Lucene search
K

4197 matches found

NCSC
NCSC
•added 2024/04/19 12:0 a.m.•8 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in several PeopleSoft products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS. Data manipulation. Remote code execution User Rights Access to sensitive data...

9.8CVSS7AI score0.78483EPSS
Exploits12
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•6 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform Perform cross-site scripting XSS attacks. Such attacks can lead to execution of arbitrary code in the victim's victim's browser, or access sensitive data in the...

9.1CVSS7.3AI score0.00723EPSS
Exploits0
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...

9.8CVSS9.3AI score0.00847EPSS
Exploits2
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•13 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in several Hyperion products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive...

8.4CVSS7.3AI score0.81422EPSS
Exploits38
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in several Java products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution User rights Access to sensitive data...

8.8CVSS7.4AI score0.29179EPSS
Exploits3
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•43 views

Vulnerabilities fixed in Oracle Financial Services Applications

Oracle has fixed vulnerabilities in several Financial Services applications. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution...

10CVSS7.3AI score0.99999EPSS
Exploits55
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•23 views

Vulnerabilities fixed in Oracle Communications products

Oracle has fixed vulnerabilities in Communications products and applications. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of...

9.8CVSS7.1AI score0.99999EPSS
Exploits77
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•17 views

Vulnerabilities fixed in Oracle Database Products

Oracle has fixed vulnerabilities in several Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Access to sensitive data...

10CVSS6.9AI score0.99999EPSS
Exploits69
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•14 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed vulnerabilities in Enterprise Manager components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remote code execution...

9.8CVSS6.9AI score0.99999EPSS
Exploits25
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•7 views

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed vulnerabilities in several Analytics products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...

9.8CVSS7.3AI score0.05533EPSS
Exploits0
NCSC
NCSC
•added 2024/04/18 12:0 a.m.•61 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in several Fusion Middleware products. A malicious party can exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...

10CVSS7.4AI score0.99999EPSS
Exploits50
NCSC
NCSC
•added 2024/04/17 12:0 a.m.•3 views

Vulnerabilities fixed in IBM Websphere Application Server

Vulnerabilities have been fixed in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty.The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Server Side Request Forgery SSRF. Access to sensitive data IBM has releas...

7CVSS8AI score0.00649EPSS
Exploits0
NCSC
NCSC
•added 2024/04/16 12:0 a.m.•6 views

Vulnerability fixed in Putty

Putty has fixed a vulnerability in Putty Client. The vulnerability in Putty is in how the ECDSA nonce is created when using NIST P-521. This makes possible for a malicious person to guess the nonce and use using the signed text to retrieve the private key. Putty is also used in the following...

5.9CVSS9.1AI score0.05773EPSS
Exploits0
NCSC
NCSC
•added 2024/04/12 12:0 a.m.•8 views

Vulnerability discovered in Palo Alto PAN-OS

Palo Alto has discovered a vulnerability in PAN-OS. A unauthenticated malicious person can exploit the vulnerability to execute arbitrary code on the vulnerable system with root privileges. The vulnerability is found only in PAN-OS versions 10.2, 11.0 and 11.1, if both the GlobalProtect Gateway a...

10CVSS7.3AI score0.99999EPSS
Exploits43
NCSC
NCSC
•added 2024/04/12 12:0 a.m.•36 views

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto has fixed vulnerabilities in PAN-OS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or bypass security measures, allowing traffic to pass through pass traffic that was not initially authorized. Palo Alto has released updat...

9.1CVSS7.1AI score0.0093EPSS
Exploits0
NCSC
NCSC
•added 2024/04/12 12:0 a.m.•31 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to execute a Cross-Site Scripting attack. Such an attack could result in execution of arbitrary code in the victim's...

8.7CVSS6.8AI score0.00601EPSS
Exploits2
NCSC
NCSC
•added 2024/04/12 12:0 a.m.•7 views

Vulnerabilities fixed in Juniper JunOS

Juniper has fixed vulnerabilities in JunOS and JunOS Evolved. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data or to bypass security measures to allow traffic pass through traffic that was not initially authorized. Juniper has release...

9.2CVSS8.3AI score0.01495EPSS
Exploits0
NCSC
NCSC
•added 2024/04/11 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Animate

Adobe has fixed vulnerabilities in Animate. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause, execute arbitrary code with the privileges of the victim, or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim...

7.8CVSS7.8AI score0.00398EPSS
Exploits0
NCSC
NCSC
•added 2024/04/11 12:0 a.m.•5 views

Vulnerability fixed in node.js

A vulnerability has been fixed in node.js. A malicious party can exploit the vulnerability to use a command-injection to execute arbitrary code on the system with permissions of the application running in the vulnerable node.js. The developers of node.js have released updates to fix the...

8.1CVSS8.5AI score0.01411EPSS
Exploits0
NCSC
NCSC
•added 2024/04/11 12:0 a.m.•8 views

Vulnerability fixed in Adobe Media Encoder

Adobe has fixed a vulnerability in Media Encoder. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into opening a rogue media file. Adobe has...

7.8CVSS7.7AI score0.00612EPSS
Exploits0
NCSC
NCSC
•added 2024/04/10 12:0 a.m.•6 views

Vulnerabilities fixed in Micorosft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are located in the various ODBC and OLE DB drivers and allow a malicious party to execute arbitrary code execute application privileges, potentially gaining access gain access to sensitive data. Successful abuse requires the...

8.8CVSS7.7AI score0.02812EPSS
Exploits0
NCSC
NCSC
•added 2024/04/10 12:0 a.m.•10 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Excel and Sharepoint. The vulnerability in Excel allows a malicious person to execute arbitrary code with the victim's privileges. For successful exploitation, the malicious party must trick the victim into opening a rogue file. The vulnerability in Sharepoi...

7.8CVSS7.2AI score0.01395EPSS
Exploits0
NCSC
NCSC
•added 2024/04/10 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Defender for IoT

Microsoft has fixed vulnerabilities in Defender for IoT. A malicious party can exploit the vulnerabilities to afford elevated permissions and execute arbitrary code with permissions of the process. Microsoft has made updates available that fix the described vulnerabilities described. We recommend...

8.8CVSS7.6AI score0.03199EPSS
Exploits0
NCSC
NCSC
•added 2024/04/10 12:0 a.m.•6 views

Vulnerabilities fixed in Fortinet

Fortinet has fixed a number of vulnerabilities in FortiOS, FortiProxy, FortiNAC, FortiSandbox and FortiClient. A malicious person could exploit the vulnerability marked CVE-2023-45590 to executing code on a FortiClientLinux system by getting a user to visit a rogue website. Other vulnerabilities...

9.6CVSS7.6AI score0.0248EPSS
Exploits0
NCSC
NCSC
•added 2024/04/10 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Azure products

Microsoft has fixed vulnerabilities in Azure and various applications within Azure. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system...

9CVSS7AI score0.1802EPSS
Exploits0
NCSC
NCSC
•added 2024/04/10 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing...

8.8CVSS7.9AI score0.87896EPSS
Exploits6
NCSC
NCSC
•added 2024/04/09 12:0 a.m.•8 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Netweaver, HANA, Fiori and Business Objects. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

8.8CVSS6.3AI score0.00726EPSS
Exploits0
NCSC
NCSC
•added 2024/04/09 12:0 a.m.•8 views

Vulnerabilities fixed in Red Hat Openshift

Red Hat has released updates to Red Hat OpenShift Container Platform to address several vulnerabilities in underlying software modules fixes. A malicious party could potentially exploit the vulnerabilities to cause the following categories of damage: Denial-of-Service DoS Circumvention of securit...

9.8CVSS9.2AI score0.01176EPSS
Exploits2
NCSC
NCSC
•added 2024/04/09 12:0 a.m.•6 views

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Apache has released updates to fix the vulnerabilities in Apache server 2.4.59...

7.3CVSS9.2AI score0.03914EPSS
Exploits0
NCSC
NCSC
•added 2024/04/09 12:0 a.m.•95 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products including. Parasolid, Ruggedcom, SCALANCE, SIMATIC, SINEC and Telecontrol. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that could lead to the following categories of damage: Cross-Site Scripting...

9.8CVSS7AI score0.99999EPSS
Exploits34
NCSC
NCSC
•added 2024/04/08 12:0 a.m.•5 views

Vulnerability fixed in IBM Personal Communications

IBM has fixed a vulnerability in Personal Communications PCOMM. The vulnerability is located in an underlying Windows component and allows a malicious person to afford granted elevated privileges and execute code with privileges of SYSTEM. IBM has released updates to fix the vulnerability in...

10CVSS7.2AI score0.00787EPSS
Exploits0
NCSC
NCSC
•added 2024/04/05 12:0 a.m.•4 views

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. A malicious party can exploit the vulnerability to execute arbitrary code on the underlying system. For successful abuse, the malicious party must have prior authentication on the vulnerable pgAdmin installation. The developers of pgAdmin have released...

9.8CVSS7.8AI score0.64846EPSS
Exploits5
NCSC
NCSC
•added 2024/04/05 12:0 a.m.•9 views

Vulnerabilities Fixed in Lexmark Multifunctionals

Lexmark has fixed vulnerabilities in the firmware of several types of multifunction devices. A malicious person could exploit them to bypass a security measure and thus provide the vulnerable system with outdated, or potentially rogue, firmware, or to execute arbitrary code on the system. Lexmark...

8.8CVSS7.9AI score0.00609EPSS
Exploits0
NCSC
NCSC
•added 2024/04/05 12:0 a.m.•42 views

Vulnerabilities fixed in Esri Arcgis Portal

Esri has fixed vulnerabilities in Arcgis Portal. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack, or perform a Cross-Site-Request-Forgery execution. Such attacks can lead to execution of arbitrary code in the victim's browser, or access to sensitive dat...

9.9CVSS7AI score0.01265EPSS
Exploits0
NCSC
NCSC
•added 2024/04/05 12:0 a.m.•4 views

Vulnerability fixed in IBM Websphere Application Server

IBM has fixed a vulnerability in Websphere Application Server. The vulnerability is located in the underlying jose4j library and allows an unauthenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability in Websphere Application Server. For...

6.5CVSS7AI score0.00879EPSS
Exploits1
NCSC
NCSC
•added 2024/04/05 12:0 a.m.•7 views

Vulnerabilities fixed in Broadcom Brocade Fabric OS

Broadcom has fixed vulnerabilities in Brocade Fabric OS. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code on the system, or to manipulate the operation of the system manipulate. To do this, the malicious party does not need prior authentication...

9.8CVSS7.9AI score0.01205EPSS
Exploits1
NCSC
NCSC
•added 2024/04/04 12:0 a.m.•3 views

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure Gateways

Ivanti has fixed vulnerabilities in Ivanti Connect Secure and Policy Secure. The vulnerabilities allow an unauthenticated malicious party able to remotely perform a Denial of Service execution. For CVE-2024-21894, Ivanti indicates that in certain circumstances could potentially lead to the...

9.8CVSS7.1AI score0.18987EPSS
Exploits0
NCSC
NCSC
•added 2024/04/04 12:0 a.m.•25 views

Vulnerabilities fixed in Cisco Nexus Dashboard

Cisco has fixed vulnerabilities in the Nexus Dashboard and underlying modules, such as Fabric Controller and Orchestrator. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Da...

8.8CVSS7.7AI score0.00803EPSS
Exploits0
NCSC
NCSC
•added 2024/04/04 12:0 a.m.•7 views

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Identity Services Engine. The vulnerabilities are located in the management interface and allow a malicious person with access to that interface to perform a Server-Side-Request-Forgery, or a Cross-Site-Request-Forgery to perform execution. Such an attack can le...

8.8CVSS7.2AI score0.00369EPSS
Exploits0
NCSC
NCSC
•added 2024/04/04 12:0 a.m.•4 views

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed a vulnerability in Unified Communications Manager. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim'...

6.1CVSS7AI score0.00498EPSS
Exploits0
NCSC
NCSC
•added 2024/04/03 12:0 a.m.•3 views

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in IBM DB2. For more information, see:...

6.8CVSS9.4AI score0.03889EPSS
Exploits1
NCSC
NCSC
•added 2024/04/02 12:0 a.m.•7 views

Vulnerability fixed in Flexera Software FlexNet Publisher

Flexera Software has fixed a vulnerability in FlexNet Publisher. A local malicious person could exploit the vulnerability to grant itself elevated privileges and execute code with elevated privileges. To exploit the vulnerability, a malicious party must load a specially prepared SSL configuration...

8.5CVSS6.8AI score0.00419EPSS
Exploits0
NCSC
NCSC
•added 2024/04/02 12:0 a.m.•8 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or grant themselves elevated privileges to gain gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into followi...

9.8CVSS6.8AI score0.00878EPSS
Exploits0
NCSC
NCSC
•added 2024/03/29 12:0 a.m.•7 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS GitLab has released updates to fix th...

8.7CVSS6.5AI score0.00945EPSS
Exploits1
NCSC
NCSC
•added 2024/03/29 12:0 a.m.•9 views

Vulnerability fixed in liblzma (XZ Utils)

Malicious code has been found in liblzma XZ Utils software. XZ Utils is used for compression of data and may be present in Linux distributions. The vulnerability has been labeled CVE-2024-3094 and has been found in versions 5.6.0 and 5.6.1 of XZ Utils. A malicious party can exploit the...

10CVSS7.2AI score0.85974EPSS
Exploits40
NCSC
NCSC
•added 2024/03/28 12:0 a.m.•7 views

Vulnerabilities fixed in SugarCRM

Vulnerabilities have been fixed in SugarCRM. A malicious party could exploit the vulnerabilities to launch cross-site scripting or SQL injection attacks, manipulate data or execute code execute code. No CVE IDs have yet been disclosed for the vulnerabilities. SugarCRM has released updates to fix...

7AI score
Exploits0
NCSC
NCSC
•added 2024/03/28 12:0 a.m.•7 views

Vulnerabilities fixed in Splunk

Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Circumvention of security measure. Accessing sensitive data Access to system data Splunk has released...

8.1CVSS7AI score0.00942EPSS
Exploits0
NCSC
NCSC
•added 2024/03/28 12:0 a.m.•11 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Bypassing security measure Increased user...

8.6CVSS6.7AI score0.00816EPSS
Exploits0
NCSC
NCSC
•added 2024/03/28 12:0 a.m.•7 views

Vulnerabilities fixed in Synology Surveillance Station

Synology has fixed vulnerabilities in Surveillance Station. A malicious party can exploit the vulnerabilities to execute arbitrary code via SQL injection to execute arbitrary code, or gain access to sensitive data. Synology has released updates to fix the vulnerabilities in Surveillance Station...

9.9CVSS8AI score0.00797EPSS
Exploits0
NCSC
NCSC
•added 2024/03/26 12:0 a.m.•5 views

Vulnerability fixed in Microsoft .NET

Microsoft has fixed a vulnerability in .NET. A malicious party could exploit the vulnerability to gain access to sensitive data. Microsoft has made available an update that fixes the described vulnerability described. We recommend that you install. More information about the vulnerability, the...

7.5CVSS6.5AI score0.98624EPSS
Exploits1
Total number of security vulnerabilities4197