Lucene search
K

4197 matches found

NCSC
NCSC
•added 2025/01/28 11:31 a.m.•7 views

Vulnerabilities fixed in Apple iPadOS and iOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include problems with memory management, input validation, and Web content processing that could lead to unauthorized access, execution of arbitrary code, and denial-of-service attacks. Apple indicates that CVE-2025-24085, whi...

9.8CVSS8.6AI score0.18668EPSS
Exploits7References2
NCSC
NCSC
•added 2025/01/28 10:43 a.m.•6 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for the Advanced Outbound Telephony, Project Foundation, Customer Care and Workflow components. The vulnerabilities are in several components of the Oracle E-Business Suite. The Advanced Outbound Telephony component contains...

8.1CVSS9.1AI score0.00539EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/28 10:42 a.m.•6 views

Vulnerability fixed in FortiNet FortiOS and FortiProxy

FortiNet has fixed a vulnerability in FortiOS and FortiProxy. The vulnerability is in the node.js implementation of the management Web interface and allows a malicious person to bypass authentication to become super-admin on the vulnerable system without prior authentication or authorizations. Fo...

9.8CVSS6.9AI score0.98259EPSS
Exploits9References1
NCSC
NCSC
•added 2025/01/28 10:37 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Ventura Specific to versions 13.7.3, Sequoia Specific to versions 15.3 and Sonoma Specific to versions 14.7.3. The vulnerabilities cover several issues, including unauthorized access to sensitive user data, incorrect permissions, and vulnerabilities that c...

9.8CVSS8.1AI score0.18668EPSS
Exploits7References4
NCSC
NCSC
•added 2025/01/23 1:56 p.m.•10 views

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is located in Cisco Meeting Management's REST API, which allows remote, authenticated attackers with low privileges to elevate their privileges to administrator level through inadequate authorization enforcement. This...

9.9CVSS6.6AI score0.01159EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/23 1:53 p.m.•7 views

Vulnerability fixed in Cisco BroadWorks

Cisco has fixed a vulnerability in Cisco BroadWorks. The vulnerability is in how the Cisco BroadWorks SIP processing system handles specific SIP requests. Unauthenticated remote attackers can exploit this vulnerability to perform a denial-of-service DoS attack, which can lead to memory exhaustion...

7.5CVSS6.9AI score0.00828EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/23 1:50 p.m.•11 views

Vulnerability fixed in SonicWall SMA1000 Appliance

SonicWall has fixed a vulnerability in the SMA1000 Appliance Management Console and Central Management Console. The vulnerability is located in the SMA1000 Appliance Management Console and Central Management Console, which allows remote, unauthenticated attackers to execute arbitrary OS commands...

9.8CVSS7.2AI score0.23432EPSS
Exploits1References1
NCSC
NCSC
•added 2025/01/22 1:36 p.m.•35 views

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed vulnerabilities in Oracle Analytics products, such as Business Intelligence, Analytics Desktop and BI Publisher. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data. Oracle has released updates to fix the...

9.8CVSS7.2AI score0.99999EPSS
Exploits34References1
NCSC
NCSC
•added 2025/01/22 1:36 p.m.•43 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed several vulnerabilities in its products, including Oracle Fusion Middleware, Oracle WebLogic Server, and Oracle HTTP Server. The vulnerabilities are in several Oracle products, including Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, which allow unauthenticated...

10CVSS7.5AI score0.99957EPSS
Exploits20References1
NCSC
NCSC
•added 2025/01/22 1:34 p.m.•11 views

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools specifically for versions prior to 9.2.9.2. The vulnerabilities in Oracle JD Edwards EnterpriseOne Tools allow unauthenticated malicious actors to compromise the system via HTTP requests. This can lead to unauthorized access to...

9.8CVSS7.1AI score0.93305EPSS
Exploits7References1
NCSC
NCSC
•added 2025/01/22 1:33 p.m.•18 views

Vulnerabilities fixed in Oracle Financial Services

Oracle has fixed several vulnerabilities in Financial Services and components. The vulnerabilities allow unauthenticated attackers to gain access to critical data and compromise system integrity. Specific vulnerabilities can lead to compromise of confidentiality, integrity and availability, with...

10CVSS7.6AI score0.93305EPSS
Exploits16References1
NCSC
NCSC
•added 2025/01/22 1:32 p.m.•8 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in Oracle MySQL. The vulnerabilities allow a malicious person to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of a security measure - Accessing sensitive data Oracle has released...

9.1CVSS7.7AI score0.01863EPSS
Exploits2References1
NCSC
NCSC
•added 2025/01/22 1:31 p.m.•9 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed several vulnerabilities in Oracle PeopleSoft, specifically in versions 8.60, 8.61 and 9.2. The vulnerabilities in Oracle PeopleSoft allow authenticated malicious parties to gain unauthorized access to specific data via HTTP network access, which can lead to unauthorized data...

10CVSS7.1AI score0.93305EPSS
Exploits13References1
NCSC
NCSC
•added 2025/01/22 1:31 p.m.•6 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle fixed vulnerabilities in Oracle Enterprise Manager A malicious party could exploit the vulnerabilities to gain access to sensitive data or cause a Denial-of-Service. Oracle has released updates to fix the vulnerabilities. See attached references for more information...

10CVSS7.4AI score0.54862EPSS
Exploits10References1
NCSC
NCSC
•added 2025/01/22 1:30 p.m.•20 views

Vulnerabilities fixed in Oracle Communications

Oracle has fixed several vulnerabilities in its Communications products, including Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function and Oracle Communications Order and Service Management. The vulnerabilities allow unauthenticated malicious actors t...

10CVSS7.5AI score0.99957EPSS
Exploits103References1
NCSC
NCSC
•added 2025/01/22 1:30 p.m.•27 views

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several database products and subsystems, including the Core Database, Grail, Application Express, GoldenGate and REST data. The vulnerabilities are in several components of the Oracle Database, including the Data Mining component and the Java VM. These...

10CVSS7AI score0.93305EPSS
Exploits54References1
NCSC
NCSC
•added 2025/01/17 8:54 a.m.•4 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. The first vulnerability CVE-2025-0282 can be exploited by malicious parties to execute arbitrary code remotely without authentication. The second vulnerability CVE-2025-0283 can be exploited by a locally authenticated malicious...

9CVSS9.8AI score0.99971EPSS
Exploits13References2
NCSC
NCSC
•added 2025/01/16 11:46 a.m.•8 views

Vulnerabilities fixed in Schneider Electric Modicon

Schneider Electric has fixed vulnerabilities in Modicon M340, M580 and various communication modules. A malicious party could exploit the vulnerabilities to cause a denial-of-service or gain access to system data and possibly affect the operation of the controllers. For successful abuse, the...

8.8CVSS7.3AI score0.00605EPSS
Exploits0References2
NCSC
NCSC
•added 2025/01/15 1:25 p.m.•18 views

Vulnerabilities fixed in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS and FortiProxy. The vulnerabilities include hard-coded cryptographic keys, improper processing of OS commands, and out-of-bounds write and read errors. Attackers can exploit these vulnerabilities to gain...

9.8CVSS7.8AI score0.83428EPSS
Exploits13References27
NCSC
NCSC
•added 2025/01/15 11:59 a.m.•53 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager EPM that were present in versions prior to the January 2025 security updates. The vulnerabilities include path traversal, SQL injection, deserialization, incorrect file name validation and insufficient signature validation. These...

9.8CVSS9.6AI score0.99762EPSS
Exploits4References1
NCSC
NCSC
•added 2025/01/15 11:47 a.m.•6 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions below 134 and 128.6. The vulnerabilities include client-side path traversal, privilege escalation and use-after-free conditions. These vulnerabilities can be exploited by malicious parties to gain unauthorized...

9.8CVSS10AI score0.1307EPSS
Exploits0References6
NCSC
NCSC
•added 2025/01/15 7:42 a.m.•3 views

Vulnerabilities fixed in Rsync

Rsync Project has fixed vulnerabilities in Rsync versions 3.4.0. The most critical vulnerabilities in Rsync include a heap-based 'buffer overflow' CVE-2024-12084 and an 'info leak' CVE-2024-12085 that can lead to arbitrary code execution present in Rsync versions 3.2.7 & 3.3.0. In addition, there...

9.8CVSS7.8AI score0.72059EPSS
Exploits8References3
NCSC
NCSC
•added 2025/01/14 7:20 p.m.•6 views

Vulnerability fixed in Microsoft Dynamics Power Automate

Microsoft has fixed a vulnerability in Power Automate for Desktops. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into...

7.8CVSS7.2AI score0.00732EPSS
Exploits0
NCSC
NCSC
•added 2025/01/14 7:18 p.m.•6 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure products. A malicious person with prior authentication could exploit the vulnerabilities to gain access to sensitive data in the victim's context. Successful misuse requires the victim to log in, where the malicious person manages to win a race...

8.8CVSS6.6AI score0.01475EPSS
Exploits0
NCSC
NCSC
•added 2025/01/14 7:15 p.m.•14 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious person could exploit the vulnerabilities to bypass a security measure, impersonate another user, access sensitive data or execute arbitrary code in the victim's context. Successful exploitation requires the malicious part...

8.8CVSS7.4AI score0.24441EPSS
Exploits1
NCSC
NCSC
•added 2025/01/14 7:10 p.m.•10 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data or execute arbitrary code in the victim's context. Successful exploitation requires the malicious party to trick the...

8.8CVSS7.4AI score0.03148EPSS
Exploits0
NCSC
NCSC
•added 2025/01/14 7:9 p.m.•15 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial of Service DoS - Circumvention of security measure - Execution of arbitrary code User Rights - Execution of arbitrar...

9.8CVSS9AI score0.80912EPSS
Exploits12
NCSC
NCSC
•added 2025/01/14 11:54 a.m.•7 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Industrial Edge Management, Mendix, SIMATIC, SIPROTEC and Siveillance. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. -...

9.1CVSS7.2AI score0.00593EPSS
Exploits0References5
NCSC
NCSC
•added 2025/01/14 11:50 a.m.•22 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in SAP, NetWeaver and ABAP. The vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform include incorrect authentication controls and weak access controls, which can be exploited by authenticated attackers to escalate their privileges and gain...

9.9CVSS8.3AI score0.00718EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/10 12:14 p.m.•7 views

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed vulnerabilities in JunS Specifically JunOS and JunOS Evolved. The vulnerabilities are in the way Juniper's JunOS and JunOS Evolved handle BGP packets and IPv6 packets. The first vulnerability can be exploited by unauthenticated attackers sending distorted BGP packets, which can...

8.7CVSS7.2AI score0.00714EPSS
Exploits0References2
NCSC
NCSC
•added 2025/01/08 11:0 a.m.•7 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Ivanti Connect Secure Specific for versions prior to 22.7R2.4 and Policy Secure Specific for versions prior to 22.7R1.2. The vulnerabilities are in the Secure Application Manager component and the IPSEC component of Ivanti Connect Secure and Policy Secure and d...

9.1CVSS8.1AI score0.01847EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/07 12:54 p.m.•12 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit the...

9.8CVSS7.1AI score0.03945EPSS
Exploits1References1
NCSC
NCSC
•added 2025/01/06 7:49 a.m.•7 views

Vulnerabilities fixed in Moxa's cellular routers and network security devices

Moxa has fixed vulnerabilities in Moxa's cellular routers and network security devices Specifically, CVE-2024-9138 and CVE-2024-9140. Vulnerability CVE-2024-9138 involves hard-coded credentials that allow authenticated users to escalate their privileges, ultimately leading to root access. This...

9.8CVSS8.3AI score0.01777EPSS
Exploits0References1
NCSC
NCSC
•added 2025/01/06 7:30 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. UPDATE: Researchers have published proof of concept PoC code demonstrating the vulnerability with attribute CVE-2024-49113. Successful exploitation requires the malicious party to have access to both a DC with LDAP and a rogue server under their own...

9.8CVSS9.7AI score0.83642EPSS
Exploits12
NCSC
NCSC
•added 2025/01/03 12:1 p.m.•9 views

Vulnerabilities fixed in Ipswitch WhatsUp Gold

Ipswitch has fixed vulnerabilities in WhatsUp Gold Versions before 2024.0.2 and earlier. The vulnerabilities are in versions of WhatsUp Gold before 2024.0.2. An authenticated user could misuse a specific HTTP call, which could lead to the disclosure of sensitive information and compromise data...

9.6CVSS6.4AI score0.42369EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/31 9:22 a.m.•8 views

Vulnerabilities fixed in Foxit PDF Reader and PDF Editor

Foxit has fixed vulnerabilities in Foxit PDF Reader. The vulnerabilities include a remote code execution vulnerability due to improper validation of user-supplied data in AcroForms, a memory corruption related to AcroForm functionality, and a local privilege escalation vulnerability that can be...

8.8CVSS8.7AI score0.0127EPSS
Exploits2References1
NCSC
NCSC
•added 2024/12/27 1:26 p.m.•6 views

Vulnerability fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS processes specially crafted DNS packets from attackers. This can lead to a device reboot and, on repeated attempts, the firewall can enter maintenance mode. Palo Alto says it has received reports from...

8.7CVSS8.9AI score0.26636EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/24 10:17 a.m.•5 views

Vulnerability fixed in Adobe ColdFusion

Adobe has fixed a vulnerability in ColdFusion versions 2023.11, 2021.17 and earlier. The vulnerability is in the way ColdFusion handles path traversal. This security issue can lead to unauthorized access to sensitive files and folders located outside the application's designated restricted...

8.1CVSS6.5AI score0.13403EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/23 11:43 a.m.•5 views

Vulnerabilities fixed in IBM Cognos Analytics

IBM fixed vulnerabilities in IBM Cognos Analytics The vulnerability in IBM Cognos Analytics arises from improper validation of file extensions, allowing remote attackers to upload arbitrary files. This security issue can lead to the execution of malicious code on the affected system, posing a...

9.8CVSS7.4AI score0.01073EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/22 6:38 p.m.•8 views

Vulnerability fixed in Apache Struts

Apache has fixed a vulnerability in Apache Struts Versions from 2.0.0 to before 6.4.0. The vulnerability is in the way the file upload logic is implemented in the deprecated FileUploadInterceptor. This vulnerability can be exploited to execute arbitrary code on systems running these versions. Sin...

9.8CVSS9.9AI score0.78198EPSS
Exploits15References2
NCSC
NCSC
•added 2024/12/19 3:22 p.m.•5 views

Vulnerability fixed in FortiManager

Fortinet has fixed a vulnerability in FortiManager. The vulnerability is in the OS command injection in FortiManager, which allows authenticated remote attackers to execute unauthorized code via specially crafted FGFM requests. Fortinet has released updates to fix the vulnerability. See attached...

7.2CVSS7.9AI score0.01684EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/19 2:54 p.m.•7 views

Vulnerabilities fixed in Rockwell Automation Power Monitor 1000

Rockwell Automation has fixed vulnerabilities in the Power Monitor 1000. The vulnerabilities are in the API of the Power Monitor 1000, which allows unauthorized users to configure new Policyholder users with high privileges. This allows attackers to edit existing users, create new administrators...

9.3CVSS7.8AI score0.00862EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/19 2:53 p.m.•7 views

Vulnerability fixed in Fortinet FortiWLM

Fortinet has fixed a vulnerability in FortiWLM Specifically for versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4. The vulnerability is located in FortiWLM's relative path-traversal functionality, which allows remote, unauthenticated attackers to execute unauthorized code via specially crafted Web...

9.8CVSS7.3AI score0.24901EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/18 10:42 a.m.•5 views

Vulnerability fixed in BeyondTrust Privileged Remote Access

BeyondTrust has fixed a vulnerability in Privileged Remote Access and Remote Support products. The vulnerability is located within the Privileged Remote Access and Remote Support products, allowing unauthenticated attackers to execute commands as a site user. The attack can lead to unauthorized...

9.8CVSS7.1AI score0.87991EPSS
Exploits8References1
NCSC
NCSC
•added 2024/12/13 10:4 a.m.•10 views

Vulnerabilities fixed in XWiki Platform

XWiki has fixed vulnerabilities in the XWiki Platform Specifically for versions 15.10.9 and 16.3.0. The vulnerabilities are in the way the XWiki Platform handles user permissions. A malicious user with programming privileges can execute code through the Extension Repository Application, or by...

9.9CVSS7.6AI score0.01558EPSS
Exploits4References3
NCSC
NCSC
•added 2024/12/13 10:3 a.m.•7 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 11.0 to 17.6.2. The vulnerabilities are located in several versions of GitLab CE/EE and allow attackers to create groups with names that match existing unique domains, which can lead to domain confusion. In addition, users...

8.7CVSS7.2AI score0.00765EPSS
Exploits8References1
NCSC
NCSC
•added 2024/12/13 9:58 a.m.•7 views

Vulnerability fixed in Schneider Electric Modicon

Schneider Electric has fixed a vulnerability in devices that use the Modbus protocol. The vulnerability is in how devices using the Modbus protocol validate input. When an unauthenticated and customized Modbus packet is sent to the device, it can result in a denial-of-service, compromising both t...

9.8CVSS7AI score0.00641EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/12 10:31 a.m.•7 views

Vulnerabilities fixed in macOS

Apple has fixed vulnerabilities in macOS Sequoia 15.2, Ventura 13.7.2, and Sonoma 14.7.2. The vulnerabilities include a use-after-free vulnerability that could lead to unexpected application termination or arbitrary code execution, and logic issues that allowed applications to modify protected...

9.8CVSS8AI score0.14492EPSS
Exploits3References3
NCSC
NCSC
•added 2024/12/12 10:30 a.m.•8 views

Vulnerabilities fixed in Apple iPadOS and iOS

Apple has fixed vulnerabilities in iPadOS Specific to versions 17.7.3 and 18.2 and iOS Specific to 18.2. The vulnerabilities include a denial-of-service issue, logic issues that allowed unauthorized privilege escalation, and unexpected system terminations due to memory corruption. These...

9.8CVSS7.6AI score0.14492EPSS
Exploits1References2
NCSC
NCSC
•added 2024/12/11 8:58 a.m.•4 views

Vulnerabilities fixed in Ivanti Cloud Security Appliance

Ivanti has fixed vulnerabilities in the Cloud Security Appliance CSA for versions prior to 5.0.3. The vulnerabilities are located in the admin web console of the Ivanti Cloud Security Appliance. The first vulnerability involves an authentication bypass, allowing remote unauthenticated attackers t...

10CVSS8.8AI score0.23598EPSS
Exploits0References1
Total number of security vulnerabilities4197