Lucene search
K

4197 matches found

NCSC
NCSC
•added 2024/10/02 8:45 a.m.•4 views

Vulnerabilities discovered in CUPS

Recently, a researcher discovered a number of vulnerabilities in CUPS that could lead to Remote Code Execution. These have been disclosed as "9.9 RCE affecting all GNU/Unix systems." Through a concatenation of the four vulnerabilities, a malicious person can execute arbitrary code within the...

8.6CVSS8.7AI score0.76959EPSS
Exploits17References4
NCSC
NCSC
•added 2024/09/30 9:41 a.m.•5 views

Vulnerabilities fixed in Foxit PDF Editor and PDF Reader

Foxit has fixed vulnerabilities in PDF Editor and PDF Reader. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code in the context of the application, potentially gaining access to sensitive data. Successful exploitation requires t...

8.8CVSS7.8AI score0.01917EPSS
Exploits1References1
NCSC
NCSC
•added 2024/09/26 9:0 a.m.•6 views

Vulnerabilities fixed in Aruba Networks ArubaOS

Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the vulnerable system without prior authentication. For successful abuse, the malicious party must have access to the PAPI port udp 8211. It is good practice n...

9.8CVSS7.7AI score0.01486EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/26 8:52 a.m.•8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS - Denial-of-Service DoS. - Manipulation of data - Circumvention of security measure - Access to...

9.1CVSS7.4AI score0.07939EPSS
Exploits2References2
NCSC
NCSC
•added 2024/09/26 8:48 a.m.•67 views

Vulnerabilities fixed in Apple macOS

Apple fixed vulnerabilities in macOS A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of security measure - Access to sensitive data - Access to system data Fo...

10CVSS7.8AI score0.07939EPSS
Exploits5References3
NCSC
NCSC
•added 2024/09/24 7:31 a.m.•5 views

Vulnerability fixed in pgAdmin

pgAdmin has fixed a vulnerability in pgAdmin 8.11. A malicious party could exploit the vulnerability to gain access to sensitive data. pgAdmin has released an update to fix the vulnerability. See attached references for more information...

9.9CVSS6.9AI score0.09685EPSS
Exploits2References2
NCSC
NCSC
•added 2024/09/20 7:57 a.m.•3 views

Vulnerabilities fixed in Ivanti Cloud Services Appliance

Ivanti has fixed vulnerabilities in Cloud Services Appliance v 4.6. A malicious party could exploit the vulnerabilities to execute a command-injection via path-traversal, allowing the system to be operated and possibly taken over without prior authentication. Ivanti says it has information that t...

9.4CVSS7AI score0.98557EPSS
Exploits3References2
NCSC
NCSC
•added 2024/09/19 11:37 a.m.•7 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP, Business Warehouse, NetWeaver, HANA, Business Objects and Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Bypassing...

6.5CVSS7.1AI score0.06049EPSS
Exploits2References1
NCSC
NCSC
•added 2024/09/18 11:25 a.m.•5 views

Vulnerabilities fixed in Docker Desktop

Vulnerabilities have been fixed in Docker Desktop. A malicious party can exploit the vulnerabilities to execute arbitrary code in the context of the Desktop application. Since the Docker Desktop is mostly used by developers, it cannot be ruled out that the execution of arbitrary code can take pla...

9.8CVSS8AI score0.01251EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/13 5:0 p.m.•6 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges...

10CVSS7.8AI score0.59257EPSS
Exploits3References1
NCSC
NCSC
•added 2024/09/13 8:52 a.m.•13 views

Vulnerability fixed in Rockwell Automation FactoryTalk View Site

Rockwell Automation has fixed a vulnerability in FactoryTalk View Site. A malicious party could exploit the vulnerability to execute arbitrary code in the application, in the victim's context, using a Cross-Site Scripting attack. For successful exploitation, the malicious party must have access t...

9.8CVSS7.1AI score0.01284EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/13 8:46 a.m.•4 views

Vulnerability fixed in Rockwell Automation ThinManager

Rockwell Automation has fixed a vulnerability in ThinManager. A malicious party could exploit the vulnerability to install software on the vulnerable system to execute arbitrary code. Rockwell Automation has released updates to fix the vulnerability. See attached references for more information...

8.8CVSS7.3AI score0.11228EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/13 8:44 a.m.•77 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to grant themselves elevated privileges and perform actions in the context of another user, potentially including users with...

9.9CVSS7.1AI score0.39581EPSS
Exploits1References1
NCSC
NCSC
•added 2024/09/13 8:42 a.m.•16 views

Vulnerabilities fixed in Citrix Workspace App for Windows

Citrix has fixed vulnerabilities in the Citrix Workspace App for Windows. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and potentially execute code with SYSTEM privileges. Citrix has released updates to fix the vulnerabilities. See attached...

7.3CVSS7.4AI score0.00246EPSS
Exploits1References1
NCSC
NCSC
•added 2024/09/13 8:40 a.m.•5 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in IOS XR. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or execute arbitrary code on the vulnerable system. To cause a Denial-of-Service, the malicious party does not need prior authentication. To execute arbitrary code, the...

8.8CVSS7.7AI score0.00596EPSS
Exploits0References4
NCSC
NCSC
•added 2024/09/13 8:30 a.m.•4 views

Vulnerabilities fixed in Solarwinds Access Rights Manager

Solarwinds has fixed vulnerabilities in Access Rights Manager. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. Solarwinds has released updates to fix the vulnerabilities. See attached references f...

9CVSS7.9AI score0.03085EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/11 9:31 a.m.•9 views

Vulnerabilities fixed in Adobe products

Vulnerabilities have been fixed in Adobe products. The vulnerabilities allow a malicious person to launch attacks that result in the following categories of damage: - Denial-of-Service DoS - Remote code execution User rights - Access to system data Adobe has released updates to fix the...

9.8CVSS7.8AI score0.30326EPSS
Exploits0References6
NCSC
NCSC
•added 2024/09/10 6:28 p.m.•8 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to potentially execute code within the application, or to conduct a Cross-Site Scripting attack. Such an attack could result in execution of code in the...

9.8CVSS6.5AI score0.01362EPSS
Exploits0
NCSC
NCSC
•added 2024/09/10 6:27 p.m.•6 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data and potentially execute commands with Administrator privileges. Abuse is not easy and requires prior authentication a...

9.9CVSS7.1AI score0.01595EPSS
Exploits0
NCSC
NCSC
•added 2024/09/10 6:23 p.m.•6 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges, access sensitive data or execute code with potentially SYSTEM privileges. Successful exploitation of the...

8.8CVSS7.2AI score0.51461EPSS
Exploits0
NCSC
NCSC
•added 2024/09/10 6:22 p.m.•5 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. Most of the vulnerabilities are in SQL Native Scoring and allow a malicious person to assign themselves elevated privileges, access sensitive data and execute arbitrary code within the SQL Server. Successful exploitation requires the malicious...

9.8CVSS7.9AI score0.02193EPSS
Exploits0
NCSC
NCSC
•added 2024/09/10 6:21 p.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data. The most serious vulnerability h...

9.8CVSS7.5AI score0.51883EPSS
Exploits3References1
NCSC
NCSC
•added 2024/09/10 6:20 p.m.•11 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK and Tecnomatix. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of dat...

10CVSS8.2AI score0.99506EPSS
Exploits72References15
NCSC
NCSC
•added 2024/09/10 12:34 p.m.•7 views

Vulnerability fixed in Sonicwall SonicOS

Sonicwall has fixed a vulnerability in SonicOS for Gen5, Gen6 and Gen7 firewalls. The vulnerability is located in the management interface and SSLVPN and allows a malicious party to cause a Denial-of-Service and potentially access and modify system data. The NCSC is receiving signals from trusted...

9.8CVSS7.2AI score0.15593EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/10 10:56 a.m.•7 views

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data or execute arbitrary OS commands. For successful abuse, the malicious party must already have prior authentication. QNAP has...

8.8CVSS7.6AI score0.01073EPSS
Exploits0References3
NCSC
NCSC
•added 2024/09/06 8:2 a.m.•7 views

Vulnerability fixed in Kemp LoadMaster

Kemp Technologies has fixed a vulnerability in Kemp LoadMaster and Progress LoadMaster. A malicious party could exploit the vulnerability to execute arbitrary commands on the vulnerable system without prior authentication via specially prepared HTTP calls. For successful abuse, the malicious part...

10CVSS7.7AI score0.44069EPSS
Exploits1References1
NCSC
NCSC
•added 2024/09/05 12:2 p.m.•70 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...

8.4CVSS8.2AI score0.0301EPSS
Exploits0References2
NCSC
NCSC
•added 2024/09/03 11:19 a.m.•4 views

Vulnerability fixed in Ivanti Virtual Traffic Manager

Ivanti has fixed a vulnerability in Virtual Traffic Manager. A malicious person could exploit the vulnerability to bypass authentication on the management interface and create an adminiatrator account, which could be used to take over the system completely. For successful abuse, the malicious par...

9.8CVSS7AI score0.99987EPSS
Exploits4References1
NCSC
NCSC
•added 2024/09/03 9:51 a.m.•5 views

Vulnerabilities fixed in Zyxel Flex and USG Firewalls

Zyxel has fixed vulnerabilities in the firmware of ATP and USG Flex firewalls. A malicious party can exploit the vulnerabilities to cause a denial-of-service, possibly unpatched execute a limited set of commands on the vulnerable system, or execute arbitrary code in the victim's browser through a...

8.1CVSS8AI score0.01339EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/03 9:45 a.m.•5 views

Vulnerability fixed in Zyxel Access Points and Secure Routers

Zyxel has fixed a vulnerability in several types of Access Points and Secure Routers. The vulnerability is in the way the cgi system processes the 'host' parameter and allows a malicious person to execute OS-level commands. For successful exploitation, the malicious party must have access to the...

9.8CVSS7.1AI score0.11269EPSS
Exploits0References1
NCSC
NCSC
•added 2024/09/02 11:51 a.m.•5 views

Vulnerabilities fixed in Progress WhatsUp Gold

Progress has fixed vulnerabilities in WhatsUp Gold. A malicious party can exploit the vulnerabilities to retrieve or change the password of the application user in a Single User installation, or in a Multi User installation to change the password of a user with elevated privileges through an...

9.8CVSS7.6AI score0.94661EPSS
Exploits2References1
NCSC
NCSC
•added 2024/08/30 1:42 p.m.•6 views

Vulnerabilities fixed in Progress WS_FTP server

Progress has fixed vulnerabilities in WSFTP server. A malicious party can exploit the vulnerabilities to bypass two-factor authentication, which allows it to log in with just username and password. Also, through directory traversal, the malicious party may be able to gain access to files that the...

8.1CVSS7.3AI score0.00688EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/27 7:59 a.m.•34 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Circumvention of security measure - Manipulating data -...

9.8CVSS8.9AI score0.70564EPSS
Exploits29References3
NCSC
NCSC
•added 2024/08/23 12:59 p.m.•3 views

Vulnerabilities fixed in Google Chrome, Chromium & Microsoft Edge

Google has fixed vulnerabilities in Chrome and Chromium. A malicious party could exploit the vulnerabilities to cause a denial-of-service or execute code in the victim's browser, potentially gaining access to sensitive data in the context of the victim's browser. Google reports receiving reports...

9.6CVSS7.2AI score0.19272EPSS
Exploits4References2
NCSC
NCSC
•added 2024/08/22 1:5 p.m.•8 views

Vulnerabilities fixed in Solarwinds Web Helpdesk

Solarwinds fixed vulnerabilities in Web Helpdesk A malicious party can exploit the vulnerabilities to execute code on the system using Java deserialization. A malicious party can also use hardcoded credentials to gain access to data and functionality. Solarwinds developers have released a hotfix ...

9.8CVSS7.9AI score0.93299EPSS
Exploits5References1
NCSC
NCSC
•added 2024/08/22 11:40 a.m.•9 views

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in the Enterprise Server. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Also, under certain, unspecified conditions, a malicious party can use rogue SAML traffic to gain access to any account, including...

9.8CVSS7.3AI score0.01527EPSS
Exploits0References4
NCSC
NCSC
•added 2024/08/19 11:37 a.m.•7 views

Vulnerability fixed in Kubernetes

A vulnerability has been fixed in Kubernetes. The vulnerability is in the ingress-nginx module and allows a malicious person with permissions to create ingress objects to bypass a security measure to execute arbitrary code with permissions from the ingress-nginx controller. In a standard...

8.8CVSS9.5AI score0.27018EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:58 p.m.•8 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Commerce and Magento. A malicious person could exploit the vulnerabilities to bypass security measures, grant themselves elevated privileges and execute arbitrary code with application privileges. Adobe has made updates available to fix the vulnerabilities. See...

9CVSS7.9AI score0.01529EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:52 p.m.•8 views

Vulnerabilities fixed in Adobe Acrobat and Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges and gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogu...

7.8CVSS7.8AI score0.0455EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:47 p.m.•9 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victi...

7.8CVSS7.9AI score0.00365EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:44 p.m.•6 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A malicious party could exploit the vulnerability to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file...

7.8CVSS7.6AI score0.00315EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:42 p.m.•5 views

Vulnerabilities fixed in Adobe Dimension

Adobe has fixed vulnerabilities in Dimension. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe...

7.8CVSS7.9AI score0.00386EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 12:38 p.m.•5 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with user privileges and potentially obtain sensitive data. Successful exploitation requires the malicious party to trick the victim into openin...

7.8CVSS7.8AI score0.00301EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/14 9:56 a.m.•5 views

Vulnerabilities fixed in Ivanti Avalanche

Ivanti has fixed vulnerabilities in Avalanche. A malicious party could exploit the vulnerabilities to cause a denial-of-service, access sensitive data and potentially execute arbitrary code on the system. To successfully achieve code execution, the malicious party must have elevated privileges...

9.1CVSS7.9AI score0.91984EPSS
Exploits1References1
NCSC
NCSC
•added 2024/08/14 9:54 a.m.•5 views

Vulnerabilities fixed in Ivanti Neurons for ITSM

Ivanti has fixed vulnerabilities in Neurons for ITSM. A malicious party could exploit the vulnerabilities to obtain login credentials to gain access to the vulnerable system. Ivanti has released updates to fix the vulnerabilities. See attached references for more information...

9.8CVSS7.4AI score0.01639EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/13 6:23 p.m.•22 views

Vulnerabilities fixed in Microsoft Mariner

Microsoft has fixed vulnerabilities in Mariner Azure Linux. The vulnerabilities concern older vulnerabilities in various subcomponents of the distro, such as Python, Emacs, Qemu, Django, Curl, wget etc. which have been fixed in the new version. Microsoft has made updates available that fix the...

10CVSS7.3AI score0.91969EPSS
Exploits29
NCSC
NCSC
•added 2024/08/13 6:22 p.m.•8 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser...

8.2CVSS6.7AI score0.00941EPSS
Exploits0
NCSC
NCSC
•added 2024/08/13 6:21 p.m.•8 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to impersonate another user, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data in the victim's context. Successful exploitation require...

9.1CVSS7.4AI score0.19534EPSS
Exploits2
NCSC
NCSC
•added 2024/08/13 6:21 p.m.•9 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in two Developer tools. Successful exploitation requires the malicious party to trick the victim into opening and processing a rogue file. Azure IoT SDK: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

7.5CVSS6.7AI score0.02701EPSS
Exploits0
NCSC
NCSC
•added 2024/08/13 6:20 p.m.•9 views

Vulnerabilities fixed in Microsoft Azure components

Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges or impersonate another user. For successful abuse, the malicious party needs prior access to the vulnerable environment, or the malicious part...

9.3CVSS6.7AI score0.01833EPSS
Exploits0
Total number of security vulnerabilities4197