Lucene search
K

4199 matches found

NCSC
NCSC
•added 2024/02/22 12:0 a.m.•12 views

Vulnerability fixed in Atlassian Confluence

Atlassian has fixed a vulnerability in Confluence. A authenticated malicious party could exploit the vulnerability to perform execute a stored cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive information in the...

8.5CVSS6.5AI score0.00471EPSS
Exploits0
NCSC
NCSC
•added 2024/02/22 12:0 a.m.•6 views

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! CMS. A malicious person can exploit the vulnerabilities to bypass a security measure bypass or perform a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the...

6.5CVSS7AI score0.48839EPSS
Exploits1
NCSC
NCSC
•added 2024/02/21 12:0 a.m.•4 views

Vulnerabilities fixed in ConnectWise ScreenConnect

Connectwise has fixed vulnerabilities in ScreenConnect. A unauthenticated malicious person could exploit the vulnerabilities to create a new administrator account. An exploit is available that makes the chance of exploitation significant. At this no CVEs have yet been assigned to the...

7AI score
Exploits0
NCSC
NCSC
•added 2024/02/21 12:0 a.m.•4 views

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could potentially exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Remote code execution User Rights Spoofing Increased user privileges Access to...

9.8CVSS9.3AI score0.00937EPSS
Exploits2
NCSC
NCSC
•added 2024/02/19 12:0 a.m.•4 views

Vulnerabilities fixed in IBM WebSphere Application Server

IBM has fixed vulnerabilities in WebSphere. The vulnerabilities are located in the Java component of WebSphere and allow a malicious party to carry out attacks that could lead to loss of data integrity and confidentiality. IBM did not release any other detailed information. A more precise risk...

7.5CVSS6.5AI score0.00918EPSS
Exploits0
NCSC
NCSC
•added 2024/02/19 12:0 a.m.•20 views

Vulnerabilities fixed in IBM Qradar

IBM has fixed vulnerabilities in Qradar and underlying components such as SIEM, Wincollect and Case Manager. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...

9.8CVSS7AI score0.99999EPSS
Exploits62
NCSC
NCSC
•added 2024/02/16 12:0 a.m.•6 views

Vulnerabilities fixed in Liferay Portal and DXP

Liferay has fixed vulnerabilities in Portal and DXP. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to system information, or impersonate another user. Liferay has released updates to fix the vulnerabilities in Portal and DXP. For more information,...

8.1CVSS7.1AI score0.00593EPSS
Exploits0
NCSC
NCSC
•added 2024/02/16 12:0 a.m.•6 views

Vulnerability fixed in Rockwell Automation FactoryTalk Service Platform

Rockwell Automation has fixed a vulnerability in FactoryTalk Service Platform FTSP. An authenticated malicious party could exploit the exploit the vulnerability to grant themselves elevated privileges and gain access to FTSP as an Administrator. For successful misuse, the malicious party must hav...

9CVSS6.9AI score0.0099EPSS
Exploits0
NCSC
NCSC
•added 2024/02/16 12:0 a.m.•12 views

Vulnerabilities fixed in F5 BIG-IP and BIG-IQ

F5 has fixed vulnerabilities in BIG-IP and BIG-IQ products. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to bypass a security measure in order to bypass a security measure and thus use command-injection to manipulate the operation of the system manipulate t...

8.7CVSS8.5AI score0.01061EPSS
Exploits0
NCSC
NCSC
•added 2024/02/15 12:0 a.m.•9 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Netweaver and CRM. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Circumvention of security measure Remote code...

9.1CVSS7AI score0.01079EPSS
Exploits1
NCSC
NCSC
•added 2024/02/15 12:0 a.m.•4 views

Vulnerabilities fixed in Scheider Electric EcoStruxture and Modicon

Schneider Electric has fixed vulnerabilities in EcoStruxture and Modicon systems. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass security measures, allowing the malicious party to affect the operation of PLC components. For successful misuse, the...

8.1CVSS6.9AI score0.00317EPSS
Exploits0
NCSC
NCSC
•added 2024/02/15 12:0 a.m.•8 views

Vulnerabilities fixed in ISC BIND

ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND 9.19.21, 9.18.24 S1, 9.16.48 S1 For more information, see: https://kb.isc.org/docs/cve-2023-4408...

7.5CVSS7AI score0.99995EPSS
Exploits1
NCSC
NCSC
•added 2024/02/14 12:0 a.m.•7 views

Vulnerability fixed in Adobe Audition

Adobe has fixed a vulnerability in Adobe Audition. The vulnerability allows a malicious person to execute arbitrary code execute arbitrary code with the victim's privileges. Successful exploit requires user interaction from the victim. Adobe has released updates to fix the vulnerabilities in...

7.8CVSS7.7AI score0.00612EPSS
Exploits0
NCSC
NCSC
•added 2024/02/14 12:0 a.m.•6 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Adobe Commerce and Magento Open Source. The vulnerabilities allow an authenticated malicious person to cause a denial-of-service execute arbitrary code or to bypass a security measure. circumvention. Adobe has released updates to fix the vulnerabilities in Adobe...

9.1CVSS7.5AI score0.03687EPSS
Exploits0
NCSC
NCSC
•added 2024/02/14 12:0 a.m.•8 views

Vulnerabilities fixed in Adobe Acrobat and Reader

Adobe has fixed vulnerabilities in Adobe Acrobat and Reader. A malicious party can exploit the vulnerabilities to cause a denial-of-service DoS, execute arbitrary code execute with the victim's privileges and to gain access to sensitive data in the victim's context. To exploit the exploit...

7.8CVSS7.5AI score0.04448EPSS
Exploits0
NCSC
NCSC
•added 2024/02/14 12:0 a.m.•40 views

Vulnerabilities fixed in Zoom products

Zoom has fixed vulnerabilities in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. A malicious party could exploit the vulnerabilities to gain access to sensitive data, grant themselves elevated permissions, or to cause a denial-of-service. To cause ...

9.8CVSS7AI score0.01689EPSS
Exploits0
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Windows Defender

Microsoft has fixed a vulnerability in Defender for Endpoint. A local malicious agent could exploit the vulnerability to execute arbitrary code with SYSTEM privileges and thus potentially gain access to sensitive data on the system. Microsoft has made updates available that fix the described...

7.8CVSS7.2AI score0.00639EPSS
Exploits0
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's browser of the...

8.2CVSS6.5AI score0.01725EPSS
Exploits0
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•3 views

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Exchange Server. A malicious party could exploit the vulnerability to use a previously stolen NTLM hash to gain access to the account and the data of the victim. Successful exploitation thus requires a previous successful attack on a client that uses NTLM...

9.8CVSS8.7AI score0.12661EPSS
Exploits0
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•38 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as. SIMATIC, WinCC, Parasolid, RUGGEDCOM, Simcenter, SCALANCE, SIDIS, Teknomatix, Unicam and Location Intelligence. The vulnerabilities potentially enable a malicious party to conduct attacks that could result in the following categories ...

10CVSS7.3AI score0.8377EPSS
Exploits134
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•31 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Remote code execution User rights. Access to sensitive data Increased user privileges For successful...

9.8CVSS6.8AI score0.9466EPSS
Exploits24
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•8 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Spoofing Increased use...

9.8CVSS7.2AI score0.01463EPSS
Exploits0
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•3 views

Vulnerabilities fixed in Microsoft .NET

Microsoft has fixed vulnerabilities in .NET. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause. Microsoft has made updates available that fix the described vulnerabilities described. We recommend that you install these updates. install. More information about...

7.5CVSS7.6AI score0.02707EPSS
Exploits0
NCSC
NCSC
•added 2024/02/13 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Spoofing Accessing...

8.8CVSS7.6AI score0.99995EPSS
Exploits15
NCSC
NCSC
•added 2024/02/09 12:0 a.m.•4 views

Vulnerability fixed in Ivanti Connect Secure and Policy Secure Gateways

Ivanti has fixed a vulnerability in Ivanti Connect Secure, Policy Secure and ZTA gateway. The vulnerability allows a malicious party to use an XML External Entity attack to gain access to system resources without having the required authentication. The vulnerability was discovered during the...

8.3CVSS7.1AI score0.94721EPSS
Exploits1
NCSC
NCSC
•added 2024/02/09 12:0 a.m.•16 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS. A unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. Also, a malicious party could potentially gain access to the FortiLink...

9.8CVSS8AI score0.99999EPSS
Exploits39
NCSC
NCSC
•added 2024/02/08 12:0 a.m.•8 views

Vulnerabilities fixed in VMware Aria Operations Networks

VMWare has fixed vulnerabilities in Aria Operations Networks, formerly known as vRealize Network Insight. A malicious party could exploit the vulnerabilities to gain access to sensitive data, to elevate privileges or to launch a Cross-Site Scripting XSS attack. The vulnerability marked...

7.8CVSS6.7AI score0.37849EPSS
Exploits0
NCSC
NCSC
•added 2024/02/08 12:0 a.m.•22 views

Vulnerabilities fixed in Cisco Expressway

Cisco has fixed vulnerabilities in Expressway. A malicious party could exploit the vulnerabilities to perform a Cross-Site-Request-forgery to execute on the Web-based management interface. Such an attack can lead to execution of arbitrary commands in the victim's context. Because cannot be ruled...

9.6CVSS7.5AI score0.00846EPSS
Exploits0
NCSC
NCSC
•added 2024/02/07 12:0 a.m.•24 views

Vulnerabilities fixed in SolarWinds Platform

SolarWinds has fixed vulnerabilities in SolarWinds Platform. An authenticated malicious party can exploit the vulnerabilities to gain access to sensitive data via SQL injection, or execute code that the malicious party is not initially authorized. SolarWinds has released updates to address the...

8CVSS7.9AI score0.01578EPSS
Exploits0
NCSC
NCSC
•added 2024/02/07 12:0 a.m.•11 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Increased user privileges Successful misuse requires...

9.8CVSS7.5AI score0.01954EPSS
Exploits1
NCSC
NCSC
•added 2024/02/05 12:0 a.m.•6 views

Vulnerability fixed in Nagios XI

Nagios has fixed a vulnerability in Nagios XI. A authenticated malicious party can exploit the vulnerability to perform execute a cross-site scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access data in the context of the victim's browser...

5.4CVSS6.3AI score0.01264EPSS
Exploits0
NCSC
NCSC
•added 2024/02/05 12:0 a.m.•10 views

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to bypass security measures, grant himself elevated privileges granted and execute code with administrator privileges and gain access to sensitive data on the vulnerable system. Successful misuse...

9.8CVSS7.4AI score0.01405EPSS
Exploits0
NCSC
NCSC
•added 2024/02/02 12:0 a.m.•3 views

Vulnerabilities fixed in several Docker tools

Vulnerabilities have been fixed in Docker Moby, Docker desktop, runc and buildkit. A malicious party could exploit the vulnerabilities through a rogue docker image to gain elevated privileges within the environment and thus gain access to sensitive data or execute arbitrary code on the host where...

10CVSS7.7AI score0.18087EPSS
Exploits18
NCSC
NCSC
•added 2024/02/01 12:0 a.m.•4 views

Vulnerability fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed a vulnerability in FactoryTalk Service Platform. A malicious party could exploit the vulnerability to obtain the Service Token to gain unauthorized access gain unauthorized access to other FactoryTalk systems connected to the infrastructure. Once gained access, the...

9.8CVSS8AI score0.00858EPSS
Exploits0
NCSC
NCSC
•added 2024/02/01 12:0 a.m.•4 views

Vulnerabilities fixed in GNU glibc

Vulnerabilities have been fixed in GNU glibc. A malicious party can exploit the vulnerabilities to cause a denial-of-service cause, or grant himself elevated privileges and execute arbitrary code, possibly with root privileges. For successful exploitation, the malicious party must have prior acce...

8.4CVSS7.3AI score0.04794EPSS
Exploits9
NCSC
NCSC
•added 2024/01/30 12:0 a.m.•6 views

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer. A malicious party could exploit the vulnerability to cause a denial-of-service attack. For successful abuse, the malicious party must have prior authentication. Progress has released updates to fix the vulnerability in MOVEit Transfer 2023.1....

7.1CVSS6.8AI score0.00539EPSS
Exploits0
NCSC
NCSC
•added 2024/01/26 12:0 a.m.•8 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...

9.9CVSS7.8AI score0.04392EPSS
Exploits3
NCSC
NCSC
•added 2024/01/25 12:0 a.m.•2 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Spoofing...

8.8CVSS7.5AI score0.02155EPSS
Exploits0
NCSC
NCSC
•added 2024/01/25 12:0 a.m.•3 views

Vulnerability fixed in Cisco Unified Communications and Contact Center

Cisco has fixed a vulnerability in Unified Communications Manager and Contact Center. A malicious party could exploit it to execute arbitrary code with permissions from the web application. It is not out of the question that this could give the malicious party gain the ability to execute code tha...

10CVSS7.9AI score0.02057EPSS
Exploits0
NCSC
NCSC
•added 2024/01/25 12:0 a.m.•10 views

Vulnerabilities fixed in Jenkins

Several vulnerabilities have been fixed in Jenkins core and modules. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Circumvention of security...

9.8CVSS8AI score0.99999EPSS
Exploits47
NCSC
NCSC
•added 2024/01/25 12:0 a.m.•10 views

Vulnerabilities fixed in Hewlett Packard OneView

Hewlett Packard has fixed vulnerabilities in OneView. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that could result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of authentication Remote code...

9CVSS9.7AI score0.99999EPSS
Exploits5
NCSC
NCSC
•added 2024/01/23 12:0 a.m.•5 views

Vulnerabilities fixed in Splunk

Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to sensitive data Access to system data Splunk has...

8.8CVSS7AI score0.00395EPSS
Exploits0
NCSC
NCSC
•added 2024/01/23 12:0 a.m.•6 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User...

9.8CVSS7AI score0.78483EPSS
Exploits13
NCSC
NCSC
•added 2024/01/23 12:0 a.m.•9 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User rights Access to...

9.8CVSS7.6AI score0.78483EPSS
Exploits13
NCSC
NCSC
•added 2024/01/22 12:0 a.m.•14 views

Vulnerabilities fixed in Lexmark printers

Lexmark has fixed vulnerabilities in the firmware of several printers. The vulnerabilities are located in the Postscript interpreter and allow a malicious person with the ability to print commands the ability to send arbitrary code execute arbitrary code on the vulnerable system. Lexmark has...

9.1CVSS7.7AI score0.00976EPSS
Exploits0
NCSC
NCSC
•added 2024/01/22 12:0 a.m.•17 views

Vulnerability fixed in VMware Tanzu Spring Framework

VMWare Tanzu has fixed a vulnerability in Spring Framework. An unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service on an application running in the framework. The prerequisite for successful exploitation is that the application uses of the...

7.5CVSS7.5AI score0.01048EPSS
Exploits0
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•6 views

Vulnerabilities fixed in Trend Micro Deep Security

Trend Micro has fixed vulnerabilities in Deep Security. A local malicious person can exploit the vulnerabilities to grant themselves elevated privileges and thus potentially execute arbitrary code execute arbitrary code with elevated privileges. Depending on the implementation this may include th...

7.8CVSS7.9AI score0.0031EPSS
Exploits0
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•56 views

Vulnerabilities fixed in Oracle Financial Services Applications

Oracle has fixed vulnerabilities in several Financial Services applications. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Accessing...

10CVSS6.5AI score0.99654EPSS
Exploits50
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle...

6.5CVSS6.3AI score0.00493EPSS
Exploits0
NCSC
NCSC
•added 2024/01/18 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Systems

Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Denial-of-Service DoS...

9.8CVSS7.4AI score0.69899EPSS
Exploits1
Total number of security vulnerabilities4199