
NCSC
NCSC
•added 2024/10/08 8:0 p.m.•5 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office components. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data in the victim's context. Successful exploitation requires the malicious party to tric...

7.8CVSS7.3AI score0.06103EPSS
Exploits0
NCSC
NCSC
•added 2024/09/30 9:41 a.m.•5 views

Vulnerabilities fixed in Foxit PDF Editor and PDF Reader

Foxit has fixed vulnerabilities in PDF Editor and PDF Reader. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code in the context of the application, potentially gaining access to sensitive data. Successful exploitation requires t...

8.8CVSS7.8AI score0.0193EPSS
Exploits1References1
NCSC
NCSC
•added 2024/09/24 7:31 a.m.•5 views

Vulnerability fixed in pgAdmin

pgAdmin has fixed a vulnerability in pgAdmin 8.11. A malicious party could exploit the vulnerability to gain access to sensitive data. pgAdmin has released an update to fix the vulnerability. See attached references for more information...

9.9CVSS6.9AI score0.09685EPSS
Exploits2References2
NCSC
NCSC
•added 2024/09/18 11:25 a.m.•5 views

Vulnerabilities fixed in Docker Desktop

Vulnerabilities have been fixed in Docker Desktop. A malicious party can exploit the vulnerabilities to execute arbitrary code in the context of the Desktop application. Since the Docker Desktop is mostly used by developers, it cannot be ruled out that the execution of arbitrary code can take pla...

9.8CVSS8AI score0.01251EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/13 8:40 a.m.•5 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in IOS XR. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or execute arbitrary code on the vulnerable system. To cause a Denial-of-Service, the malicious party does not need prior authentication. To execute arbitrary code, the...

8.8CVSS7.7AI score0.00596EPSS
Exploits0References4
NCSC
NCSC
•added 2024/09/10 6:27 p.m.•5 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data and potentially execute commands with Administrator privileges. Abuse is not easy and requires prior authentication a...

9.9CVSS7.1AI score0.01595EPSS
Exploits0
NCSC
NCSC
•added 2024/09/10 6:22 p.m.•5 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. Most of the vulnerabilities are in SQL Native Scoring and allow a malicious person to assign themselves elevated privileges, access sensitive data and execute arbitrary code within the SQL Server. Successful exploitation requires the malicious...

9.8CVSS7.9AI score0.02193EPSS
Exploits0
NCSC
NCSC
•added 2024/09/03 9:45 a.m.•5 views

Vulnerability fixed in Zyxel Access Points and Secure Routers

Zyxel has fixed a vulnerability in several types of Access Points and Secure Routers. The vulnerability is in the way the cgi system processes the 'host' parameter and allows a malicious person to execute OS-level commands. For successful exploitation, the malicious party must have access to the...

9.8CVSS7.1AI score0.11269EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/02 11:51 a.m.•5 views

Vulnerabilities fixed in Progress WhatsUp Gold

Progress has fixed vulnerabilities in WhatsUp Gold. A malicious party can exploit the vulnerabilities to retrieve or change the password of the application user in a Single User installation, or in a Multi User installation to change the password of a user with elevated privileges through an...

9.8CVSS7.6AI score0.94661EPSS
Exploits2References1
NCSC
NCSC
•added 2024/08/30 1:42 p.m.•5 views

Vulnerabilities fixed in Progress WS_FTP server

Progress has fixed vulnerabilities in WSFTP server. A malicious party can exploit the vulnerabilities to bypass two-factor authentication, which allows it to log in with just username and password. Also, through directory traversal, the malicious party may be able to gain access to files that the...

8.1CVSS7.3AI score0.00688EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/19 11:37 a.m.•5 views

Vulnerability fixed in Kubernetes

A vulnerability has been fixed in Kubernetes. The vulnerability is in the ingress-nginx module and allows a malicious person with permissions to create ingress objects to bypass a security measure to execute arbitrary code with permissions from the ingress-nginx controller. In a standard...

8.8CVSS9.5AI score0.27018EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:42 p.m.•5 views

Vulnerabilities fixed in Adobe Dimension

Adobe has fixed vulnerabilities in Dimension. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe...

7.8CVSS7.9AI score0.00386EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:38 p.m.•5 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with user privileges and potentially obtain sensitive data. Successful exploitation requires the malicious party to trick the victim into openin...

7.8CVSS7.8AI score0.00301EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 9:54 a.m.•5 views

Vulnerabilities fixed in Ivanti Neurons for ITSM

Ivanti has fixed vulnerabilities in Neurons for ITSM. A malicious party could exploit the vulnerabilities to obtain login credentials to gain access to the vulnerable system. Ivanti has released updates to fix the vulnerabilities. See attached references for more information...

9.8CVSS7.4AI score0.01639EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/13 1:47 p.m.•5 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in various products such as SAP Business Objects, SAP HANA, Netweaver and Document Builder. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Server Side Request Forgery SSRF. - Cross-Site...

9.8CVSS7AI score0.75866EPSS
Exploits3References1
NCSC
NCSC
•added 2024/07/30 8:45 a.m.•5 views

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer SFTP A malicious party can exploit the vulnerability to grant themselves elevated privileges, potentially gaining access to files that the malicious party is not initially authorized to access. Progress has released updates to fix the...

9.8CVSS6.9AI score0.00644EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/24 2:37 p.m.•5 views

Vulnerability found in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution User rights Remote code execution...

9.8CVSS7.8AI score0.02292EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/18 12:46 p.m.•5 views

Vulnerabilities fixed in Cisco Secure Email Gateway

Two vulnerabilities have been fixed in Cisco Secure Email Gateway. The most serious vulnerability concerns CVE-2024-20401 and allows an unauthenticated malicious person, through sending a mail with specially prepared attachment: Add users with root privileges Modify the configuration of the devic...

9.8CVSS7.8AI score0.02278EPSS
Exploits0References6
NCSC
NCSC
•added 2024/07/18 12:0 p.m.•5 views

Vulnerability found in Ivanti Endpoint Manager

A vulnerability has been found in Ivanti Endpoint Manager EPM 2024. Other versions of Ivanti Endpoint Manager are not known to be vulnerable. The vulnerability allows an authenticated attacker who is on the same network to execute arbitrary code via SQL injection. Ivanti has no indication that th...

8.4CVSS8.1AI score0.03137EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/09 7:39 p.m.•5 views

Vulnerability fixed in Microsoft System Center Defender for IoT

Microsoft has fixed a vulnerability in Defender for IoT. A malicious party can exploit the vulnerability to break out of the AppContainer for IoT devices and potentially execute arbitrary code on the system where the AppContainer is implemented. Microsoft Defender for IoT:...

9.9CVSS7.3AI score0.01164EPSS
Exploits0
NCSC
NCSC
•added 2024/07/09 7:38 p.m.•5 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. The vulnerabilities allow a malicious party to impersonate another user, gain elevated privileges and potentially execute arbitrary code. Some of the vulnerabilities are in development tooling and are not readily accessible to...

8.8CVSS7.1AI score0.01625EPSS
Exploits0
NCSC
NCSC
•added 2024/07/09 6:46 p.m.•5 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to cause a Denial-of-Service. Successful exploitation requires the malicious party to win a race condition. .NET and Visual...

8.1CVSS7.4AI score0.02915EPSS
Exploits0
NCSC
NCSC
•added 2024/07/09 6:40 p.m.•5 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics. A malicious party can exploit the vulnerability to gain access to the data the victim is accessing or editing through a Man-in-the-Middle attack. For successful abuse, the malicious party must have prior authentication and be on the...

7.3CVSS6.4AI score0.01373EPSS
Exploits0
NCSC
NCSC
•added 2024/07/01 3:37 p.m.•5 views

Vulnerability fixed in OpenSSH

The developers of OpenSSH have fixed a vulnerability in OpenSSH The vulnerability allows a malicious party to execute arbitrary code with privileges of the sshd process without prior authentication. It cannot be ruled out that the ssh process is running with elevated privileges, making it possibl...

9.3CVSS7.9AI score0.99506EPSS
Exploits68References2
NCSC
NCSC
•added 2024/06/25 12:19 p.m.•5 views

Vulnerabilities fixed in WordPress

WordPress developers have fixed vulnerabilities in WordPress. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or possibly access to sensitive data in the context of the...

6.4CVSS7AI score0.00467EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/14 6:34 a.m.•5 views

Vulnerabilities fixed in Nvidia GPU Drivers

Nvidia has fixed vulnerabilities in GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and execute code with elevated privileges, or gain access to sensitive data. Nvidia has released...

7.8CVSS7.6AI score0.00275EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/13 1:37 p.m.•5 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to bypass a security measure and gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. See attached references for more information...

7.5CVSS7.2AI score0.237EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/13 1:34 p.m.•5 views

Vulnerabilities fixed in Adobe FrameMaker Publishing Server

Adobe has fixed vulnerabilities in FrameMaker Publishing Server. A malicious party could exploit the vulnerabilities to bypass authentication and potentially take over the system. In particular, systems that are accessible from public networks without additional measures are at increased risk...

10CVSS7.4AI score0.01051EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/07 7:22 a.m.•5 views

Vulnerabilities fixed in FortiNet FortiWebManager

FortiNet has fixed vulnerabilities in FortiWebManager. A malicious party could exploit the vulnerabilities to bypass a security measure and potentially perform actions that the malicious party is not initially authorized to perform. For successful exploitation, the malicious party must have at...

8.8CVSS7AI score0.00651EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/23 10:57 a.m.•5 views

Vulnerability fixed in Github Enterprise Server

Github has fixed a vulnerability in Github Enterprise Server. A malicious party could exploit the vulnerability to gain access to the Github environment, possibly even as an administrator. The vulnerability is in the way Github handles SAML-Single-Sign-on. If the optional "Security Assertions" ar...

10CVSS7.1AI score0.02573EPSS
Exploits0References4
NCSC
NCSC
•added 2024/05/16 12:42 p.m.•5 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to access sensitive data in the context of the browser. Of the vulnerability with attribute CVE-2024-4947, Google says it has information tha...

9.6CVSS7.3AI score0.15111EPSS
Exploits5References1
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

8.8CVSS9.1AI score0.11471EPSS
Exploits4
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixed vulnerabilities in Dynamics 365 Customer Insights. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the...

7.6CVSS6.8AI score0.00991EPSS
Exploits0
NCSC
NCSC
•added 2024/05/13 12:0 a.m.•5 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed vulnerabilities in BIG-IP. A malicious party could exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Security measure circumvention SQL Injection Accessing sensitive data To perform an...

8CVSS7.2AI score0.07163EPSS
Exploits0
NCSC
NCSC
•added 2024/05/13 12:0 a.m.•5 views

Vulnerabilities fixed in Cacti

Vulnerabilities have been fixed in Cacti. A malicious party could vulnerabilities to bypass authentication, perform an SQL-Injection, execute arbitrary code execution on the server, or to perform a Cross-Site Scripting attack. attack. Such an attack can lead to execution of arbitrary code in the...

9.1CVSS7.4AI score0.86303EPSS
Exploits25
NCSC
NCSC
•added 2024/04/26 12:0 a.m.•5 views

Vulnerability fixed in Rockwell Automation AENFTXT FactoryTalk IP devices

Rockwell Automation has fixed a vulnerability in 5015-AENFTXT IP devices. A malicious party could exploit it to cause a denial-of-service. For successful exploitation, the malicious party must have access to the production environment. It is good practice to have such an infrastructure not to hav...

7.5CVSS6.9AI score0.02615EPSS
Exploits0
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•5 views

Vulnerabilities fixed in Veritas BackupExec

Veritas has fixed vulnerabilities in BackupExec. A local malicious party can exploit the vulnerabilities to execute arbitrary code via a DLL injection to execute arbitrary code, or to remove arbitrary files from the system, potentially causing a Denial-of-Service. No CVE IDs have been disclosed f...

8.2AI score
Exploits0
NCSC
NCSC
•added 2024/04/12 12:0 a.m.•5 views

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to bypass security measures to allow traffic pass through traffic that was not initially authorized. Juniper has release...

9.2CVSS8.3AI score0.01495EPSS
Exploits0
Total number of security vulnerabilities4190