Lucene search
K

4197 matches found

NCSC
NCSC
•added 2024/07/09 7:38 p.m.•5 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. The vulnerabilities allow a malicious party to impersonate another user, gain elevated privileges and potentially execute arbitrary code. Some of the vulnerabilities are in development tooling and are not readily accessible to...

8.8CVSS7.1AI score0.01625EPSS
Exploits0
NCSC
NCSC
•added 2024/07/09 7:37 p.m.•10 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office, Sharepoint and Outlook. A malicious party could exploit the vulnerabilities to impersonate another user or execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicio...

8.8CVSS9AI score0.529EPSS
Exploits1
NCSC
NCSC
•added 2024/07/09 6:46 p.m.•6 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to cause a Denial-of-Service. Successful exploitation requires the malicious party to win a race condition. .NET and Visual...

8.1CVSS7.4AI score0.02915EPSS
Exploits0
NCSC
NCSC
•added 2024/07/09 6:40 p.m.•10 views

Vulnerabilities fixed in Siemens Products

Siemens has fixed vulnerabilities in various products such as Mendix, RUGGEDOM, SIMATIC, SINEMA, SIPROTEC and the Engineering Platforms for various systems. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...

9.9CVSS7.5AI score0.93305EPSS
Exploits8References16
NCSC
NCSC
•added 2024/07/09 6:40 p.m.•6 views

Vulnerabilities fixed in Microsoft Windows SQL Server

Microsoft has fixed vulnerabilities in Windows SQL Server. The vulnerabilities are in the Native Client of SQL Server and allow a malicious person to execute arbitrary code in the victim's context, potentially gaining access to sensitive data in Database environments to which the victim has acces...

8.8CVSS7.8AI score0.01854EPSS
Exploits0
NCSC
NCSC
•added 2024/07/09 6:40 p.m.•6 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics. A malicious party can exploit the vulnerability to gain access to the data the victim is accessing or editing through a Man-in-the-Middle attack. For successful abuse, the malicious party must have prior authentication and be on the...

7.3CVSS6.4AI score0.01373EPSS
Exploits0
NCSC
NCSC
•added 2024/07/09 6:40 p.m.•4 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution Administrator/Root rights - Remote code...

9.8CVSS9AI score0.84345EPSS
Exploits7
NCSC
NCSC
•added 2024/07/05 9:41 a.m.•8 views

Vulnerability fixed in GeoServer

The developers of GeoServer have fixed a vulnerability. Proof-of-Concept PoC code for this vulnerability has appeared on the Internet. The vulnerability resides in the way XPath expressions are processed by the API and allows a malicious person to use specially prepared XPath expressions to execu...

9.8CVSS7.2AI score0.99813EPSS
Exploits25References1
NCSC
NCSC
•added 2024/07/04 6:45 a.m.•56 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate data in the repositories, or execute arbitrary commands with permissions from another user, which may include...

9.6CVSS7.6AI score0.32784EPSS
Exploits2References1
NCSC
NCSC
•added 2024/07/03 7:21 a.m.•10 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...

8.8CVSS7.7AI score0.00758EPSS
Exploits1References2
NCSC
NCSC
•added 2024/07/03 7:16 a.m.•7 views

Vulnerability fixed in Juniper JunOS

Juniper has fixed a vulnerability in JunOS Specifically for SRX series systems The vulnerability is in how the Packet Forwarding Engine PFE on vulnerable SRX systems processes traffic. Certain, albeit legitimate, traffic can cause the PFE to crash. A malicious party can exploit the vulnerability ...

7.5CVSS6.9AI score0.00495EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/02 1:15 p.m.•66 views

Vulnerabilities fixed in Splunk

Splunk developers have fixed vulnerabilities in Splunk and Splunk Enterprise. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, execute or cause to be executed arbitrary code using Command-injection, or perform a Cross-Site-Scripting attack. Such an attack could lead...

8.8CVSS7.6AI score0.1311EPSS
Exploits18References15
NCSC
NCSC
•added 2024/07/02 11:44 a.m.•9 views

Vulnerabilities fixed in Apache HHTP server

Apache Software Foundation has fixed vulnerabilities in the Apache HTTP Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service, manipulate traffic via Server-Side-Request-Forgery SSRF, or execute code within the Web server, which the malicious party is not initiall...

9.8CVSS8.5AI score0.99957EPSS
Exploits3References1
NCSC
NCSC
•added 2024/07/02 7:4 a.m.•8 views

Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder

Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...

10CVSS7.1AI score0.00711EPSS
Exploits0References1
NCSC
NCSC
•added 2024/07/01 3:37 p.m.•6 views

Vulnerability fixed in OpenSSH

The developers of OpenSSH have fixed a vulnerability in OpenSSH The vulnerability allows a malicious party to execute arbitrary code with privileges of the sshd process without prior authentication. It cannot be ruled out that the ssh process is running with elevated privileges, making it possibl...

9.3CVSS7.9AI score0.99506EPSS
Exploits68References2
NCSC
NCSC
•added 2024/07/01 7:10 a.m.•10 views

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code, possibly with administrator privileges. Proof-of-Concept code PoC has been published for the vulnerability with reference...

9.8CVSS9.6AI score0.99994EPSS
Exploits26References1
NCSC
NCSC
•added 2024/06/28 9:55 a.m.•4 views

Vulnerability fixed in Juniper Session Smart Router

Juniper has fixed a vulnerability in Session Smart Router SSR. SSR is a software router application for SD-WAN systems. An unauthenticated malicious person with access to the infrastructure can exploit the vulnerability to access and take over the system. The limiting condition, however, is that...

10CVSS7AI score0.01088EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/26 8:58 a.m.•24 views

Vulnerabilities fixed in Progress MOVEit

Progress has fixed vulnerabilities in MOVEit Transfer and MOVEit Gateway. During the vulnerability investigation, a vulnerability was also discovered in an unnamed Third-Party component in use by MOVEit Transfer. The vulnerabilities are located in the SFTP module of the affected applications and...

9.8CVSS7.5AI score0.75812EPSS
Exploits3References2
NCSC
NCSC
•added 2024/06/25 12:19 p.m.•5 views

Vulnerabilities fixed in WordPress

WordPress developers have fixed vulnerabilities in WordPress. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or possibly access to sensitive data in the context of the...

6.4CVSS7AI score0.00467EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/25 10:17 a.m.•8 views

Vulnerability fixed in XWiki

The developers of XWiki have fixed a vulnerability in XWiki. The vulnerability is in the way documents are imported into articles. The document's permissions remain on the person importing the document, allowing anyone with permissions to the original document to perform actions with permissions...

9.9CVSS7.4AI score0.00342EPSS
Exploits0References2
NCSC
NCSC
•added 2024/06/25 10:17 a.m.•10 views

Vulnerabilities fixed in Avaya IP Office

Avaya has fixed vulnerabilities in IP Office. A malicious party could exploit the vulnerabilities to execute arbitrary code on the central system, potentially taking over the system. For successful abuse, the malicious party must have access to the Web Control interface, but does not need prior...

10CVSS7.9AI score0.00777EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/20 2:9 p.m.•6 views

Vulnerabilities fixed in Autodesk Autocad

Autodesk has fixed vulnerabilities in several AutoCad products. The vulnerabilities are in various parsers for cad file types. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code within the application. Successful exploitation...

7.8CVSS7.9AI score0.00416EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/18 11:46 a.m.•17 views

Vulnerabilities fixed in VMware vCenter

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code on the server. For successful abuse, however, the malicious party must have access to the LAN infrastructure. VMware has...

9.8CVSS8AI score0.22377EPSS
Exploits3References1
NCSC
NCSC
•added 2024/06/14 9:59 a.m.•36 views

Vulnerability fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to execute arbitrary code on the vulnerable system through a Cross-Site-Scripting attack, or through SQL-Injection. Also, a malicious party can bypass security measures and thus allow traffic to pass...

7.8CVSS8AI score0.03469EPSS
Exploits1References6
NCSC
NCSC
•added 2024/06/14 9:37 a.m.•8 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Endpoint Manager. A malicious party can exploit the vulnerabilities to execute arbitrary code on the system using SQL Injection. For successful abuse, the malicious party must have access to the local infrastructure where the EPM system is implemented...

9.6CVSS8.2AI score0.99951EPSS
Exploits5References1
NCSC
NCSC
•added 2024/06/14 6:34 a.m.•7 views

Vulnerabilities fixed in Nvidia GPU Drivers

Nvidia has fixed vulnerabilities in GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and execute code with elevated privileges, or gain access to sensitive data. Nvidia has released...

7.8CVSS7.6AI score0.00275EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/14 6:30 a.m.•59 views

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed a large number of vulnerabilities in Experience Manager. A malicious party can exploit the vulnerabilities to bypass security measures and launch a Cross-Site Scripting attack in various ways. Such an attack often results in execution of arbitrary code in the victim's browser, or...

9.8CVSS7AI score0.00882EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/14 6:28 a.m.•37 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, or perform a Cross-Site-Scripting attack. Such an attack could result in execution of arbitrary code in the victim's browser, ...

6.5CVSS7.6AI score0.00575EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/14 6:27 a.m.•7 views

Vulnerability fixed in Adobe Creative Cloud Desktop Application

Adobe has fixed a vulnerability in Creative Cloud Desktop Application. A malicious person could exploit the vulnerability to execute arbitrary code with the victim's privileges. For successful abuse, the malicious party must trick the victim into opening a rogue file. Adobe has released updates t...

7.1CVSS7.8AI score0.00298EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/13 1:37 p.m.•5 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to bypass a security measure and gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. See attached references for more information...

7.5CVSS7.2AI score0.237EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/13 1:34 p.m.•6 views

Vulnerabilities fixed in Adobe FrameMaker Publishing Server

Adobe has fixed vulnerabilities in FrameMaker Publishing Server. A malicious party could exploit the vulnerabilities to bypass authentication and potentially take over the system. In particular, systems that are accessible from public networks without additional measures are at increased risk...

10CVSS7.4AI score0.01051EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/13 1:31 p.m.•8 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. Adobe has released updates to fix the...

7.8CVSS7.7AI score0.00315EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/11 6:23 p.m.•6 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics and Dynamics Business Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code with potentially elevated privileges and gain access to sensitive data in the application. For...

8.8CVSS7.7AI score0.03401EPSS
Exploits0
NCSC
NCSC
•added 2024/06/11 6:20 p.m.•21 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data in the victim's context. Successful exploitation requires the malicious party to...

8.8CVSS7.3AI score0.03446EPSS
Exploits1
NCSC
NCSC
•added 2024/06/11 6:18 p.m.•59 views

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into...

7.3CVSS7.3AI score0.01354EPSS
Exploits1
NCSC
NCSC
•added 2024/06/11 6:15 p.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...

8.1CVSS7.5AI score0.02464EPSS
Exploits0
NCSC
NCSC
•added 2024/06/11 6:11 p.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution Administrator/Root rights - Remote code...

9.8CVSS7.8AI score0.81729EPSS
Exploits19
NCSC
NCSC
•added 2024/06/11 1:29 p.m.•12 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products, including SCALANCE, SICAM, Tecnomatix, SITOP and PowerSys. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

9.8CVSS7.9AI score0.99999EPSS
Exploits42References13
NCSC
NCSC
•added 2024/06/11 12:37 p.m.•12 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Business Objects, HANA, CRM and NetWeaver. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Bypassing authentication - Cross-Site...

8.1CVSS6.4AI score0.00541EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/11 11:51 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro fixed vulnerabilities in Apex One A local malicious party could exploit the vulnerabilities to cause a denial-of-service DoS, or grant themselves elevated privileges and potentially execute arbitrary code on the local system. Trend Micro has released updates to fix the vulnerabilities...

7.8CVSS7.6AI score0.00889EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/11 11:33 a.m.•9 views

Vulnerabilities fixed in Schneider Electric Sage RTU systems

Schneider Electric has fixed vulnerabilities in Sage RTU devices. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Bypassing authentication - Circumvention of security...

9.8CVSS7.9AI score0.01025EPSS
Exploits0References2
NCSC
NCSC
•added 2024/06/11 11:33 a.m.•8 views

Vulnerabilities fixed in Veeam Backup Enterprise Manager

Veeam has fixed vulnerabilities in Backup Enterprise Manager. A malicious party could exploit the vulnerabilities to access user accounts active within Enterprise Manager without prior authentication to gain access to sensitive data within the context of the acquired account, and potentially...

9.8CVSS10AI score0.16673EPSS
Exploits1References1
NCSC
NCSC
•added 2024/06/10 7:2 a.m.•12 views

Vulnerabilities fixed in PHP

Vulnerabilities have been fixed in PHP. A malicious person could exploit the vulnerabilities to execute arbitrary code with application privileges. The vulnerability with attribute CVE-2024-4577 is actually a re-entry of the vulnerability with attribute CVE-2012-1823. This vulnerability allows th...

9.8CVSS9.1AI score0.99998EPSS
Exploits105References4
NCSC
NCSC
•added 2024/06/07 11:1 a.m.•6 views

Vulnerabilities fixed in RoundCube Webmail

RoundCube has fixed vulnerabilities in RoundCube Webmail. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser and potentially access sensitive data in the context of the victim'...

9.8CVSS6.8AI score0.73296EPSS
Exploits5References2
NCSC
NCSC
•added 2024/06/07 7:22 a.m.•5 views

Vulnerabilities fixed in FortiNet FortiWebManager

FortiNet has fixed vulnerabilities in FortiWebManager. A malicious party could exploit the vulnerabilities to bypass a security measure and potentially perform actions that the malicious party is not initially authorized to perform. For successful exploitation, the malicious party must have at...

8.8CVSS7AI score0.00651EPSS
Exploits0References1
NCSC
NCSC
•added 2024/06/07 7:21 a.m.•10 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. The vulnerabilities allow a malicious person to grant themselves elevated privileges, cause a denial-of-service or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue link, or...

9.8CVSS7.5AI score0.00724EPSS
Exploits0References2
NCSC
NCSC
•added 2024/06/07 6:26 a.m.•12 views

Vulnerabilities fixed in Solarwinds Platform

Solarwinds has fixed vulnerabilities in Solarwinds Platform. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, execute a command injection, or perform a Cross-Site-Scripting attack. Such an attack can result in execution of arbitrary code in the victim's browser. For...

7.5CVSS7.9AI score0.70561EPSS
Exploits10References4
NCSC
NCSC
•added 2024/05/30 7:56 a.m.•10 views

Vulnerability fixed in Check Point VPN products

Check Point has fixed a vulnerability in Quantum Gateway VPN systems. Check Point reports observing active abuse attempts. A path-traversal bug allows a malicious party to gain access to the username and password credentials of local accounts on the VPN system. If these local accounts, are...

8.6CVSS7.2AI score0.99978EPSS
Exploits52References2
NCSC
NCSC
•added 2024/05/27 11:26 a.m.•10 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service DoS, or collect sensitive data via a Cross-Site-Scripting attack XSS to take over accounts. GitLab has released updates to fix the...

8.2CVSS6.8AI score0.00802EPSS
Exploits5References1
NCSC
NCSC
•added 2024/05/27 7:50 a.m.•11 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to execute arbitrary code in the victim's browser, potentially gaining access to sensitive data in the context of the victim's browser. Google says it has received reports of limited and targeted abuse o...

9.6CVSS7.4AI score0.1002EPSS
Exploits3References1
Total number of security vulnerabilities4197