Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2023/11/10 12:0 a.m.•4 views

Vulnerabilities fixed in Foxit PDF Editor

Foxit has fixed vulnerabilities in PDF Editor for Mac formerly PhantomPDF. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code execute arbitrary code within the context of the application and gain access to sensitive data within...

7.4AI score
Exploits0
NCSC
NCSC
•added 2023/11/07 12:0 a.m.•4 views

Vulnerabilities fixed in SolarWinds Platform and Network Configuration Manager

SolarWinds has fixed vulnerabilities in SolarWinds Platform and Network Configuration Manager. A malicious party could exploit the vulnerabilities to gain access to system data or execute arbitrary code, possibly with SYSTEM privileges. SolarWinds has released updates to fix the vulnerabilities...

8.8CVSS7.7AI score0.02729EPSS
Exploits0
NCSC
NCSC
•added 2023/10/26 12:0 a.m.•4 views

Vulnerabilities fixed in Aruba Networks Clearpass Policy Manager

Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. An authenticated malicious party can exploit the vulnerabilities exploit them to carry out attacks that can result in the following categories of damage: Bypassing authentication. Remote code execution Administrator/Root rights...

8.8CVSS7.9AI score0.00796EPSS
Exploits0
NCSC
NCSC
•added 2023/10/26 12:0 a.m.•4 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote code execution User...

8.8CVSS8.4AI score0.01736EPSS
Exploits12
NCSC
NCSC
•added 2023/10/25 12:0 a.m.•4 views

Vulnerabilities fixed in VMware vCenter Server

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to be able to execute arbitrary code on the underlying system. VMware has released updates to fix the vulnerabilities in vCenter Server. For more informatio...

9.8CVSS7.6AI score0.99428EPSS
Exploits1
NCSC
NCSC
•added 2023/10/19 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed the vulnerabilities in the following...

9.8CVSS8.2AI score0.02836EPSS
Exploits6
NCSC
NCSC
•added 2023/10/19 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Oracle has fixed the...

9.1CVSS8.7AI score0.1158EPSS
Exploits3
NCSC
NCSC
•added 2023/10/19 12:0 a.m.•4 views

Vulnerability fixed in Oracle Essbase

A vulnerability has been fixed in Oracle Essbase products. A authenticated malicious party can exploit the vulnerability to cause cause a denial-of-service DoS attack. Oracle has fixed the vulnerability in the following products: - Oracle Essbase...

6.5CVSS7.1AI score0.73461EPSS
Exploits0
NCSC
NCSC
•added 2023/10/12 12:0 a.m.•4 views

Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved

Vulnerabilities have been fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Accessing sensitive data Accessing system data Junipe...

8.8CVSS7AI score0.00582EPSS
Exploits0
NCSC
NCSC
•added 2023/10/11 12:0 a.m.•4 views

Vulnerability fixed in libcurl

There is a vulnerability in the SOCKS5 proxy handshake of libcurl. A malicious party could potentially exploit the vulnerability to cause a crash in the application using libcurl. To perform this attack successfully, several conditions must be met such as using a SOCKS5 proxy, the use of a long...

9.8CVSS7.7AI score0.78483EPSS
Exploits6
NCSC
NCSC
•added 2023/10/10 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to executing arbitrary code or to obtain elevated privileges. Microsoft Office: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

8.4CVSS9.3AI score0.90353EPSS
Exploits0
NCSC
NCSC
•added 2023/10/10 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a cross-site scripting attack, to gain access to sensitive data or to perform a denial-of-service. Microsoft Common Data Model SDK:...

6.5CVSS6.1AI score0.02802EPSS
Exploits0
NCSC
NCSC
•added 2023/10/05 12:0 a.m.•4 views

Vulnerability fixed in Atlassian Confluence

Atlassian has fixed a vulnerability in Confluence. A malicious party could exploit the vulnerability to break into publicly accessible Confluence Data Center and Server instances, create unauthorized Confluence administrator accounts and gain access to Confluence instances. Atlassian has released...

10CVSS6.8AI score0.99156EPSS
Exploits39
NCSC
NCSC
•added 2023/10/05 12:0 a.m.•4 views

ZeroDay vulnerability fixed in Apple iOS and iPadOS

Apple has fixed a vulnerability in iOS and iPadOS. A malicious party could exploit the vulnerability to gain elevated permissions on the vulnerable system. Apple has received reports that this vulnerability may have been been actively exploited in versions of iOS prior to iOS 16.6 Apple has...

7.8CVSS6.6AI score0.00943EPSS
Exploits0
NCSC
NCSC
•added 2023/09/22 12:0 a.m.•4 views

Vulnerability fixed in Rockwell Automation FactoryTalk

Rockwell has fixed a vulnerability in Factory Talk View Machine Edition. An unauthenticated malicious person could exploit the exploit the vulnerability to execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to the production network...

9.8CVSS7.8AI score0.10974EPSS
Exploits0
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•4 views

Vulnerabilities fixed in Jenkins

Vulnerabilities have been fixed in Jenkins. A malicious party can exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...

8.8CVSS7.3AI score0.03388EPSS
Exploits0
NCSC
NCSC
•added 2023/09/19 12:0 a.m.•4 views

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person could exploit the vulnerability to execute pipelines with the privileges of an arbitrary user to execute pipelines. When this arbitrary user has elevated privileges, execution of code wit...

7.4AI score
Exploits0
NCSC
NCSC
•added 2023/09/19 12:0 a.m.•4 views

Vulnerability fixed in Trend Micro Apex One

Trend Micro has fixed a vulnerability in Apex One. A local, authenticated malicious party can exploit the vulnerability exploit to execute arbitrary code with permissions from the system. For successful abuse, the malicious party must have prior sufficient privileges on the admin console of the...

7.2CVSS7.7AI score0.04739EPSS
Exploits0
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•4 views

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. A malicious party can exploit the vulnerability to implement security measures against Cross-Site-Scripting XSS and Cross-Site-Request-Forgery XSRF and thus carry out these types of such attacks on web applications which should be protected against...

8.8CVSS6.7AI score0.00656EPSS
Exploits0
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Access to sensitive...

8.8CVSS7.5AI score0.39491EPSS
Exploits8
NCSC
NCSC
•added 2023/09/08 12:0 a.m.•4 views

ZeroDay vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed two ZeroDay vulnerabilities in iOS and iPadOS. A malicious person could exploit the vulnerabilities to execute arbitrary execute arbitrary code as a user of the system. Successful exploitation requires the malicious party to trick the victim into opening a rogue image, or opening ...

7.8CVSS7.4AI score0.15263EPSS
Exploits2
NCSC
NCSC
•added 2023/09/08 12:0 a.m.•4 views

ZeroDay vulnerability fixed in Apple macOS

Apple has fixed a ZeroDay vulnerability in macOS. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code as a user. For successful exploitation, the malicious party must trick the victim into opening a rogue image. Apple reports having reports that the...

7.8CVSS7.4AI score0.15263EPSS
Exploits2
NCSC
NCSC
•added 2023/08/31 12:0 a.m.•4 views

Vulnerability fixed in Juniper JunOS and JunOS Evolved

Juniper has fixed a vulnerability in JunOS and JunOS Evolved. A malicious party could exploit the vulnerability to cause a denial-of-service attack. The vulnerability is in the way BGP UPDATEs are processed. When a specially prepared UPDATE is sent, it can cause the connection to be dropped...

7.5CVSS6.8AI score0.15143EPSS
Exploits0
NCSC
NCSC
•added 2023/08/28 12:0 a.m.•4 views

Vulnerabilities fixed in 7-zip

Vulnerabilities have been fixed in 7-zip. The vulnerabilities are located in the way 7Z and SQFS files are processed and allow a malicious person to execute arbitrary code execute arbitrary code in the context of the user. Successful exploitation requires the malicious party to trick the victim...

7.8CVSS7.7AI score0.7104EPSS
Exploits0
NCSC
NCSC
•added 2023/08/22 12:0 a.m.•4 views

Vulnerability fixed in Ivanti MobileIron Sentry

Ivanti has fixed a vulnerability in MobileIron Sentry. A unauthenticated malicious person with access to the management interface could exploit the vulnerability to use API calls to manipulate the Sentry system and execute commands with administrator privileges. For successful misuse, the malicio...

9.8CVSS7.2AI score0.99949EPSS
Exploits6
NCSC
NCSC
•added 2023/08/18 12:0 a.m.•4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Access to...

8.8CVSS7.6AI score0.45912EPSS
Exploits2
NCSC
NCSC
•added 2023/08/14 12:0 a.m.•4 views

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. In addition to the vulnerabilities in OpenSSL, for which the NCSC has published previous security advisories published, a vulnerability has also been fixed in the urllib.parse component. Because proper input validation does not take place, it is possible...

7.5CVSS6.9AI score0.73461EPSS
Exploits5
NCSC
NCSC
•added 2023/08/08 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to afford elevated privileges, or execute arbitrary code with user privileges. Successful exploitation requires the malicious party to trick the victim into following a rogue link or opening a rog...

7.2CVSS7.3AI score0.01248EPSS
Exploits0
NCSC
NCSC
•added 2023/08/03 12:0 a.m.•4 views

Vulnerability discovered in Cisco Secure Web Appliance

A vulnerability has been discovered in Cisco Secure Web Appliance. The vulnerability is in how the scanning process handles with deflate, lzma and brotli content types. The deflate content type is not enabled by default. Izma and brotli are. A malicious party can exploit the vulnerabilities to pa...

5.8CVSS7.2AI score0.00476EPSS
Exploits0
NCSC
NCSC
•added 2023/07/31 12:0 a.m.•4 views

Vulnerabilities fixed in Zoho ManageEngine Password Manager pro

Zoho has fixed vulnerabilities in ManageEngine Password Manager pro. An authenticated malicious person could exploit them to bypass a security measure, manipulate data manipulate data for which the malicious party is not authorized, and gain access to sensitive data. No CVE ID has been disclosed...

6.4AI score
Exploits0
NCSC
NCSC
•added 2023/07/31 12:0 a.m.•4 views

Vulnerability fixed in libarchive

A vulnerability has been fixed in libarchive, a widely used library used by backup tools and tools such as tar, cpio etc. A local malicious person could exploit the vulnerability to cause a buffer overflow and thus potentially execute arbitrary code execute arbitrary code. In reporting the...

6.8AI score
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•4 views

Vulnerabilities fixed in Foxit Reader and PDF

Foxit has fixed vulnerabilities in its Reader and PDF editor vh. PhantomPDF. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or in specific circumstances, execute arbitrary code with permissions from the user and thereby potentially gain access to sensitive data ...

8.8CVSS7.8AI score0.01026EPSS
Exploits5
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•4 views

Vulnerability fixed in Atlassian Bamboo

Atlassian has fixed a vulnerability in Bamboo Server and Bamboo Data Center. An authenticated malicious person can exploit the exploit the vulnerability to use command-injection to execute arbitrary execute arbitrary code with application privileges and thus potentially gain access to sensitive...

8.8CVSS7.4AI score0.01805EPSS
Exploits0
NCSC
NCSC
•added 2023/07/27 12:0 a.m.•4 views

Vulnerability fixed in Veritas NetBackup Snapshot Manager

Veritas has fixed a vulnerability in NetBackup Snapshot Manager. Due to a flaw in the way client certificates are processed, it is possible for a malicious party to access backups and restores for which the malicious party is not authorized. This allows the malicious party to gain access to...

6.4AI score
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•4 views

Vulnerabilities fixed in Atlassian Confluence

Atlassian has fixed vulnerabilities in Confluence. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code with application privileges and possibly thereby gain access to sensitive data. The malicious party needs prior authentication required. Atlassia...

8.8CVSS7.8AI score0.02185EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•4 views

Vulnerability fixed in Oracle Solaris

Oracle has fixed a vulnerability in Solaris. A local malicious person could exploit the vulnerability to execute arbitrary code execute arbitrary code as root. Oracle has made updates available to fix the vulnerabilities. fix. For more information, see:...

7.8CVSS7.7AI score0.0018EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle VirtualBox

Oracle has fixed vulnerabilities in VirtualBox. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code with application privileges. ------------------.------.------------------------------------- | CVE ID | CVSS | Vector |...

8.1CVSS5.9AI score0.03658EPSS
Exploits0
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Essbase

Vulnerabilities have been fixed in Oracle Essbase products. A authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data. Oracle has fixed the vulnerabilities in the following products: - Oracle Essbase - Oracle Hyperion Essbase Administration Services...

9.8CVSS6.6AI score0.0558EPSS
Exploits8
NCSC
NCSC
•added 2023/07/19 12:0 a.m.•4 views

Vulnerabilities fixed in Oracle Hyperion

Vulnerabilities have been fixed in Oracle Hyperion products. A malicious party can exploit the vulnerabilities to cause a denial-of-service, or to execute code with permissions of the application. Oracle has fixed the vulnerabilities in the following products: - Oracle Hyperion Data Relationship...

9.8CVSS8AI score0.0327EPSS
Exploits0
NCSC
NCSC
•added 2023/07/13 12:0 a.m.•4 views

Vulnerabilities fixed in Schneider Electric EcoStruxture components

Schneider Electric has fixed vulnerabilities in StruxtureWare Datacenter Expert and EcoStruxture OPC UA Server Expert. an authenticated malicious person could exploit the vulnerabilities to gain access to sensitive data or execute arbitrary commands execute arbitrary commands for which it is not...

8.8CVSS7.7AI score0.00752EPSS
Exploits0
NCSC
NCSC
•added 2023/07/11 12:0 a.m.•4 views

Vulnerability fixed in Apple macOS, iOS, iPadOS and Safari

Apple has released interim updates for macOS, iOS, iPadOS and Safari to fix a vulnerability in WebKit. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with user privileges. The malicious party must to do so, trick the victim into opening a rogue fi...

8.8CVSS8.7AI score0.18185EPSS
Exploits0
NCSC
NCSC
•added 2023/07/04 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Integration Bus

IBM has fixed vulnerabilities in Integration Bus. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. IBM has released updates to fix the vulnerabilities in Integration Bus 10.1.0.1 Interim fix. For...

9.8CVSS7.4AI score0.04007EPSS
Exploits0
NCSC
NCSC
•added 2023/06/23 12:0 a.m.•4 views

Vulnerability fixed in Grafana

Grafana Labs has fixed a vulnerability in Grafana. The vulnerability is in the way accounts are validated when using Azure Active Directory for authentication. A malicious party could exploit it to completely take over an account and thus gain access gain access to sensitive data in that account...

9.8CVSS8.8AI score0.04094EPSS
Exploits0
NCSC
NCSC
•added 2023/06/20 12:0 a.m.•4 views

Vulnerabilities fixed in IBM Spectrum Protect

IBM fixed vulnerabilities in Spectrum Protect Plus Microsoft Filesystem Backup and Restore. A malicious party could exploit the vulnerabilities to cause a denial-of-service, bypass a security measure, or gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Spectru...

7.5CVSS6.9AI score0.0142EPSS
Exploits1
NCSC
NCSC
•added 2023/06/16 12:0 a.m.•4 views

Vulnerability fixed in ESET Security products

ESET has fixed a vulnerability in the following Security products for Linux and macOS: Server Security for Linux Endpoint Antivirus for Linux Cyber Security Endpoint Antivirus for macOS A local malicious agent can exploit the vulnerability to grant themselves elevated privileges and execute code...

7.8CVSS7.1AI score0.00148EPSS
Exploits0
NCSC
NCSC
•added 2023/06/16 12:0 a.m.•4 views

Vulnerability discovered in MOVEit Transfer

Progress has indicated in a blog post that a vulnerability has been found in MOVEit Transfer. The vulnerability allows an unauthenticated remote malicious person to obtain sensitive data through of an SQL injection to obtain sensitive data. The vulnerability has not yet been assigned a CVE...

9.1CVSS7.6AI score0.12808EPSS
Exploits0
NCSC
NCSC
•added 2023/06/15 12:0 a.m.•4 views

Vulnerability fixed in Adobe Animate

Adobe has fixed a vulnerability in Animate. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. The malicious person needs to trick the victim into opening a rogue file to do so. open. Adobe has released updates to fix the vulnerability in Animate...

7.8CVSS7.1AI score0.00418EPSS
Exploits0
NCSC
NCSC
•added 2023/06/08 12:0 a.m.•4 views

Vulnerability fixed in Cisco Anyconnect Secure Mobility Client and Secure Client

Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client and Secure Client for windows. A local, authenticated malicious party could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code execute code with privileges from SYSTEM. Cisco has release...

7.8CVSS7.5AI score0.05374EPSS
Exploits1
NCSC
NCSC
•added 2023/05/26 12:0 a.m.•4 views

Vulnerabilities fixed in LibreOffice

The Document Foundation has fixed two vulnerabilities in LibreOffice. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or possibly execute code with the victim's privileges. This requires the malicious party to trick the victim into opening a malicious document to...

7.8CVSS7.3AI score0.02244EPSS
Exploits2
NCSC
NCSC
•added 2023/05/26 12:0 a.m.•4 views

Vulnerability fixed in Atlassian Confluence

Atlassian has fixed a vulnerability in Confluence. A authenticated malicious person with read-only privileges can exploit the exploit the vulnerability to upload files in places where the malicious party is not authorized to do. Atlassian has released updates to fix the vulnerability in Confluenc...

6.5CVSS7AI score0.00747EPSS
Exploits0
Total number of security vulnerabilities4190