Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2024/05/13 12:0 a.m.•5 views

Vulnerabilities fixed in Cacti

Vulnerabilities have been fixed in Cacti. A malicious party could vulnerabilities to bypass authentication, perform an SQL-Injection, execute arbitrary code execution on the server, or to perform a Cross-Site Scripting attack. attack. Such an attack can lead to execution of arbitrary code in the...

9.1CVSS7.4AI score0.86303EPSS
Exploits25
NCSC
NCSC
•added 2024/04/26 12:0 a.m.•5 views

Vulnerability fixed in Rockwell Automation AENFTXT FactoryTalk IP devices

Rockwell Automation has fixed a vulnerability in 5015-AENFTXT IP devices. A malicious party could exploit it to cause a denial-of-service. For successful exploitation, the malicious party must have access to the production environment. It is good practice to have such an infrastructure not to hav...

7.5CVSS6.9AI score0.02615EPSS
Exploits0
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•5 views

Vulnerabilities fixed in Veritas BackupExec

Veritas has fixed vulnerabilities in BackupExec. A local malicious party can exploit the vulnerabilities to execute arbitrary code via a DLL injection to execute arbitrary code, or to remove arbitrary files from the system, potentially causing a Denial-of-Service. No CVE IDs have been disclosed f...

8.2AI score
Exploits0
NCSC
NCSC
•added 2024/04/12 12:0 a.m.•5 views

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to bypass security measures to allow traffic pass through traffic that was not initially authorized. Juniper has release...

9.2CVSS8.3AI score0.01495EPSS
Exploits0
NCSC
NCSC
•added 2024/04/11 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Animate

Adobe has fixed vulnerabilities in Animate. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code with the privileges of the victim, or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...

7.8CVSS7.8AI score0.00398EPSS
Exploits0
NCSC
NCSC
•added 2024/04/10 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Defender for IoT

Microsoft has fixed vulnerabilities in Defender for IoT. A malicious party can exploit the vulnerabilities to afford elevated permissions and execute arbitrary code with permissions of the process. Microsoft has made updates available that fix the described vulnerabilities described. We recommend...

8.8CVSS7.6AI score0.03199EPSS
Exploits0
NCSC
NCSC
•added 2024/04/08 12:0 a.m.•5 views

Vulnerability fixed in IBM Personal Communications

IBM has fixed a vulnerability in Personal Communications PCOMM. The vulnerability is located in an underlying Windows component and allows a malicious person to afford granted elevated privileges and execute code with privileges of SYSTEM. IBM has released updates to fix the vulnerability in...

10CVSS7.2AI score0.00787EPSS
Exploits0
NCSC
NCSC
•added 2024/03/28 12:0 a.m.•5 views

Vulnerabilities fixed in SugarCRM

Vulnerabilities have been fixed in SugarCRM. A malicious party could exploit the vulnerabilities to launch cross-site scripting or SQL injection attacks, manipulate data or execute code execute code. No CVE IDs have yet been disclosed for the vulnerabilities. SugarCRM has released updates to fix...

7AI score
Exploits0
NCSC
NCSC
•added 2024/03/26 12:0 a.m.•5 views

Vulnerability fixed in Microsoft .NET

Microsoft has fixed a vulnerability in .NET. A malicious party could exploit the vulnerability to gain access to sensitive data. Microsoft has made available an update that fixes the described vulnerability described. We recommend that you install. More information about the vulnerability, the...

7.5CVSS6.5AI score0.98624EPSS
Exploits1
NCSC
NCSC
•added 2024/03/20 12:0 a.m.•5 views

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products such as Bamboo, Bitbucket, Jira and Confluence. A malicious party can exploit the exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights SQL...

8.8CVSS7.6AI score0.17673EPSS
Exploits14
NCSC
NCSC
•added 2024/03/19 12:0 a.m.•5 views

Vulnerability fixed in Autodesk

Autodesk has fixed a vulnerability in DWG Trueview. A malicious party can exploit the vulnerability to cause a denial-of-service, execute arbitrary code with application privileges, or to gain access to sensitive data in the context of the application. Successful exploitation requires the malicio...

7.8CVSS7.4AI score0.0047EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•5 views

Vulnerability fixed in Schneider Electric EcoStruxure Power Design

Schneider Electric has fixed a vulnerability in EcoStruxure Power Design. A malicious party could exploit the vulnerability to execute arbitrary code with privileges of the Power Design user. Successful exploitation requires the malicious party to trick the victim into opening and executing a rog...

7.8CVSS7.4AI score0.00423EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•5 views

Vulnerability fixed in JFrog Artifactory

JFrog has fixed a vulnerability in Artifactory. A malicious party could exploit the vulnerability to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. JFrog...

8.8CVSS6.7AI score0.00502EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Animate

Adobe has fixed vulnerabilities in Adobe Animate. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...

7.8CVSS7.4AI score0.00393EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Successful misuse...

7.8CVSS7AI score0.03901EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•5 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed and vulnerability in SQL Server. The vulnerability is located in the Django backend and allows a malicious party to be able to use the client application of the victim to execute an SQL injection and thus execute arbitrary code execute arbitrary code with the victim's privileg...

8.8CVSS8.2AI score0.02124EPSS
Exploits0
NCSC
NCSC
•added 2024/03/11 12:0 a.m.•5 views

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. An authenticated malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with application privileges. Because pgAdmin was developed as a management tool for PostgreSQL databases, it is therefore not rule out the...

9.9CVSS8.1AI score0.79326EPSS
Exploits4
NCSC
NCSC
•added 2024/03/06 12:0 a.m.•5 views

Vulnerabilities fixed in VMware products

VMware has fixed several vulnerabilities in VMware ESXI, VMware Workstation and VMware Fusion. A malicious person with local administrator rights in a virtual machine can exploit the vulnerabilities to execute code - with the rights of the application - execute code on the system on which the...

9.3CVSS7.5AI score0.03542EPSS
Exploits0
NCSC
NCSC
•added 2024/02/28 12:0 a.m.•5 views

Vulnerability fixed in CheckMK

A vulnerability has been fixed in the CheckMK Windows Agent. The vulnerability allows an authenticated local malicious agent to able to execute with arbitrary code under higher privileges. CheckMK has released updates to fix the vulnerability. For more information, see:...

8.8CVSS7.4AI score0.00342EPSS
Exploits5
NCSC
NCSC
•added 2024/02/16 12:0 a.m.•5 views

Vulnerabilities fixed in Liferay Portal and DXP

Liferay has fixed vulnerabilities in Portal and DXP. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to system information, or impersonate another user. Liferay has released updates to fix the vulnerabilities in Portal and DXP. For more information,...

8.1CVSS7.1AI score0.00593EPSS
Exploits0
NCSC
NCSC
•added 2024/02/16 12:0 a.m.•5 views

Vulnerability fixed in Rockwell Automation FactoryTalk Service Platform

Rockwell Automation has fixed a vulnerability in FactoryTalk Service Platform FTSP. An authenticated malicious party could exploit the exploit the vulnerability to grant themselves elevated privileges and gain access to FTSP as an Administrator. For successful misuse, the malicious party must hav...

9CVSS6.9AI score0.0099EPSS
Exploits0
NCSC
NCSC
•added 2024/02/15 12:0 a.m.•5 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Netweaver and CRM. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Circumvention of security measure Remote code...

9.1CVSS7AI score0.01079EPSS
Exploits1
NCSC
NCSC
•added 2024/01/30 12:0 a.m.•5 views

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer. A malicious party could exploit the vulnerability to cause a denial-of-service attack. For successful abuse, the malicious party must have prior authentication. Progress has released updates to fix the vulnerability in MOVEit Transfer 2023.1....

7.1CVSS6.8AI score0.00539EPSS
Exploits0
NCSC
NCSC
•added 2024/01/23 12:0 a.m.•5 views

Vulnerabilities fixed in Splunk

Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to sensitive data Access to system data Splunk has...

8.8CVSS7AI score0.00395EPSS
Exploits0
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Systems

Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Denial-of-Service DoS...

9.8CVSS7.4AI score0.69899EPSS
Exploits1
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•5 views

Vulnerabilities fixed in Trend Micro Deep Security

Trend Micro has fixed vulnerabilities in Deep Security. A local malicious person can exploit the vulnerabilities to grant themselves elevated privileges and thus potentially execute arbitrary code execute arbitrary code with elevated privileges. Depending on the implementation this may include th...

7.8CVSS7.9AI score0.0031EPSS
Exploits0
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle...

6.5CVSS6.3AI score0.00493EPSS
Exploits0
NCSC
NCSC
•added 2024/01/11 12:0 a.m.•5 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in Apex One. A local, authenticated malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code execute arbitrary code, possibly as SYSTEM. Trend Micro has released updates to fix the vulnerabilities...

7.8CVSS7.5AI score0.00311EPSS
Exploits0
NCSC
NCSC
•added 2024/01/09 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Office and Sharepoint

Microsoft has fixed vulnerabilities in Office and Sharepoint. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code. Successful exploitation of the vulnerability with reference CVE-2024-20677 requires the malicious party to trick the victim into opening a...

8.8CVSS9AI score0.30801EPSS
Exploits0
NCSC
NCSC
•added 2024/01/09 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

8.8CVSS9.5AI score0.72163EPSS
Exploits9
NCSC
NCSC
•added 2024/01/05 12:0 a.m.•5 views

Vulnerabilities fixed in Rockwell Automation FactoryTalk Activation Manager

Rockwell Automation has fixed vulnerabilities in the FactoryTalk Activation Manager. A malicious party could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system and thereby take over the system and thus access and manipulate the system data an...

9.8CVSS7.8AI score0.78483EPSS
Exploits6
NCSC
NCSC
•added 2023/12/13 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Illustrator 2023 and 2024. A malicious person could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges. The malicious person does not need prior authorizations to do so. Adobe has released updates to fix the vulnerabilitie...

7.8CVSS7.5AI score0.00462EPSS
Exploits0
NCSC
NCSC
•added 2023/12/13 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Dimension

Adobe has fixed vulnerabilities in Dimension. A malicious party could exploit the vulnerabilities to gain access to sensitive data. The malicious party does not need any prior authorizations required. Adobe has released updates to fix the vulnerability in Dimension 3.4.11. For more information,...

5.5CVSS7.1AI score0.00424EPSS
Exploits0
NCSC
NCSC
•added 2023/12/13 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or to gain access to sensitive data. The malicious party does not need prior authorizations to do so. Adobe has released updates to fix the vulnerabilities in versi...

5.5CVSS7.1AI score0.00328EPSS
Exploits0
NCSC
NCSC
•added 2023/12/13 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to impersonate another user through a Cross-Site-Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access...

9.6CVSS6.9AI score0.16221EPSS
Exploits0
NCSC
NCSC
•added 2023/12/12 12:0 a.m.•5 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive data Access to system data Successful...

8.8CVSS8.5AI score0.07879EPSS
Exploits16
NCSC
NCSC
•added 2023/12/04 12:0 a.m.•5 views

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to grant himself elevated privileges, or to cause a denial-of-service by executing a specially prepared query. These updates also include several updates to third-party products to include older...

7.5CVSS7.1AI score0.0109EPSS
Exploits0
NCSC
NCSC
•added 2023/12/04 12:0 a.m.•5 views

Vulnerabilities fixed in Squid

Vulnerabilities have been fixed in Squid. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. The developers of Squid have released updates to fix the vulnerabilities in Squid 6.5. For more information, see:...

8.6CVSS7AI score0.88818EPSS
Exploits0
NCSC
NCSC
•added 2023/12/01 12:0 a.m.•5 views

Vulnerability fixed in IBM AIX

IBM has fixed a vulnerability in AIX. Through an error in the invscout command, a local malicious person can execute arbitrary execute arbitrary commands on the system. IBM has released updates to fix the vulnerability in AIX invscout. For more information, see:...

8.4CVSS7AI score0.0028EPSS
Exploits0
NCSC
NCSC
•added 2023/11/23 12:0 a.m.•5 views

Vulnerabilities discovered in OwnCloud

Vulnerabilities have been discovered in OwnCloud's core software and in the apps oauth2 and graphapi. An unauthenticated malicious person could exploit the vulnerabilities to arbitrarily delete files delete or gain access to sensitive data Because a configuration change is sufficient to remove...

10CVSS7.3AI score0.78428EPSS
Exploits5
NCSC
NCSC
•added 2023/11/23 12:0 a.m.•5 views

Vulnerability fixed in Splunk

A vulnerability has been fixed in Splunk. A malicious person with prior authentication and rights to upload XSLT files, could exploit the vulnerability to execute arbitrary code via the upload of an XSLT file to execute arbitrary code with permissions from the application. Because it is not...

8.8CVSS8.1AI score0.89066EPSS
Exploits4
NCSC
NCSC
•added 2023/11/16 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious person could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges and to access gain access to sensitive data in the victim's context. Successful exploitation requires the malicious...

7.8CVSS7.3AI score0.04907EPSS
Exploits0
NCSC
NCSC
•added 2023/11/16 12:0 a.m.•5 views

Vulnerabilities fixed in Fortinet FortiMail

Fortinet has fixed vulnerabilities in FortiMail. A malicious party can exploit the vulnerability with reference CVE-2023-45582 exploited to gain brute-force access to the mail environment. The vulnerability with reference CVE-2023-36633 allows an authenticated malicious person to gain access to...

7.3CVSS7AI score0.00522EPSS
Exploits0
NCSC
NCSC
•added 2023/11/14 12:0 a.m.•5 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in Business One and Netweaver. A malicious party can exploit the vulnerabilities to circumvent a bypass a security measure, or gain access via brute-force gain access to sensitive data. SAP has released updates to fix the vulnerabilities in the vulnerable products. F...

9.6CVSS7AI score0.00586EPSS
Exploits0
NCSC
NCSC
•added 2023/11/14 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Edge

Microsoft has fixed vulnerabilities in Edge. A malicious person could exploit the vulnerabilities to impersonate another user, grant himself elevated privileges or execute arbitrary code execute arbitrary code in the context of the browser. Successful exploitation requires the malicious party to...

8.8CVSS7.4AI score0.07094EPSS
Exploits0
NCSC
NCSC
•added 2023/11/13 12:0 a.m.•5 views

Vulnerabilities fixed in Ivanti Endpoint Manager Mobile

Ivanti has fixed vulnerabilities in Endpoint Manager Mobile formerly MobileIron. A malicious party could exploit the vulnerabilities to request certificates on behalf of another user request certificates, or register a mobile device in someone else's name. This allows the malicious party to gain...

9.8CVSS7.2AI score0.02278EPSS
Exploits0
NCSC
NCSC
•added 2023/11/09 12:0 a.m.•5 views

Vulnerability fixed in Progress WS_FTP

Progress has fixed a vulnerability in WSFTP. A authenticated malicious party could exploit the vulnerability to upload files to any location on the file system of the system on which WSFTP is installed. This could result in data overwriting, or affect the operation of the operating system and...

9.1CVSS7AI score0.00896EPSS
Exploits0
NCSC
NCSC
•added 2023/11/07 12:0 a.m.•5 views

Vulnerabilities fixed in Veeam ONE

Veeam has fixed vulnerabilities in Veeam ONE. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive...

9.9CVSS7.9AI score0.19125EPSS
Exploits0
NCSC
NCSC
•added 2023/11/02 12:0 a.m.•5 views

Vulnerability fixed in Apache Zookeeper

The Apache Foundation has fixed a vulnerability in Zookeeper. A malicious party could exploit the vulnerability to gain access gain access to data within Zookeeper. The vulnerability is in the way peer authentication takes place. For successful misuse, the malicious party must be able to be able ...

9.1CVSS8.6AI score0.01713EPSS
Exploits0
NCSC
NCSC
•added 2023/11/02 12:0 a.m.•5 views

Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA)

Cisco has fixed vulnerabilities in the Adaptive Security Appliance ASA. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass security measures to bypass security measures to route unauthorized traffic through the system, or use a rogue ASA implementation to...

8.6CVSS7AI score0.00675EPSS
Exploits0
Total number of security vulnerabilities4190