Lucene search
K

4207 matches found

NCSC
NCSC
•added 2023/10/05 12:0 a.m.•4 views

ZeroDay vulnerability fixed in Apple iOS and iPadOS

Apple has fixed a vulnerability in iOS and iPadOS. A malicious party could exploit the vulnerability to gain elevated permissions on the vulnerable system. Apple has received reports that this vulnerability may have been been actively exploited in versions of iOS prior to iOS 16.6 Apple has...

7.8CVSS6.6AI score0.00943EPSS
Exploits0
NCSC
NCSC
•added 2023/10/05 12:0 a.m.•10 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Increased user privileges The most serious...

10CVSS9.6AI score0.99735EPSS
Exploits10
NCSC
NCSC
•added 2023/10/03 12:0 a.m.•7 views

Vulnerability fixed in IBM License Metric Tool

A vulnerability has been fixed in IBM License Metric Tool A malicious party can send a specially crafted URL request with "dot dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. More information can be found on the page below:...

7.5CVSS6.8AI score0.00816EPSS
Exploits0
NCSC
NCSC
•added 2023/10/02 12:0 a.m.•3 views

Vulnerabilities fixed in Exim

Exim has fixed vulnerabilities in Exim MTA. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Remote code execution Administrator/Root privileges. Access to system/data data Exim has released updates to fix the vulnerabilities in Exim...

9.8CVSS7.7AI score0.28084EPSS
Exploits5
NCSC
NCSC
•added 2023/09/29 12:0 a.m.•85 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to manipulate projects and be able to cause damage cause damage in the following categories: Bypassing security measure. Remote code execution User rights Spoofing Accessing...

8.8CVSS7.6AI score0.01094EPSS
Exploits0
NCSC
NCSC
•added 2023/09/29 12:0 a.m.•10 views

Vulnerabilities fixed in Cisco IOS

Cisco has fixed vulnerabilities in the IOS firmware of several systems, such as Catalyst, Aironet, Integrated Routers, Analog Voice Gateways. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service...

9.8CVSS8AI score0.21583EPSS
Exploits0
NCSC
NCSC
•added 2023/09/29 12:0 a.m.•6 views

Vulnerabilities fixed in WS_FTP

Progress has fixed vulnerabilities in WSFTP. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...

10CVSS8AI score0.9015EPSS
Exploits6
NCSC
NCSC
•added 2023/09/28 12:0 a.m.•3 views

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. The vulnerability allows an authenticated malicious person to execute arbitrary code execute arbitrary code on the PostgreSQL server. The developers of pgAdmin have released updates to fix the vulnerability in pgAdmin 7.7. For more information, see:...

8.8CVSS7.7AI score0.0147EPSS
Exploits0
NCSC
NCSC
•added 2023/09/28 12:0 a.m.•8 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. Although a total of 10 vulnerabilities have been fixed, Google has made some information of only 3 vulnerabilities made some information available. The listed vulnerabilities allow a malicious party to cause a denial-of-service, or to execute arbitrary...

8.8CVSS7.6AI score0.49013EPSS
Exploits3
NCSC
NCSC
•added 2023/09/28 12:0 a.m.•3 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox, Firefox ESR and Thunderbird. A malicious party could exploit the vulnerabilities to perform attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive dat...

9.8CVSS7.4AI score0.01233EPSS
Exploits0
NCSC
NCSC
•added 2023/09/28 12:0 a.m.•11 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in Apple MacOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

10CVSS9AI score0.29179EPSS
Exploits3
NCSC
NCSC
•added 2023/09/25 12:0 a.m.•3 views

Vulnerability fixed in Elastic ElasticSearch

Elastic has fixed a vulnerability in ElasticSearch. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service. Elastic has released updates to fix the vulnerability in ElasticSearch 7.17.13 and 8.9.0. For more information, see: https://discuss.elastic.co/t...

7.5CVSS6.8AI score0.01232EPSS
Exploits0
NCSC
NCSC
•added 2023/09/22 12:0 a.m.•5 views

Vulnerability fixed in Rockwell Automation FactoryTalk

Rockwell has fixed a vulnerability in Factory Talk View Machine Edition. An unauthenticated malicious person could exploit the exploit the vulnerability to execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to the production network...

9.8CVSS7.8AI score0.10974EPSS
Exploits0
NCSC
NCSC
•added 2023/09/22 12:0 a.m.•4 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to circumvent a security measure circumvention or to grant himself elevated privileges and possibly execute code execute code with higher privileges than the user. Successful exploitation requires the...

7.8CVSS7.3AI score0.04547EPSS
Exploits0
NCSC
NCSC
•added 2023/09/22 12:0 a.m.•3 views

ZeroDay vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to circumvent a security measure in order to bypass it, grant themselves elevated privileges granted and execute arbitrary code on the vulnerable system Apple has reports that the vulnerabilities...

8.8CVSS8.9AI score0.29179EPSS
Exploits3
NCSC
NCSC
•added 2023/09/22 12:0 a.m.•3 views

Vulnerability fixed in Roundcube webmail

A vulnerability has been fixed in Roundcube webmail. A malicious party can exploit the vulnerability for a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. victim...

6.1CVSS7AI score0.58483EPSS
Exploits2
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•6 views

Vulnerability fixed in Drupal

Drupal has fixed a vulnerability in Drupal core. The vulnerability is located in the JSON:API module and allows an unauthenticated malicious party to gain access to sensitive data. No CVE ID has been disclosed for this vulnerability yet. Drupal has released updates to fix the vulnerability in...

6.6AI score
Exploits0
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•7 views

Vulnerability fixed in Atlassian Confluence

Atlassian has fixed a vulnerability in Confluence. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the application. Atlassian has released updates to fix the vulnerability in Confluence 8.6.0, 8.5.1 and 7.19.14. For more information, see:...

7.5CVSS6.8AI score0.13734EPSS
Exploits0
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•7 views

Vulnerability fixed in Atlassian Bitbucket

Atlassian has fixed a vulnerability in Bitbucket. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code, possibly with elevated privileges. For successful abuse, the malicious party must be authenticated. Atlassian has released updates to fix the...

8.8CVSS7.4AI score0.14329EPSS
Exploits0
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•6 views

Vulnerability fixed in CUPS

A vulnerability has been fixed in CUPS. A malicious party could exploit the vulnerability to execute arbitrary code with permissions from the print server. For successful exploitation, the malicious party must offer a specially prepared Postscript file to the print server, or trick a trick a user...

7CVSS7.6AI score0.00663EPSS
Exploits2
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•5 views

Vulnerabilities fixed in ISC BIND

ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. The vulnerability with reference CVE-2023-3341 is located in the way in which control channel messages are processed. If too large messages, the named process can...

7.5CVSS7.7AI score0.02626EPSS
Exploits0
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•8 views

Vulnerabilities fixed in Progress MOVEit Transfer

Progress has fixed vulnerabilities in MOVEit Transfer. The vulnerabilities labeled CVE-2023-40043 and CVE-2023-42660 can be be exploited by an authenticated malicious person to gain access to sensitive data via an SQL injection to gain access to sensitive data. Misuse of the vulnerability with...

8.8CVSS8AI score0.00577EPSS
Exploits0
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•4 views

Vulnerabilities fixed in Jenkins

Vulnerabilities have been fixed in Jenkins. A malicious party can exploit the vulnerabilities to launch attacks that can result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code...

8.8CVSS7.3AI score0.03388EPSS
Exploits0
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•7 views

Vulnerabilities fixed in Autodesk AutoCad

Autodesk has fixed vulnerabilities in several products of AutoCad. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute code with privileges of the user, or to gain access to sensitive data in the scope of the application. Successful exploitation requires the...

9.8CVSS7.5AI score0.01EPSS
Exploits0
NCSC
NCSC
•added 2023/09/21 12:0 a.m.•6 views

Vulnerabilities fixed in Hewlett Packard OneView

Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to bypass authentication bypass authentication to gain unauthenticated access to sensitive data within the application, or use the application. HPE has released updates to fix the...

9.8CVSS7.5AI score0.01216EPSS
Exploits0
NCSC
NCSC
•added 2023/09/19 12:0 a.m.•3 views

Vulnerability fixed in Elastic Kibana

Elastic has fixed a vulnerability in Kibana. A authenticated malicious person could exploit the vulnerability to obtain obtain sensitive data from the log, such as user credentials and system credentials. Elastic has released updates to fix the vulnerability in Kibana 8.10.1. Version 8.10.0 has...

9CVSS6.7AI score0.00656EPSS
Exploits0
NCSC
NCSC
•added 2023/09/19 12:0 a.m.•4 views

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person could exploit the vulnerability to execute pipelines with the privileges of an arbitrary user to execute pipelines. When this arbitrary user has elevated privileges, execution of code wit...

7.4AI score
Exploits0
NCSC
NCSC
•added 2023/09/19 12:0 a.m.•4 views

Vulnerability fixed in Trend Micro Apex One

Trend Micro has fixed a vulnerability in Apex One. A local, authenticated malicious party can exploit the vulnerability exploit to execute arbitrary code with permissions from the system. For successful abuse, the malicious party must have prior sufficient privileges on the admin console of the...

7.2CVSS7.7AI score0.04739EPSS
Exploits0
NCSC
NCSC
•added 2023/09/19 12:0 a.m.•4 views

Vulnerability fixed in Elastic ElasticSearch

Elastic has fixed a vulnerability in ElasticSearch. A malicious party could exploit the vulnerability to cause a denial-of-service attack. Elastic has released updates to fix the vulnerability in ElasticSearch 7.17.13 and 8.9.1. For more information, see: https://discuss.elastic.co/t...

7.5CVSS6.8AI score0.60679EPSS
Exploits4
NCSC
NCSC
•added 2023/09/18 12:0 a.m.•6 views

Vulnerabilities fixed in QNAP QTS and QuTS Hero

QNAP has fixed vulnerabilities in QTS and QuTS Hero. A authenticated malicious party can exploit the vulnerabilities to cause a denial-of-service, or through command-injection execute arbitrary code on the system. QNAP has released updates to fix the vulnerabilities in QTS and QuTS Hero v...

8.8CVSS7.6AI score0.01219EPSS
Exploits0
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•5 views

Vulnerability fixed in Palo Alto PanOS

Palo Alto has fixed a vulnerability in PAN-OS. A malicious party could exploit the vulnerability to cause a denial-of-service attack. The vulnerability is in the way BGP UPDATEs are processed. When a specially prepared UPDATE is sent, it can cause the connection to be dropped. Repeatedly sending...

7.5CVSS6.8AI score0.01437EPSS
Exploits1
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•40 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in IOS XR. A unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass existing ACLs bypassing them by sending specially prepared network traffic. Cisco has also fixed vulnerabilities that allow a local,...

7.8CVSS7.8AI score0.00545EPSS
Exploits1
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•6 views

Vulnerability fixed in FortiOS

Fortinet has fixed a vulnerability in FortiOS and FortiProxy. A malicious party could exploit the vulnerability to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim. Because the vulnerability is located in the guest-managemen...

8CVSS7AI score0.01119EPSS
Exploits0
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•4 views

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. A malicious party can exploit the vulnerability to implement security measures against Cross-Site-Scripting XSS and Cross-Site-Request-Forgery XSRF and thus carry out these types of such attacks on web applications which should be protected against...

8.8CVSS6.7AI score0.00656EPSS
Exploits0
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•6 views

Vulnerabilities fixed in Zimbra

Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party can exploit the vulnerabilities to launch a Cross-Site Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's...

6.7AI score
Exploits0
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•3 views

Vulnerability fixed in Adobe Acrobat and Acrobat Reader

Adobe has fixed a vulnerability in Acrobat and Acrobat Reader. A malicious party could exploit the vulnerability to execute arbitrary code with user privileges. It is possible that by executing code, access can be gained to sensitive data in the victim's context. Successful exploitation requires...

7.8CVSS7.2AI score0.07036EPSS
Exploits0
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•2 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person can exploit the vulnerabilities to circumvent security measures bypass security measures, execute arbitrary code in the context of the browser, or to gain access to sensitive data in the context of the browser. Google reports having...

8.8CVSS7.6AI score0.99735EPSS
Exploits9
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•7 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including. Business Objects, HANA, Netweaver and Powerdesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data...

9.9CVSS8.7AI score0.46836EPSS
Exploits1
NCSC
NCSC
•added 2023/09/14 12:0 a.m.•4 views

Vulnerabilities fixed in Adobe Connect

Adobe has fixed vulnerabilities in Connect. A malicious person could exploit the vulnerabilities to launch a Cross-Site Scripting attack attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. Fo...

6.1CVSS6.7AI score0.00403EPSS
Exploits0
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•59 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in components of Azure. A malicious party could exploit the vulnerabilities to gain elevated privileges, execute code with privileges of a user or gain access to sensitive data. Azure DevOps: |----------------|------|-------------------------------------| | CVE...

9.8CVSS7AI score0.02831EPSS
Exploits0
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•6 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution User rights Spoofing Access to sensitive data...

9.8CVSS6.8AI score0.18959EPSS
Exploits0
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•5 views

Vulnerabilities fixed in FoxIT PDF Reader and PDF Editor

FoxIT has fixed vulnerabilities in PDF Reader and PDF Editor formerly PhantomPDF. A malicious person could exploit them to cause a denial-of-service, to execute arbitrary execute code with user privileges, or to access gain access to sensitive data in the context of the PDF software. Successful...

8.8CVSS7.3AI score0.03346EPSS
Exploits1
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•7 views

Vulnerabilities fixed in Hewlett Packard OneView

Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass authentication and gain access to sensitive data. HPE has released updates to fix the vulnerabilities in OneView 8.5 and 6.60.05. For more...

9.8CVSS7.4AI score0.75116EPSS
Exploits0
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•3 views

Zeroday vulnerability fixed in Google Chrome

Google has fixed a Zeroday vulnerability in Chrome. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code on the underlying operating system with permissions from the victim. If the victim's privileges are high enough are high enough, this allows the...

8.8CVSS7.7AI score0.99735EPSS
Exploits9
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics and Dynamics Finance & Operations. A malicious person could exploit them to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the...

7.6CVSS6AI score0.00875EPSS
Exploits0
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. A malicious party can exploit the vulnerabilities to impersonate as another user and use their privileges to execute arbitrary code be able to execute arbitrary code or gain access to sensitive data. For successful abuse, the malicious party must b...

8CVSS7.3AI score0.81713EPSS
Exploits1
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Access to sensitive...

8.8CVSS7.5AI score0.39491EPSS
Exploits9
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•5 views

Vulnerabilities fixed in Nagios XI

Vulnerabilities have been fixed in Nagios XI. A malicious party can exploit the vulnerabilities to use SQL injection to manipulate data manipulate data or gain access to sensitive data within Nagios, or to perform a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrar...

8.8CVSS8.1AI score0.11278EPSS
Exploits3
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•36 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant himself elevated privileges granted privileges or execute arbitrary code with privileges from the developer. Successful exploitation requires the...

9.8CVSS7.8AI score0.04661EPSS
Exploits0
NCSC
NCSC
•added 2023/09/12 12:0 a.m.•7 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in QMS Automotive, Parasolid, WIBU, TeamCenter, JT2GO, SIMATIC, SIPLUS and Ruggedcom products. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that could result in the following categories of damage: Denial-of-Service Do...

9.8CVSS7.2AI score0.74041EPSS
Exploits10
Total number of security vulnerabilities4207