Lucene search
K

4197 matches found

NCSC
NCSC
•added 2024/03/26 12:0 a.m.•9 views

Vulnerabilities fixed in MISP

The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities allow a malicious person to to bypass security measures. The MISP community has released updates to fix the vulnerabilities fixes in MISP. For more information, see: https://github.com/MISP/MISP/commit...

9.8CVSS7AI score0.00816EPSS
Exploits0
NCSC
NCSC
•added 2024/03/21 12:0 a.m.•7 views

| Vulnerability fixed in Ivanti Standalone Sentry

A vulnerability has been fixed in Ivanti Standalone Sentry. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code on the underlying operating system of the vulnerable appliance. Successful misuse does not require prior authentication, but it does require...

9.6CVSS7.6AI score0.12844EPSS
Exploits0
NCSC
NCSC
•added 2024/03/20 12:0 a.m.•5 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User...

9.8CVSS8.5AI score0.01285EPSS
Exploits6
NCSC
NCSC
•added 2024/03/20 12:0 a.m.•7 views

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products such as Bamboo, Bitbucket, Jira and Confluence. A malicious party can exploit the exploit vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights SQL...

8.8CVSS7.6AI score0.17673EPSS
Exploits14
NCSC
NCSC
•added 2024/03/19 12:0 a.m.•5 views

Vulnerability fixed in Autodesk

Autodesk has fixed a vulnerability in DWG Trueview. A malicious party can exploit the vulnerability to cause a denial-of-service, execute arbitrary code with application privileges, or to gain access to sensitive data in the context of the application. Successful exploitation requires the malicio...

7.8CVSS7.4AI score0.0047EPSS
Exploits0
NCSC
NCSC
•added 2024/03/15 12:0 a.m.•10 views

Vulnerabilities fixed in Fortinet FortiManager, FortiAnalyzer and FortiClient-EMS

Vulnerabilities have been fixed in Fortinet FortiManager, FortiAnalyzer and FortiClient-EMS. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: SQL Injection; Manipulation of data; Remote code execution User Rights; Circumvention of...

9.8CVSS8.6AI score0.97591EPSS
Exploits4
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Animate

Adobe has fixed vulnerabilities in Adobe Animate. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue...

7.8CVSS7.4AI score0.00393EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•5 views

Vulnerability fixed in Schneider Electric EcoStruxure Power Design

Schneider Electric has fixed a vulnerability in EcoStruxure Power Design. A malicious party could exploit the vulnerability to execute arbitrary code with privileges of the Power Design user. Successful exploitation requires the malicious party to trick the victim into opening and executing a rog...

7.8CVSS7.4AI score0.00423EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•7 views

Vulnerabilities fixed in Adobe Bridge

Adobe has fixed vulnerabilities in Adobe Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or to access gain access to system data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...

7.8CVSS7.4AI score0.07758EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•5 views

Vulnerability fixed in JFrog Artifactory

JFrog has fixed a vulnerability in Artifactory. A malicious party could exploit the vulnerability to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. JFrog...

8.8CVSS6.7AI score0.00502EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•52 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in IOS XR. A malicious person could exploit the vulnerabilities to circumvent a security measure bypass, cause a denial-of-service, or execute arbitrary execute arbitrary code on the vulnerable system. To successfully execute arbitrary code, the malicious party mus...

7.8CVSS7.6AI score0.0064EPSS
Exploits0
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•7 views

Vulnerability fixed in Adobe ColdFusion

Adobe has fixed a vulnerability in ColdFusion. A malicious party can exploit the vulnerability to bypass a security measure to bypass the vulnerability and thus gain access to sensitive data in the affected Adobe ColdFusion application. Adobe has released updates to fix the vulnerability in...

7.4CVSS7AI score0.98514EPSS
Exploits7
NCSC
NCSC
•added 2024/03/14 12:0 a.m.•15 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Netweaver, HANA, Fiori and Business Objects. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

9.8CVSS7.5AI score0.99999EPSS
Exploits36
NCSC
NCSC
•added 2024/03/13 12:0 a.m.•48 views

Vulnerabilities fixed in Fortinet FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary code, gain access to sensitive data or to elevate privileges. The vulnerability with reference CVE-2024-23112 applies to FortiOS and FortiProxy SSLVPN, and allows...

9.8CVSS7.2AI score0.03279EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft System Center

Microsoft has fixed vulnerabilities in two System Center components. A malicious party could exploit the vulnerabilities to bypass security measures, grant himself elevated privileges grant themselves elevated privileges or execute arbitrary code. Open Management Infrastructure:...

9.8CVSS7.1AI score0.20157EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer tools. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or grant himself elevated privileges to granted and thereby potentially execute arbitrary code for which the malicious party is not initially authorized...

8.8CVSS9.2AI score0.03065EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•6 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Dynamics. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of the...

7.6CVSS6.7AI score0.01078EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•5 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed and vulnerability in SQL Server. The vulnerability is located in the Django backend and allows a malicious party to be able to use the client application of the victim to execute an SQL injection and thus execute arbitrary code execute arbitrary code with the victim's privileg...

8.8CVSS8.2AI score0.02124EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•4 views

Vulnerability fixed in Microsoft Skype

Microsoft has fixed a vulnerability in Skype. A malicious party can exploit the vulnerability to execute arbitrary code execute with the victim's privileges, potentially gaining access gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into...

8.8CVSS6.9AI score0.02618EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•4 views

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Exchange Server. A malicious party can exploit the vulnerability to execute arbitrary code execute with privileges of the victim, potentially gaining access gain access to sensitive data in the victim's context. Successful exploitation requires the malicious...

8.8CVSS6.9AI score0.0682EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges Successful misuse...

7.8CVSS7AI score0.02109EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User rights...

8.8CVSS8AI score0.30504EPSS
Exploits0
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•13 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as. Cerberus, Ruggedcom, SCALANCE, Sentron, SIMATIC, Sinema, Sinteso, Siveillance and Solid Edge. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage:...

10CVSS7AI score0.99999EPSS
Exploits86
NCSC
NCSC
•added 2024/03/12 12:0 a.m.•50 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure products. A malicious party could exploit the vulnerabilities to gain elevated privileges and potentially execute arbitrary code with elevated privileges, or gain access to sensitive data. The most serious vulnerability is located in the...

9CVSS7AI score0.02197EPSS
Exploits0
NCSC
NCSC
•added 2024/03/11 12:0 a.m.•5 views

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. An authenticated malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with application privileges. Because pgAdmin was developed as a management tool for PostgreSQL databases, it is therefore not rule out the...

9.9CVSS8.1AI score0.79326EPSS
Exploits4
NCSC
NCSC
•added 2024/03/08 12:0 a.m.•6 views

Vulnerabilities fixed in Apple Safari

Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Circumvention of security measure. Accessing sensitive data Denial-of-Service DoS. Successful abuse requires the malicious party to trick the...

8.1CVSS8.5AI score0.01496EPSS
Exploits0
NCSC
NCSC
•added 2024/03/08 12:0 a.m.•10 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User rights Access to...

9.8CVSS7.3AI score0.93305EPSS
Exploits14
NCSC
NCSC
•added 2024/03/07 12:0 a.m.•15 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Circumvention of security measure. Increased user privileges GitLab has released updates to...

8.1CVSS7AI score0.00706EPSS
Exploits2
NCSC
NCSC
•added 2024/03/07 12:0 a.m.•7 views

Vulnerability fixed in Cisco Secure Client

Cisco has fixed a vulnerability in the Secure Client. A malicious party could exploit the vulnerability to use a malicious link to gain access to the SAML token of the victim and thus establish a VPN connection. Access to underlying systems and applications still require authentication. Cisco has...

8.2CVSS7AI score0.29906EPSS
Exploits0
NCSC
NCSC
•added 2024/03/06 12:0 a.m.•6 views

Vulnerabilities fixed in VMware products

VMware has fixed several vulnerabilities in VMware ESXI, VMware Workstation and VMware Fusion. A malicious person with local administrator rights in a virtual machine can exploit the vulnerabilities to execute code - with the rights of the application - execute code on the system on which the...

9.3CVSS7.5AI score0.03542EPSS
Exploits0
NCSC
NCSC
•added 2024/03/06 12:0 a.m.•7 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Manipulation of data; Circumvention of security measure; Accessing sensitive data. For successful exploitatio...

7.8CVSS8.3AI score0.01481EPSS
Exploits0
NCSC
NCSC
•added 2024/03/06 12:0 a.m.•3 views

Vulnerabilities fixed in Foxit PDF Reader and PDF Editor

Foxit has fixed vulnerabilities in PDF Reader and PDF Editorformerly PhantomPDF. A malicious party could exploit them to cause a denial-of-service DoS, execute arbitrary code with the victim's privileges, to elevate privileges, or to gain access to sensitive data in the context of the victim...

8.4CVSS7.6AI score0.00205EPSS
Exploits0
NCSC
NCSC
•added 2024/03/06 12:0 a.m.•6 views

Vulnerabilities fixed in ArubaOS and Aruba SD-WAN

Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by, among others, Aruba Mobility Conductor former Mobility Master, Mobility Controllers, Access-Points and SD-WAN Gateways. A malicious party can exploit the vulnerabilities to launch a denial-of-service DoS, gain access to...

9.1CVSS8AI score0.0124EPSS
Exploits0
NCSC
NCSC
•added 2024/03/06 12:0 a.m.•7 views

Vulnerabilities fixed in Zimbra Collaboration

Zimbra has fixed vulnerabilities in Zimbra Collaboration formerly Zimbra Collaboration Suite. The vulnerabilities allow a malicious party to obtain elevated user privileges, or to launch a Cross-Site Scripting XSS attack. A such attack can lead to execution of arbitrary code in too context of the...

7.8CVSS8.2AI score0.19543EPSS
Exploits3
NCSC
NCSC
•added 2024/03/05 12:0 a.m.•3 views

Vulnerability fixed in Mozilla Thunderbird

Mozilla has fixed a vulnerability in Thunderbird. Due to an flaw in the processing of email messages in the local cache, the encrypted data, such as the subject line, from email messages could be included in other email messages. When the user replies to such such an infected email message, for...

7.5CVSS6.3AI score0.00682EPSS
Exploits1
NCSC
NCSC
•added 2024/03/05 12:0 a.m.•60 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data Increased user privileges The...

9.8CVSS8AI score0.01512EPSS
Exploits22
NCSC
NCSC
•added 2024/03/05 12:0 a.m.•11 views

Vulnerabilities fixed in IBM MQ

IBM has fixed vulnerabilities in MQ. A malicious party could exploit the exploit the vulnerabilities to cause a denial-of-service gain access to sensitive data, or to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or...

9.8CVSS7.4AI score0.99999EPSS
Exploits21
NCSC
NCSC
•added 2024/02/29 12:0 a.m.•4 views

Vulnerabilities fixed in Cisco Nexus

Cisco has fixed vulnerabilities in NX-OS, as in use on various Nexus platforms. A malicious party could exploit them to bypass security measures to allow allow unauthorized network traffic to pass through, or to cause a denial-of-service attack. Cisco has released updates to fix the vulnerabiliti...

8.6CVSS7AI score0.00926EPSS
Exploits0
NCSC
NCSC
•added 2024/02/29 12:0 a.m.•8 views

Vulnerabilities fixed in Nvidia GPU driver

Nvidia has fixed vulnerabilities in its driver for GPU chipsets and associated controller software. A local malicious party could exploit the vulnerabilities to cause a denial-of-service cause, or to grant themselves elevated privileges in order to execute arbitrary code with privileges from SYST...

7.8CVSS7.4AI score0.00381EPSS
Exploits0
NCSC
NCSC
•added 2024/02/28 12:0 a.m.•4 views

Vulnerability fixed in Eclipse Jetty

A vulnerability has been fixed in Jetty. A malicious person at remote can exploit the vulnerability to cause a denial-of-service DoS attack. Eclipse has released updates to fix the vulnerability in Eclipse Jetty. For more information, see: https://eclipse.dev/jetty/download.php...

7.5CVSS8AI score0.01433EPSS
Exploits0
NCSC
NCSC
•added 2024/02/28 12:0 a.m.•5 views

Vulnerability fixed in CheckMK

A vulnerability has been fixed in the CheckMK Windows Agent. The vulnerability allows an authenticated local malicious agent to able to execute with arbitrary code under higher privileges. CheckMK has released updates to fix the vulnerability. For more information, see:...

8.8CVSS7.4AI score0.00342EPSS
Exploits5
NCSC
NCSC
•added 2024/02/28 12:0 a.m.•9 views

Vulnerabilities fixed in Aruba Networks Clearpass Policy Manager

Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. A malicious party could exploit the vulnerabilities to execute digital attacks that can result in the following categories of damage: Remote code execution User rights; Remote code execution Administrator/Root rights; Cross-Sit...

9.8CVSS7AI score0.80819EPSS
Exploits15
NCSC
NCSC
•added 2024/02/28 12:0 a.m.•7 views

Vulnerabilities fixed in Arista EOS

Arista has fixed a vulnerability in Arista NG Firewall, part of Arista EOS Edge Threat Management. The vulnerability allows a malicious person with access rights to 'advanced report application' could, through SQL injection, execute code with elevated privileges to execute code on the underlying...

8.8CVSS7.7AI score0.08794EPSS
Exploits0
NCSC
NCSC
•added 2024/02/23 12:0 a.m.•8 views

Vulnerability fixed in SonicWall SSL-VPN products

SonicWall has fixed a vulnerability in SMA 100 series SSL VPNs. An authenticated malicious party can exploit the vulnerability exploit the vulnerability to establish a link to the mobile MFA device of another user and thus potentially gain access to sensitive data in the victim's context. SonicWa...

6.3CVSS6.8AI score0.00433EPSS
Exploits0
NCSC
NCSC
•added 2024/02/22 12:0 a.m.•28 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Manipulation of data Circumvention o...

8.7CVSS6.5AI score0.51467EPSS
Exploits0
NCSC
NCSC
•added 2024/02/22 12:0 a.m.•72 views

Vulnerabilities fixed in Liferay Portal and DXP

Liferay has fixed vulnerabilities in Liferay Portal and DXP. A malicious party can exploit the vulnerabilities to launch a variety of ways to launch a Cross-Site Scripting attack. A such an attack can lead to execution of arbitrary code in the victim's victim's browser, or access sensitive data i...

9.6CVSS6.9AI score0.00707EPSS
Exploits0
NCSC
NCSC
•added 2024/02/22 12:0 a.m.•6 views

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI. A malicious party can exploit the vulnerabilities to use SQL injection, or through a Cross-Site-Scripting XSS attack execute arbitrary code with the victim's privileges, or to gain access to system data. Nagios has released updates to fix the...

9.8CVSS7.3AI score0.45884EPSS
Exploits6
NCSC
NCSC
•added 2024/02/22 12:0 a.m.•3 views

Vulnerability fixed in Progress Kemp LoadMaster

Progress Kemp has fixed a vulnerability in LoadMaster. The vulnerability allows a malicious party to use specially API calls to issue system commands without being authorized. being authorized to do so. For successful exploitation, the malicious party must have access to the management interface...

10CVSS7AI score0.95388EPSS
Exploits9
NCSC
NCSC
•added 2024/02/22 12:0 a.m.•12 views

Vulnerability fixed in Atlassian Confluence

Atlassian has fixed a vulnerability in Confluence. A authenticated malicious party could exploit the vulnerability to perform execute a stored cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive information in the...

8.5CVSS6.5AI score0.00471EPSS
Exploits0
NCSC
NCSC
•added 2024/02/22 12:0 a.m.•6 views

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! CMS. A malicious person can exploit the vulnerabilities to bypass a security measure bypass or perform a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the...

6.5CVSS7AI score0.48839EPSS
Exploits1
Total number of security vulnerabilities4197