Lucene search
K

4197 matches found

NCSC
NCSC
•added 2024/12/11 8:53 a.m.•16 views

Vulnerability fixed in Splunk Enterprise

Splunk has fixed a vulnerability in Splunk Enterprise and Splunk Secure Gateway. The vulnerability is in specific versions of Splunk Enterprise and Splunk Secure Gateway, allowing low-privileged users to remotely execute code without needing admin rights. Splunk has released updates to fix the...

8.8CVSS7.2AI score0.01084EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:46 a.m.•9 views

Vulnerabilities fixed in Adobe Connect

Adobe has fixed vulnerabilities in Adobe Connect Versions 12.6, 11.4.7 and earlier. The vulnerabilities include both stored and reflected Cross-Site Scripting XSS that allow attackers to insert and execute malicious scripts in users' browsers. This can lead to unauthorized actions in the context ...

9.3CVSS6.1AI score0.00893EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:42 a.m.•5 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed several vulnerabilities in Acrobat Reader including versions up to and including 24.005.20307. The vulnerabilities include a Use After Free vulnerability that can lead to arbitrary code execution and denial-of-service. All vulnerabilities require user interaction for exploitation,...

7.8CVSS7.9AI score0.00525EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:37 a.m.•5 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 29.0.0, 28.7.2 and earlier. The vulnerabilities are in the way Adobe Illustrator handles specially crafted files. The first vulnerability allows attackers to execute arbitrary code when a user opens a malicious file, which can lead to...

7.8CVSS7.7AI score0.00322EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:34 a.m.•6 views

Vulnerability fixed in Adobe After Effects

Adobe has fixed a vulnerability in Adobe After Effects Specifically for versions 24.6.2, 25.0.1 and earlier. The vulnerability is in the way Adobe After Effects handles files. When a user opens a maliciously crafted file, it can cause a buffer overflow, which can result in the execution of...

7.8CVSS7.5AI score0.00459EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:31 a.m.•5 views

Vulnerabilities fixed in Animate

Animate fixed vulnerabilities in versions 23.0.8, 24.0.5 and earlier. The vulnerabilities in the Animate software can lead to arbitrarily code execution. These vulnerabilities require user interaction, specifically by opening a malicious file. The vulnerability could allow an attacker to execute...

7.8CVSS7.9AI score0.00521EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:20 a.m.•6 views

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID19.5, ID18.5.4 and earlier. The vulnerabilities include stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read, all of which can lead to code execution when a user opens a malicious file. Thes...

7.8CVSS8.1AI score0.00391EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:17 a.m.•8 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Desktop Versions 26.0 and earlier. The vulnerability is in how Photoshop handles memory management, specifically a Use After Free error. This vulnerability allows an attacker to execute arbitrary code, but requires user interaction such as opening a...

7.8CVSS7.8AI score0.00521EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:12 a.m.•7 views

Vulnerability fixed in Adobe Premiere Pro

Adobe has fixed a vulnerability in Premiere Pro Specifically for versions 25.0, 24.6.3 and earlier. The vulnerability is in the way Premiere Pro handles files, leading to a heap-based buffer overflow. This can allow a malicious party to execute arbitrary code when a user opens a maliciously craft...

7.8CVSS7.9AI score0.00498EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/11 8:6 a.m.•4 views

Vulnerability fixed in Adobe Framemaker

Adobe has fixed a vulnerability in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerability is in the way Adobe Framemaker handles files. A malicious party can exploit this vulnerability by creating a malicious file and allowing it to be opened, which can lead to...

7.8CVSS7.4AI score0.00484EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/10 7:35 p.m.•4 views

Vulnerabilities fixed in Drupal Core

Drupal has fixed vulnerabilities in Drupal Core Specifically for versions 7.0 to 7.102, 8.0.0 to before 10.2.11, 10.3.0 to before 10.3.9, and 11.0.0 to before 11.0.8. The vulnerabilities in Drupal Core are related to privilege escalation and deserialization of untrusted data, which can lead to...

9.8CVSS9.7AI score0.00956EPSS
Exploits0References6
NCSC
NCSC
•added 2024/12/10 7:34 p.m.•86 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as COMOS, RUGGEDCOM, SENTRON, SICAM, SIMATIC and TeamCenter. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Cross-Site Scriptin...

8.8CVSS7.2AI score0.00292EPSS
Exploits1References10
NCSC
NCSC
•added 2024/12/10 7:34 p.m.•6 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in SAP NetWeaver, ABAP, Web Dispatcher, Business Objects, HCM and Commerce Cloud. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Server-Side Request Forgery SSRF. ...

9.1CVSS7.1AI score0.03563EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/10 7:33 p.m.•5 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and potentially gain access to sensitive information in the victim's context. Successful...

8.2CVSS7.4AI score0.03294EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/09 1:38 p.m.•4 views

Vulnerabilities fixed in Qlik Sense Enterprise for Windows

Qlik has fixed vulnerabilities in Qlik Sense Enterprise for Windows for versions before November 2024 IR. The vulnerabilities are in the way Qlik Sense Enterprise handles network access for non-privileged users. These users can create connection objects that can execute arbitrary EXE files, leadi...

8.8CVSS8.2AI score0.00477EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/09 1:37 p.m.•9 views

Vulnerabilities fixed in Mitel MiCollab

Mitel has fixed vulnerabilities in Mitel MiCollab Specifically the Unified Messaging and Conferencing components. The vulnerabilities are in the way Mitel MiCollab components handle user input. An attacker can exploit these vulnerabilities to gain unauthorized access to user data and system...

9.4CVSS8.3AI score0.98067EPSS
Exploits3References5
NCSC
NCSC
•added 2024/12/09 1:36 p.m.•51 views

Vulnerabilities fixed in QNAP operating systems

QNAP has fixed vulnerabilities in several versions of their operating systems, including QTS and QuTS hero. The vulnerabilities include improper authentication, certificate validation issues, incorrect URL encryption, CRLF injection and command injection. These vulnerabilities allowed attackers t...

8.7CVSS8.3AI score0.01319EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/06 1:5 p.m.•9 views

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products such as Jira, Bamboo and Confluence. The vulnerabilities are in several third-party components from developers such as Oracle, RedHat and the Apache consortium. These vulnerabilities can lead to memory exhaustion and denial-of-service DoS du...

9.2CVSS7.4AI score0.24928EPSS
Exploits4References1
NCSC
NCSC
•added 2024/12/06 11:49 a.m.•6 views

Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series

ABB has fixed vulnerabilities in ABB ASPECT, NEXUS Series and MATRIX Series Specifically for versions up to 3.08.02. The vulnerabilities include unauthorized access to files on the Web server, which can lead to data leakage or unauthorized data manipulation. In addition, serious vulnerabilities...

10CVSS8AI score0.1901EPSS
Exploits48References1
NCSC
NCSC
•added 2024/12/06 11:48 a.m.•9 views

Vulnerabilities fixed in SonicWall SMA100 SSLVPN

SonicWall has fixed vulnerabilities in the SMA100 SSLVPN Specifically for firmware versions 10.2.1.13-72sv and earlier. The vulnerabilities in the SonicWall SMA100 SSLVPN include a heap-based buffer overflow, a stack-based buffer overflow, and a problem with the certificate requirement during...

9.1CVSS8.9AI score0.99957EPSS
Exploits1References1
NCSC
NCSC
•added 2024/12/06 11:47 a.m.•6 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities in Veeam Backup & Replication allow low-privileged users to remotely execute code, extract stored credentials in plain text, launch an agent in server mode, manipulate configurations within the virtual...

8.8CVSS7.2AI score0.1513EPSS
Exploits0References1
NCSC
NCSC
•added 2024/12/02 12:51 p.m.•29 views

Vulnerabilities fixed in Zabbix

Zabbix has fixed vulnerabilities in the Zabbix server and frontend. The vulnerabilities include a stack buffer overflow in the zbxsnmpcachehandleengineid function, which can lead to execution of arbitrary code or a denial of service. In addition, there is an SQL injection vulnerability that allow...

9.9CVSS9AI score0.78831EPSS
Exploits13References8
NCSC
NCSC
•added 2024/12/02 10:55 a.m.•6 views

Vulnerabilities fixed in IBM Security Verify Access Appliance

IBM has fixed vulnerabilities in IBM Security Verify Access Appliance Versions 10.0.0 to 10.0.8. The vulnerabilities include an ability for remote authenticated attackers to execute arbitrary commands on the system, privilege escalation for locally authenticated non-administrative users through...

9.8CVSS7.7AI score0.0077EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/28 2:24 p.m.•4 views

Vulnerability fixed in Zabbix

A vulnerability has been fixed in Zabbix. The vulnerability is in how the CUser class handles the addRelatedObjects function. This could allow non-administrators with API access to perform an SQL injection, which could lead to unauthorized access to sensitive data. The vulnerability could enable...

9.9CVSS7.2AI score0.78831EPSS
Exploits13References2
NCSC
NCSC
•added 2024/11/26 1:25 p.m.•5 views

Vulnerabilities fixed in VMware Aria Operations

VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include local privilege escalation and stored cross-site scripting XSS. Local privilege escalation allows an attacker with local administrative privileges to increase their access to the root user level on the device,...

7.8CVSS7.1AI score0.00449EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/25 9:4 a.m.•6 views

Vulnerabilities discovered in Veritas Enterprise Vault

Vulnerabilities have been discovered in Veritas Enterprise Vault Specifically for versions earlier than 15.2. The vulnerabilities are in how Veritas Enterprise Vault handles the deserialization of untrusted data sent through a .NET Remoting TCP port. This enables malicious actors to execute...

9.8CVSS7.5AI score0.00907EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/20 10:1 a.m.•72 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. Two vulnerabilities in iOS and iPadOS 17.7.2 CVE-2024-44308 & CVE-2024-44309 can lead to execution of arbitrary code. Apple states that active misuse of these vulnerabilities is known. A malicious party can exploit the vulnerabilities in...

9.1CVSS8.1AI score0.22728EPSS
Exploits3References2
NCSC
NCSC
•added 2024/11/20 10:0 a.m.•5 views

Vulnerabilities fixed in Apple macOS and Safari

Apple has fixed several vulnerabilities in macOS and Safari. Two vulnerabilities CVE-2024-44308 & CVE-2024-44309 in present in macOS Sequoia and Safari 18.1.1 can lead to execution of arbitrary code. Apple indicates that active exploits of these vulnerabilities have been taking place on Intel-bas...

8.8CVSS8.6AI score0.22728EPSS
Exploits1References2
NCSC
NCSC
•added 2024/11/20 9:4 a.m.•7 views

Vulnerability fixed in Trend Micro Deep Security

Trend Micro has fixed a vulnerability in Trend Micro Deep Security. The vulnerability is in the Trend Micro Deep Security 20 Agent and allows malicious actors with legitimate domain access to elevate privileges and potentially execute arbitrary code. Trend Micro has released updates to fix the...

8.8CVSS7.3AI score0.04032EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/20 8:41 a.m.•5 views

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has actively fixed exploited vulnerabilities in PAN-OS. UPDATE Public PoC has now appeared to exploit CVE-2024-0012. The vulnerability with attribute CVE-2024-0012 allows a malicious person with access to the management web interface to gain administrator privileges. Through th...

9.8CVSS8.2AI score0.99698EPSS
Exploits18References2
NCSC
NCSC
•added 2024/11/19 3:3 p.m.•7 views

Vulnerability fixed in GitHub CLI

GitHub has fixed a vulnerability in GitHub CLI Specifically for versions 2.6.1 and earlier. The vulnerability is in how GitHub CLI manages SSH connection details. This could allow malicious actors to execute arbitrary code on the user's workstation when connecting to a malicious Codespace SSH...

9.6CVSS7.7AI score0.00861EPSS
Exploits0References2
NCSC
NCSC
•added 2024/11/19 9:56 a.m.•7 views

Vulnerabilities fixed in VMware vCenter Server

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, possibly even to root and execute arbitrary code on the system. VMware reports in an update to its original security advisory that exploits have been...

9.8CVSS8.1AI score0.54143EPSS
Exploits0References3
NCSC
NCSC
•added 2024/11/19 9:41 a.m.•6 views

Vulnerability fixed in Oracle Agile PLM Framework

Oracle has fixed a vulnerability in version 9.3.6 of the Agile PLM Framework. The vulnerability allows unauthenticated attackers with network access to gain access to sensitive data. Oracle has released an out-of-band update to fix the vulnerability. See attached references for more information...

7.5CVSS9.3AI score0.01496EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/19 8:19 a.m.•8 views

Vulnerabilities fixed in Siemens Tecnomatix Plant Simulation

Siemens has fixed vulnerabilities in Tecnomatix Plant Simulation. The vulnerabilities are in how Tecnomatix Plant Simulation processes specially crafted WRL files. These vulnerabilities include out-of-bounds writes, use-after-free and stack-based overflows, all of which can be exploited by...

7.8CVSS7.9AI score0.00272EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/18 11:18 a.m.•16 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Specifically for versions 24.7.3, 25.11 and earlier. The vulnerability is in the way Adobe Photoshop handles certain files. A malicious party could exploit this vulnerability by tricking a user into opening a malicious file, which could lead to the...

7.8CVSS7.3AI score0.00299EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/18 11:14 a.m.•9 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign desktop applications Specifically for versions ID18.5.3, ID19.5 and earlier. The vulnerabilities are in the way the InDesign desktop applications handle specially crafted files. This can lead to a heap-based buffer overflow, which allows an attacker to...

7.8CVSS7.7AI score0.00461EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/18 11:8 a.m.•5 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.1 and earlier. The vulnerabilities in Adobe Illustrator allow attackers to read sensitive data, execute arbitrary code and can lead to a Denial-of-Service. These vulnerabilities require users to open a specifically crafted malicio...

7.8CVSS7.7AI score0.00328EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/15 12:29 p.m.•6 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...

8.8CVSS6.7AI score0.00543EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/15 10:52 a.m.•8 views

Vulnerability discovered in Fortinet FortiManager

UPDATE Public proof of concept PoC code for the vulnerability is available. It applies to FortiManager variants that have not yet been patched. Also, researchers have discovered that Fortinet's patch did not fix the full chain of exploitation. Thus, it is still possible to execute code on a patch...

9.8CVSS7.4AI score0.94761EPSS
Exploits7References1
NCSC
NCSC
•added 2024/11/14 12:46 p.m.•11 views

Vulnerability fixed in Schneider Electric Ecostruxture

Schneider Electric has fixed a vulnerability in the Ecostruxture Gateway. A malicious party could exploit the vulnerability to take over the gateway to gain access to the Ecostruxture landscape in use. For successful abuse, the malicious party must have access to the production environment. It is...

10CVSS7AI score0.00624EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/14 12:42 p.m.•6 views

Vulnerabilities fixed in Fortinet FortiClient

Fortinet has fixed vulnerabilities in FortiClient for Windows and macOS. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary commands on the system. Fortinet has released updates to fix the vulnerabilities. See attached references for...

8.8CVSS7.8AI score0.00462EPSS
Exploits0References4
NCSC
NCSC
•added 2024/11/14 12:38 p.m.•4 views

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. A malicious party can exploit the vulnerabilities to bypass security measures to route traffic to and through the system that is not initially authorized, or cause a denial-of-service. Palo Alto has released updates to address the...

8.7CVSS7.2AI score0.0051EPSS
Exploits0References8
NCSC
NCSC
•added 2024/11/13 3:10 p.m.•7 views

Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway

Cirtix has fixed a number of vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Increased user privileges Citrix has released updates to...

8.4CVSS7.1AI score0.00562EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/13 12:38 p.m.•6 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS Cross-Site Scripting XSS. Increased user privileges Remote code execution User...

9.1CVSS7.5AI score0.02014EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/13 10:42 a.m.•6 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - SQL Injection - Circumvention of security measure - Execution of arbitrary code on the server Ivanti has released...

9.8CVSS8.2AI score0.67711EPSS
Exploits0References1
NCSC
NCSC
•added 2024/11/13 8:51 a.m.•6 views

Vulnerabilities fixed in Citrix Session Recording

Citrix fixed vulnerabilities in Citrix Session Recording A malicious person with limited privileges could exploit the vulnerabilities to gain access to service accounts and execute arbitrary code on the server. Researchers have published Proof-of-Concept code demonstrating the vulnerability with...

8CVSS8AI score0.14736EPSS
Exploits2References3
NCSC
NCSC
•added 2024/11/12 6:57 p.m.•7 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass a security measure and execute arbitrary code with user privileges, potentially gaining access to sensitive data in the victim's context. For successful abuse, the malicio...

7.8CVSS7.3AI score0.02072EPSS
Exploits0
NCSC
NCSC
•added 2024/11/12 6:56 p.m.•3 views

Vulnerability fixed in Microsoft Exchange Server

Microsoft has fixed a vulnerability in Exchange Server. The vulnerability is in the way Exchange Server handles P2 FROM headers that do not conform to RFC. A malicious party could exploit the vulnerability to impersonate another user and send emails in the victim's name. Although the server itsel...

7.5CVSS6.7AI score0.07748EPSS
Exploits0
NCSC
NCSC
•added 2024/11/12 6:55 p.m.•9 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious person could exploit the vulnerabilities to execute arbitrary SQL code on the database environment. With the exception of the vulnerabilities marked CVE-2024-49021 and CVE-2024-49043, the vulnerabilities are in the SQL Native Client...

8.8CVSS7.9AI score0.01577EPSS
Exploits0
NCSC
NCSC
•added 2024/11/12 6:54 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges within the vulnerable components. The most serious vulnerability is in CycleCloud and has been assigned attribute CVE-2024-43602. CycleClou...

9.9CVSS9.1AI score0.02203EPSS
Exploits0
Total number of security vulnerabilities4197