Lucene search
K

4197 matches found

NCSC
NCSC
•added 2024/05/23 10:57 a.m.•7 views

Vulnerability fixed in Github Enterprise Server

Github has fixed a vulnerability in Github Enterprise Server. A malicious party could exploit the vulnerability to gain access to the Github environment, possibly even as an administrator. The vulnerability is in the way Github handles SAML-Single-Sign-on. If the optional "Security Assertions" ar...

10CVSS7.1AI score0.02573EPSS
Exploits0References4
NCSC
NCSC
•added 2024/05/23 10:56 a.m.•37 views

Vulnerabilities fixed in Cisco products

Cisco has fixed vulnerabilities in ASA, Firepower and Snort. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution User rights - Increased user...

8.8CVSS7.7AI score0.00919EPSS
Exploits0References7
NCSC
NCSC
•added 2024/05/22 11:13 a.m.•33 views

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products, including Jira, Confluence and Bitbucket. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Request Forgery XSRF - Denial-of-Service DoS. - Circumvention of...

10CVSS8.4AI score0.88267EPSS
Exploits24References1
NCSC
NCSC
•added 2024/05/22 8:2 a.m.•7 views

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious person could exploit the vulnerabilities to execute arbitrary code on the vulnerable system. For successful abuse, the malicious party must be authorized. QNAP has released updates to fix the vulnerabilities in QTS and QTS Hero...

8.8CVSS7.8AI score0.38054EPSS
Exploits3References1
NCSC
NCSC
•added 2024/05/22 5:33 a.m.•4 views

Vulnerability fixed in QlikSense Enterprise

A vulnerability has been fixed in QlikSense Enterprise. A malicious person can exploit the vulnerability to grant themselves elevated privileges, potentially executing arbitrary code on the system on which QlikSense is installed. For successful misuse, the malicious party must have prior...

8.8CVSS7.6AI score0.00551EPSS
Exploits0References2
NCSC
NCSC
•added 2024/05/17 11:28 a.m.•7 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including NetWeaver, Business Objects, HANA and SAP GUI. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Denial-of-Service DoS. - Manipulation ...

9.6CVSS7.7AI score0.02276EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:59 p.m.•7 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Illustrator. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...

7.8CVSS7.7AI score0.00372EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:55 p.m.•7 views

Vulnerabilities fixed in Adobe Animate

Adobe has fixed vulnerabilities in Animate. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Adobe has released updates to fix the vulnerabilities in Animate 23.0.6 and 24.0.3. For more...

7.8CVSS7.7AI score0.00423EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:54 p.m.•10 views

Vulnerabilities fixed in Adobe FrameMaker

Adobe has fixed vulnerabilities in FrameMaker. A malicious party can exploit the vulnerabilities to execute arbitrary code with the victim's privileges, and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...

7.8CVSS7.7AI score0.0034EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:45 p.m.•14 views

Vulnerability fixed in Adobe Dreamweaver

Adobe has fixed a vulnerability in Dreamweaver. A malicious party could exploit the vulnerability to execute an OS Command Injection, thus executing arbitrary code on the underlying system. Adobe has released updates to fix the vulnerability in Dreamweaver 21.4. For more information, see attached...

7.8CVSS7.7AI score0.00865EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:44 p.m.•7 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat Reader. A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or gain access to sensitive data. Adobe has released updates to fix the vulnerabilities in Acrobat Reader DC 24.002.20759 and Acrobat Read...

7.8CVSS7.8AI score0.04257EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/16 12:43 p.m.•8 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, manipulate VPN traffic, or potentially execute code on the management interface. For successful execution of arbitrary code, the malicious party must have access to the...

7.5CVSS7.7AI score0.014EPSS
Exploits0References7
NCSC
NCSC
•added 2024/05/16 12:42 p.m.•5 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to access sensitive data in the context of the browser. Of the vulnerability with attribute CVE-2024-4947, Google says it has information tha...

9.6CVSS7.3AI score0.15111EPSS
Exploits5References1
NCSC
NCSC
•added 2024/05/16 12:41 p.m.•13 views

Vulnerabilities fixed in Aruba Networks ArubaOS

Aruba Networks fixed vulnerabilities in ArubaOS A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Remote code execution Administrator/Root privileges - Access to system data...

9.8CVSS7.7AI score0.01651EPSS
Exploits0References1
NCSC
NCSC
•added 2024/05/15 12:47 p.m.•8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Remote code execution Administrator/Root rights - Remote code execution User rights - Access to...

9.8CVSS7.2AI score0.01325EPSS
Exploits1References1
NCSC
NCSC
•added 2024/05/15 12:29 p.m.•8 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla fixed vulnerabilities in Firefox and Thunderbird A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution User rights Mozilla has released...

9.8CVSS9.5AI score0.72648EPSS
Exploits23References3
NCSC
NCSC
•added 2024/05/15 11:18 a.m.•8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of security measure - Remote code execution User rights - Remote cod...

9.8CVSS7AI score0.01411EPSS
Exploits3References3
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixed vulnerabilities in Dynamics 365 Customer Insights. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the...

7.6CVSS6.8AI score0.00991EPSS
Exploits0
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•4 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to cause a buffer overflow and thereby potentially execute arbitrary code with privileges of the victim, or possibly gain access to sensitive data in the context of the browser. Google states that it is...

9.6CVSS7.7AI score0.11007EPSS
Exploits2
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

8.8CVSS9.1AI score0.11471EPSS
Exploits4
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•7 views

Vulnerability fixed in Microsoft Edge

Microsoft has fixed a vulnerability in Edge. A malicious party could exploit the vulnerability to gain access to system data. For successful abuse, the malicious party must trick the victim into opening a rogue link. This update also includes the vulnerabilities marked CVE-2024-4558, CVE-2024-455...

9.6CVSS7.6AI score0.08348EPSS
Exploits4
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•3 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server. The vulnerability is located in the Power BI Client JavaScript SDK and allows a malicious party to gain access to sensitive data. Successful exploitation requires the malicious party to trick the deceive the victim into visiting a page with...

6.5CVSS7.4AI score0.01748EPSS
Exploits0
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Azure

Microsoft has fixed a vulnerability in Azure Migrate. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of...

6.5CVSS6.7AI score0.00953EPSS
Exploits0
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•11 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Excel and Sharepoint. A malicious party can exploit the vulnerabilities to execute arbitrary code execute with the victim's privileges, or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a...

7.8CVSS7.2AI score0.8399EPSS
Exploits1
NCSC
NCSC
•added 2024/05/15 12:0 a.m.•3 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Visual Studio and .NET. A malicious party could exploit the vulnerabilities to execute arbitrary execute code with the victim's privileges, or to cause a denial-of-service attack. Successful exploitation requires the malicious party to trick the victim into...

8.1CVSS8AI score0.01688EPSS
Exploits0
NCSC
NCSC
•added 2024/05/14 12:0 a.m.•11 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products including. Parasolid, Ruggedcom, SIMATIC, SICAM and Tecnomatix. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service DoS...

10CVSS7.3AI score0.78483EPSS
Exploits12
NCSC
NCSC
•added 2024/05/13 12:0 a.m.•58 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to cause a denial-of-service, access gain access to and manipulate system data, or launch a Server-Side Request Forgery SSRF exploit. Such an attack can lead to execution of...

8.8CVSS7.7AI score0.33301EPSS
Exploits1
NCSC
NCSC
•added 2024/05/13 12:0 a.m.•4 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. The vulnerability is located in the Visuals component, and a malicious party can exploit the exploit the vulnerability to execute arbitrary code in the context of the browser, or to cause a Denial-of-Service DoS cause. Google reports being aware that...

9.6CVSS7.8AI score0.08348EPSS
Exploits0
NCSC
NCSC
•added 2024/05/13 12:0 a.m.•6 views

Vulnerabilities fixed in F5 BIG-IP

F5 has fixed vulnerabilities in BIG-IP. A malicious party could exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Security measure circumvention SQL Injection Accessing sensitive data To perform an...

8CVSS7.2AI score0.07163EPSS
Exploits0
NCSC
NCSC
•added 2024/05/13 12:0 a.m.•5 views

Vulnerabilities fixed in Cacti

Vulnerabilities have been fixed in Cacti. A malicious party could vulnerabilities to bypass authentication, perform an SQL-Injection, execute arbitrary code execution on the server, or to perform a Cross-Site Scripting attack. attack. Such an attack can lead to execution of arbitrary code in the...

9.1CVSS7.4AI score0.86303EPSS
Exploits25
NCSC
NCSC
•added 2024/05/07 12:0 a.m.•9 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant himself elevated privileges granted, thus executing code with the victim's privileges or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...

9.8CVSS7.3AI score0.00786EPSS
Exploits2
NCSC
NCSC
•added 2024/05/03 12:0 a.m.•6 views

Vulnerability fixed in Apache ActiveMQ

Apache Software Foundation has fixed a vulnerability in Apache ActiveMQ. A malicious party could exploit the vulnerability to gain access to the API layer and thus access sensitive data in the application using MQ, or potentially execute arbitrary code execute with privileges of the application...

8.8CVSS8.7AI score0.0692EPSS
Exploits1
NCSC
NCSC
•added 2024/05/03 12:0 a.m.•6 views

Vulnerabilities fixed in pgAdmin

Vulnerabilities have been fixed in pgAdmin. A malicious party could exploit the vulnerabilities to bypass any set two-factor authentication in order to bypass it and gain easier access gain access to the system, or to launch a Cross-Site-Scripting XSS attack. attack. Such an attack can lead to...

7.4CVSS7.4AI score0.00629EPSS
Exploits1
NCSC
NCSC
•added 2024/05/02 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco IP phones

Cisco has fixed vulnerabilities in the firmware of several IP Phone systems. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or gain access to sensitive data on the vulnerable device and thus potentially manipulate phone calls. Cisco has released updates to fix t...

7.5CVSS7AI score0.00873EPSS
Exploits0
NCSC
NCSC
•added 2024/05/02 12:0 a.m.•30 views

Vulnerabilities fixed in ArubaOS

Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to too PAPI port, the management interface o...

9.8CVSS7.4AI score0.43998EPSS
Exploits0
NCSC
NCSC
•added 2024/05/01 12:0 a.m.•36 views

Vulnerabilities fixed in ArubaOS and Aruba SD-WAN

Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by Aruba Mobility Conductor former Mobility Master, Mobility Controllers, WLAN Gateways and SD-WAN Gateways. A malicious party can exploit the vulnerabilities to launch a denial-of-service DoS, gain access to sensitive data or...

9.8CVSS7.9AI score0.43998EPSS
Exploits0
NCSC
NCSC
•added 2024/04/29 12:0 a.m.•7 views

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Bypassing authentication. Circumvention of security measure Remote code execution Administrator/Root right...

8.8CVSS8AI score0.4158EPSS
Exploits0
NCSC
NCSC
•added 2024/04/29 12:0 a.m.•6 views

Vulnerabilities fixed in IBM MQ

IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service or potentially execute arbitrary code on the vulnerable system. IBM has released updates to fix the vulnerabilities in MQ. For more information, see:...

7.5CVSS7.7AI score0.00925EPSS
Exploits0
NCSC
NCSC
•added 2024/04/26 12:0 a.m.•10 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to bypass security measures to gain access to sensitive data or, under specific circumstances, to take over an account ta...

8.8CVSS7.1AI score0.25965EPSS
Exploits3
NCSC
NCSC
•added 2024/04/26 12:0 a.m.•54 views

Vulnerabilities fixed in Honeywell Experion and Safety Manager

Honeywell has fixed vulnerabilities in Experion, Experion Plantcruise and Safety Manager. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...

9.1CVSS7.8AI score0.00779EPSS
Exploits0
NCSC
NCSC
•added 2024/04/26 12:0 a.m.•6 views

Vulnerability fixed in Rockwell Automation AENFTXT FactoryTalk IP devices

Rockwell Automation has fixed a vulnerability in 5015-AENFTXT IP devices. A malicious party could exploit it to cause a denial-of-service. For successful exploitation, the malicious party must have access to the production environment. It is good practice to have such an infrastructure not to hav...

7.5CVSS6.9AI score0.02615EPSS
Exploits0
NCSC
NCSC
•added 2024/04/25 12:0 a.m.•10 views

Vulnerability fixed in MongoDB Compass

MongoDB developers have fixed a vulnerability in MongoDB Compass. A malicious party could exploit the vulnerability to use a Man-in-the-Middle attack to gain access to sensitive data, or impersonate another user. MongoDB has released updates to fix the vulnerability in Compass 1.42.1. For more...

7.1CVSS7.8AI score0.00231EPSS
Exploits0
NCSC
NCSC
•added 2024/04/24 12:0 a.m.•8 views

Vulnerabilities fixed in Cisco Adaptive Security Appliance (ASA) and Firepower Threat defense (FTD).

Cisco has fixed actively exploited vulnerabilities in Adaptive Security Appliance and Firepower Threat defense FTD. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Remote code executi...

8.6CVSS8AI score0.70686EPSS
Exploits2
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•45 views

Vulnerabilities fixed in Oracle VirtualBox

Oracle has fixed vulnerabilities in VirtualBox. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data For successf...

8.8CVSS7.9AI score0.0178EPSS
Exploits3
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•5 views

Vulnerabilities fixed in Veritas BackupExec

Veritas has fixed vulnerabilities in BackupExec. A local malicious party can exploit the vulnerabilities to execute arbitrary code via a DLL injection to execute arbitrary code, or to remove arbitrary files from the system, potentially causing a Denial-of-Service. No CVE IDs have been disclosed f...

8.2AI score
Exploits0
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•7 views

Vulnerabilities fixed in Owncloud

Vulnerabilities have been fixed in Owncloud. A malicious party could exploit the vulnerabilities to cause a denial-of-service cause, or to bypass authentication and gain access to the victim's data. Owncloud has released updates to fix the vulnerabilities in Owncloud. For more information, see:...

7.4AI score
Exploits0
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•6 views

Vulnerabilities fixed in Solarwinds Platform

Solarwinds has fixed vulnerabilities in Solarwinds Platform. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...

7.5CVSS7.6AI score0.00696EPSS
Exploits0
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•11 views

Vulnerabilities fixed in Oracle Systems

Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Cross-Site Scripting XSS...

9.8CVSS6.6AI score0.46836EPSS
Exploits12
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Supply Chain products

Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...

8.1CVSS7.3AI score0.46836EPSS
Exploits3
NCSC
NCSC
•added 2024/04/19 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in several PeopleSoft products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution User Rights Access to sensitive data...

9.8CVSS7AI score0.78483EPSS
Exploits12
Total number of security vulnerabilities4197