Lucene search
K

4197 matches found

NCSC
NCSC
•added 2024/08/13 1:47 p.m.•5 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in various products such as SAP Business Objects, SAP HANA, Netweaver and Document Builder. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Server Side Request Forgery SSRF. - Cross-Site...

9.8CVSS7AI score0.75866EPSS
Exploits3References1
NCSC
NCSC
•added 2024/08/13 9:21 a.m.•99 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of...

9.4CVSS7.8AI score0.99999EPSS
Exploits31References9
NCSC
NCSC
•added 2024/08/12 10:34 a.m.•9 views

Vulnerabilities fixed in Zabbix

Vulnerabilities have been fixed in Zabbix. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data, or potentially execute arbitrary code with application privileges. To execute arbitrary code, the malicious party needs prior elevated...

9.9CVSS8AI score0.01603EPSS
Exploits0References4
NCSC
NCSC
•added 2024/08/12 10:31 a.m.•4 views

Vulnerability fixed in Asterisk

A vulnerability has been fixed in Asterisk. A malicious person could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code with application privileges. For successful abuse, the malicious party must have prior authentication. The researcher who discovered th...

8.8CVSS7.7AI score0.04703EPSS
Exploits4References1
NCSC
NCSC
•added 2024/08/12 8:24 a.m.•10 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, or to bypass security measures to gain access to projects that the malicious party is not initially authorized to access. GitL...

8.1CVSS7.2AI score0.00675EPSS
Exploits1References1
NCSC
NCSC
•added 2024/08/12 8:22 a.m.•9 views

Vulnerabilities fixed in IBM InfoSphere

IBM has fixed vulnerabilities in InfoSphere Information Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to obtain sensitive information. IBM has released updates to fix the vulnerabilities. See attached references for more information...

7.5CVSS6.9AI score0.00814EPSS
Exploits0References2
NCSC
NCSC
•added 2024/08/08 8:1 a.m.•9 views

Vulnerabilities fixed in Cisco Small Business IP Phones

Cisco has fixed vulnerabilities in the firmware of Small Business IP Phone systems. A malicious party could exploit the vulnerabilities to execute arbitrary code on the vulnerable system without prior authentication. For successful exploitation, the malicious party must have access to the...

9.8CVSS7.9AI score0.07225EPSS
Exploits0References1
NCSC
NCSC
•added 2024/08/08 7:50 a.m.•8 views

Vulnerabilities fixed in Progress WhatsUp Gold

Progress has fixed vulnerabilities in WhatsUp Gold. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, or execute arbitrary code, possibly with system privileges. By exploiting various vulnerabilities in chain, this can make it possible for the malicious party to take...

9.8CVSS7.8AI score0.99288EPSS
Exploits5References1
NCSC
NCSC
•added 2024/08/08 7:45 a.m.•3 views

Vulnerabilities fixed in RoundCube Webmail

Vulnerabilities have been fixed in RoundCube Webmail. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser...

9.3CVSS8AI score0.83387EPSS
Exploits9References3
NCSC
NCSC
•added 2024/08/07 9:4 a.m.•11 views

Vulnerabilities fixed in Aruba Networks ArubaOS and InstantOS

Aruba Networks has fixed vulnerabilities in ArubaOS and InstantOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the vulnerable system. Successful exploitation requires the malicious party to have access to the PAPI port, or the SSH...

9.8CVSS7.7AI score0.93305EPSS
Exploits12References1
NCSC
NCSC
•added 2024/08/07 8:58 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party could exploit the vulnerabilities to bypass security measures in the victim's context and potentially execute arbitrary code or access sensitive data in the browser context. Successful exploitation requires the...

9.8CVSS8.2AI score0.00602EPSS
Exploits0References5
NCSC
NCSC
•added 2024/08/06 9:29 a.m.•11 views

Vulnerabilities fixed in Siemens Omnivise

Siemens Energy has fixed vulnerabilities in Omnivise T3000. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges on the vulnerable system and thus execute arbitrary code, possibly with system privileges. For successful abuse, the malicious party must be...

9.8CVSS7.4AI score0.11452EPSS
Exploits3References1
NCSC
NCSC
•added 2024/08/06 9:25 a.m.•17 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or grant themselves elevated privileges on the device and thus execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful...

9.8CVSS7.8AI score0.02701EPSS
Exploits2References2
NCSC
NCSC
•added 2024/07/30 9:32 a.m.•20 views

Vulnerabilities fixed in VMware ESXi and vCenter Server

VMware has fixed vulnerabilities in ESXi and vCenter Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service on the host, or to grant itself elevated privileges to perform actions that the malicious party is not initially authorized to perform. This does require the...

7.2CVSS7.1AI score0.2677EPSS
Exploits0References2
NCSC
NCSC
•added 2024/07/30 8:45 a.m.•5 views

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer SFTP A malicious party can exploit the vulnerability to grant themselves elevated privileges, potentially gaining access to files that the malicious party is not initially authorized to access. Progress has released updates to fix the...

9.8CVSS6.9AI score0.00618EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/30 8:42 a.m.•11 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious person could exploit the vulnerabilities to bypass a security measure, grant themselves elevated privileges, access sensitive data, execute arbitrary code, possibly with kernel privileges or cause a Denial-of-Service. Successful abuse requires...

9.8CVSS7.8AI score0.99506EPSS
Exploits76References3
NCSC
NCSC
•added 2024/07/30 8:39 a.m.•7 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party could exploit the vulnerabilities to launch attacks that could lead to a denial-of-service, access to system data or access to sensitive data. To access sensitive data, the malicious party must have physical access to the...

9.8CVSS7.2AI score0.0776EPSS
Exploits2References2
NCSC
NCSC
•added 2024/07/25 11:28 a.m.•6 views

Vulnerabilities fixed in Docker Moby

A vulnerability has been fixed in Docker Moby. The vulnerability allows a malicious party to increase privileges via an API request by bypassing a security measure. This vulnerability is only exploitable when using an AuthZ plugin to manage access rights. The Docker team has released an update to...

9.9CVSS6.5AI score0.16496EPSS
Exploits0References3
NCSC
NCSC
•added 2024/07/24 2:37 p.m.•5 views

Vulnerability found in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. Vulnerabilities have been fixed in Ivanti Endpoint Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution User rights Remote code execution...

9.8CVSS7.8AI score0.02292EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/22 9:17 a.m.•6 views

Vulnerability fixed in Broadcom Symantec Privileged Access Management

Broadcom has fixed vulnerabilities in Broadcom Symantec Privileged Access Management. A malicious person could exploit the vulnerabilities to execute arbitrary code on the system or manipulate the operation of the system. The vulnerabilities with characteristics CVE-2024-36455, CVE-2024-36456 and...

9.4CVSS7.7AI score0.00939EPSS
Exploits0References6
NCSC
NCSC
•added 2024/07/19 1:6 p.m.•7 views

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco SSM On-Prem formerly known as Cisco Smart Software Manager Satellite SSM Satellite. The vulnerability allows an unauthenticated malicious person with access to Cisco Smart Software Manager On-Prem to change users' passwords by sending an HTTP request. If...

10CVSS7AI score0.80635EPSS
Exploits3References8
NCSC
NCSC
•added 2024/07/19 7:34 a.m.•13 views

Vulnerabilities fixed in Apache HTTP Server

Two vulnerabilities have been fixed in Apache HTTP server 2.4. The first vulnerability CVE-2024-40725 can lead to source code leakage when files are accessed indirectly. The second vulnerability CVE-2024-40898 involves a Server Side Request Forgery SSRF that can be abused by a malicious person to...

9.1CVSS8.6AI score0.04134EPSS
Exploits5References3
NCSC
NCSC
•added 2024/07/18 1:58 p.m.•14 views

Vulnerability fixed in HPE 3PAR Service Processor

A vulnerability has been fixed in HPE 3PAR Service Processor. An unauthenticated malicious person with access to the local network can exploit the vulnerability to bypass authentication. HPE has made an update available to fix the vulnerabilities. See the reference for more information...

9.8CVSS6.9AI score0.00624EPSS
Exploits0References2
NCSC
NCSC
•added 2024/07/18 1:23 p.m.•66 views

Vulnerabilities fixed in Solarwinds Platform

Vulnerabilities have been fixed in SolarWinds Access Rights Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to system data Access to sensitive data Manipulation of data Circumvention of security measure Remot...

9.6CVSS7.8AI score0.18599EPSS
Exploits0References14
NCSC
NCSC
•added 2024/07/18 12:46 p.m.•5 views

Vulnerabilities fixed in Cisco Secure Email Gateway

Two vulnerabilities have been fixed in Cisco Secure Email Gateway. The most serious vulnerability concerns CVE-2024-20401 and allows an unauthenticated malicious person, through sending a mail with specially prepared attachment: Add users with root privileges Modify the configuration of the devic...

9.8CVSS7.8AI score0.02278EPSS
Exploits0References6
NCSC
NCSC
•added 2024/07/18 12:25 p.m.•12 views

Vulnerability fixed in SonicOS

A vulnerability has been fixed in SonicWall SonicOS IPSec. The vulnerability in SonicWall SonicOS IPSec allows an unauthenticated remote malicious person to cause Denial of Service DoS. SonicWall has made available a workaround and patch to fix the vulnerability. See the reference for more...

7.5CVSS6.9AI score0.007EPSS
Exploits0References2
NCSC
NCSC
•added 2024/07/18 12:0 p.m.•7 views

Vulnerability found in Ivanti Endpoint Manager

A vulnerability has been found in Ivanti Endpoint Manager EPM 2024. Other versions of Ivanti Endpoint Manager are not known to be vulnerable. The vulnerability allows an authenticated attacker who is on the same network to execute arbitrary code via SQL injection. Ivanti has no indication that th...

8.4CVSS8.1AI score0.03137EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/17 1:55 p.m.•7 views

Vulnerabilities fixed in Oracle Virtualization

Vulnerabilities have been fixed in Oracle Virtualization. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Remote code execution User rights Oracle has made updates available to...

8.2CVSS8.7AI score0.00457EPSS
Exploits0References5
NCSC
NCSC
•added 2024/07/17 1:55 p.m.•7 views

Vulnerabilities fixed in Oracle Systems

Vulnerabilities have been fixed in Oracle Systems. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has made updates available to fix the vulnerabilities. See the...

4.7CVSS8.4AI score0.00384EPSS
Exploits0References4
NCSC
NCSC
•added 2024/07/17 1:55 p.m.•7 views

Vulnerabilities fixed in Oracle Supply Chain

Vulnerabilities have been fixed in Oracle Supply Chain. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User...

8.8CVSS7.6AI score0.99999EPSS
Exploits22References7
NCSC
NCSC
•added 2024/07/17 1:55 p.m.•8 views

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User righ...

9.8CVSS8.2AI score0.17673EPSS
Exploits7References14
NCSC
NCSC
•added 2024/07/17 1:55 p.m.•12 views

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates...

6.4CVSS7.1AI score0.93305EPSS
Exploits5References12
NCSC
NCSC
•added 2024/07/17 1:54 p.m.•13 views

Vulnerabilities fixed in Oracle MySQL

Vulnerabilities have been fixed in Oracle MySQL. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User rights...

9.8CVSS7.6AI score0.93305EPSS
Exploits11References35
NCSC
NCSC
•added 2024/07/17 1:54 p.m.•7 views

Vulnerabilities fixed in Oracle JD Edwards

Vulnerabilities have been fixed in Oracle JD Edwards. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...

7.5CVSS7.5AI score0.02577EPSS
Exploits1References10
NCSC
NCSC
•added 2024/07/17 1:54 p.m.•7 views

Vulnerabilities fixed in Oracle Java SE

Vulnerabilities have been fixed in Oracle Java SE. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates availab...

8.2CVSS7AI score0.87211EPSS
Exploits1References9
NCSC
NCSC
•added 2024/07/17 1:54 p.m.•6 views

Vulnerability fixed in Oracle Hyperion

A vulnerability has been fixed in Oracle Hyperion. A malicious party could exploit the vulnerability to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Oracle has made updates available to fix the vulnerabilities. See the references for more...

5.5CVSS7.8AI score0.00144EPSS
Exploits0References3
NCSC
NCSC
•added 2024/07/17 1:54 p.m.•10 views

Vulnerabilities fixed in Oracle Analytics

Vulnerabilities have been fixed in Oracle Analytics. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution User right...

9.8CVSS7.5AI score0.93305EPSS
Exploits11References15
NCSC
NCSC
•added 2024/07/17 1:54 p.m.•26 views

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution Us...

9.8CVSS7.6AI score0.93305EPSS
Exploits22References32
NCSC
NCSC
•added 2024/07/17 1:53 p.m.•9 views

Vulnerabilities fixed in Oracle Financial Services Applications

Vulnerabilities have been fixed in Oracle Financial Services Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remo...

9.8CVSS7.7AI score0.54026EPSS
Exploits12References23
NCSC
NCSC
•added 2024/07/17 1:53 p.m.•3 views

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Oracle has made updates...

7.5CVSS7.1AI score0.93305EPSS
Exploits5References5
NCSC
NCSC
•added 2024/07/17 1:53 p.m.•8 views

Vulnerabilities fixed in Oracle E-Business Suite

Vulnerabilities have been fixed in Oracle E-Business Suite. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Access to sensitive data. Access to system data Manipulation of data Oracle has made updates available to fix the...

8.1CVSS8.4AI score0.004EPSS
Exploits0References12
NCSC
NCSC
•added 2024/07/17 1:52 p.m.•18 views

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Remote code execution...

9.8CVSS7.7AI score0.99999EPSS
Exploits105References40
NCSC
NCSC
•added 2024/07/17 1:52 p.m.•11 views

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data...

9.8CVSS7.5AI score0.99999EPSS
Exploits31References17
NCSC
NCSC
•added 2024/07/17 1:52 p.m.•4 views

Vulnerabilities fixed in Oracle Essbase

Vulnerabilities have been fixed in Oracle Essbase. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Increased user privileges Oracle has made updates available to fix the vulnerabilities. See the...

8.8CVSS7.2AI score0.01381EPSS
Exploits0References4
NCSC
NCSC
•added 2024/07/17 1:51 p.m.•4 views

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server. A malicious party can exploit the vulnerabilities to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Manipulation of data Circumvention of security measure Oracle ha...

7.5CVSS7.7AI score0.01466EPSS
Exploits1References9
NCSC
NCSC
•added 2024/07/12 11:43 a.m.•63 views

Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved

Vulnerabilities have been found and fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to carry out attacks that can lead to denial-of-service DoS, access to sensitive information, execution of code with increased user privileges and bypassing a security...

8.7CVSS7.3AI score0.00593EPSS
Exploits0References86
NCSC
NCSC
•added 2024/07/11 3:5 p.m.•41 views

Vulnerabilities fixed in Citrix Workspace, NetScaler ADC and NetScaler Gateway

Cirtix has fixed a number of vulnerabilities in Workspace, NetScaler ADC and NetScaler Gateway A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Increased user privileges Citrix has...

8.8CVSS9.4AI score0.00764EPSS
Exploits0References31
NCSC
NCSC
•added 2024/07/11 8:22 a.m.•8 views

Vulnerability fixed in GitLab CE/EE

GitLab has fixed a vulnerability in GitLab CE/EE A malicious person could exploit the vulnerability under certain circumstances to start a Continuous Integration/Continuous Deployment CI/CD pipeline process as any other user. GitLab has released updates to fix the vulnerability in GitLab CE/EE...

9.8CVSS6.8AI score0.06036EPSS
Exploits0References3
NCSC
NCSC
•added 2024/07/10 8:27 a.m.•8 views

Vulnerabilities fixed in Fortinet

Fortinet has fixed a number of vulnerabilities in FortiAIOps, Fortinet FortiPortal, FortiWeb and Fortinet FortiExtender. The most serious vulnerabilities are CVE-2024-23663, CVE-2024-27782 and CVE-2024-27784. Which are in Fortinet FortiExtender and FortiAIOps. Fortinet FortiExtender: Fortinet...

9.8CVSS7.2AI score0.00758EPSS
Exploits0References12
NCSC
NCSC
•added 2024/07/09 7:39 p.m.•5 views

Vulnerability fixed in Microsoft System Center Defender for IoT

Microsoft has fixed a vulnerability in Defender for IoT. A malicious party can exploit the vulnerability to break out of the AppContainer for IoT devices and potentially execute arbitrary code on the system where the AppContainer is implemented. Microsoft Defender for IoT:...

9.9CVSS7.3AI score0.01164EPSS
Exploits0
Total number of security vulnerabilities4197